Solved Multiple Issues after a download

[ShooblaGoo]

Hey, a few days ago I downloaded a certain video. Afterward, on Firefox (IE and Chrome works perfectly) my Google constantly re-directs me onto a random site. At first I thought it was something minor and ignored it, but then other things started happening.
For example, I began to get the BSOD with the message "Irql not less or equal." My windows update stopped working and I get the message "Code 80072EFE." I also noticed quite a huge lag when I start up and shut down my computer. I can't change any start up programs on my control panel because, for some reason, it takes me to the windows defender screen. I notice more and more problems as each day goes by.

I use Windows Vista Home basic
Intel Pentium Dual CPU E2180
NVIDIA Geforce 7050 / NVIDIA nforce 620i

I use AVG 2011 Free Antivirus and Malwarebytes for my anti-virus programs.

Any help would be appreciated. Thank you.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[ShooblaGoo]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6306

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

07/04/2011 7:17:05 PM
mbam-log-2011-04-07 (19-17-05).txt

Scan type: Quick scan
Objects scanned: 155660
Time elapsed: 4 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[ShooblaGoo]

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-07 20:09:47
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000032 WDC_WD32 rev.01.0
Running: e7emepny.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgloapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9D86C780]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9D86C830]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9D86C8D0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9D86C970]

INT 0x51 ? 843D1BF8
INT 0x62 ? 86620BF8
INT 0x72 ? 843D0BF8
INT 0x82 ? 843D1BF8
INT 0x83 ? 86620BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 820E4B74 4 Bytes [80, C7, 86, 9D] {ADD BH, 0x86; POPF }
.text ntkrnlpa.exe!KeSetEvent + 621 820E4DA4 8 Bytes [30, C8, 86, 9D, D0, C8, 86, ...] {XOR AL, CL; XCHG [EBP-0x62793730], BL}
.text ntkrnlpa.exe!KeSetEvent + 681 820E4E04 4 Bytes [70, C9, 86, 9D]
? System32\Drivers\spdc.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 82BAF41B 5 Bytes JMP 866201D8
.text ap192lfi.SYS 8C536000 2 Bytes [82, C3]
.text ap192lfi.SYS 8C536003 19 Bytes [82, 6C, C2, 00, 82, 60, 8F, ...] {SUB BYTE [EDX+EAX*8+0x0], -0x7e; PUSHA ; POP DWORD [EAX]; ADD AL, -0x72; ADD [EDX-0x7dff3958], AL; ADD [EAX], AL}
.text ap192lfi.SYS 8C536017 137 Bytes [00, 32, D7, 78, 80, 3D, D5, ...]
.text ap192lfi.SYS 8C5360A1 43 Bytes [10, 0E, 82, 74, 06, 08, 82, ...]
.text ap192lfi.SYS 8C5360CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[872] ntdll.dll!NtProtectVirtualMemory 77B04B84 5 Bytes JMP 0188000A
.text C:\Windows\Explorer.EXE[872] ntdll.dll!NtWriteVirtualMemory 77B054C4 5 Bytes JMP 0189000A
.text C:\Windows\Explorer.EXE[872] ntdll.dll!KiUserExceptionDispatcher 77B05BF8 5 Bytes JMP 0177000A
.text C:\Windows\system32\svchost.exe[1416] ntdll.dll!NtProtectVirtualMemory 77B04B84 5 Bytes JMP 0020000A
.text C:\Windows\system32\svchost.exe[1416] ntdll.dll!NtWriteVirtualMemory 77B054C4 5 Bytes JMP 0021000A
.text C:\Windows\system32\svchost.exe[1416] ntdll.dll!KiUserExceptionDispatcher 77B05BF8 5 Bytes JMP 001F000A
.text C:\Windows\system32\svchost.exe[1416] ole32.dll!CoCreateInstance 75B09F3E 5 Bytes JMP 0097000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806916D6] \SystemRoot\System32\Drivers\spdc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80691042] \SystemRoot\System32\Drivers\spdc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80691800] \SystemRoot\System32\Drivers\spdc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806910C0] \SystemRoot\System32\Drivers\spdc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069113E] \SystemRoot\System32\Drivers\spdc.sys
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortWritePortUchar] 838C55CF
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd)
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8C55A0
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A0B90] \SystemRoot\System32\Drivers\spdc.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8505C1F8

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \Driver\volmgr \Device\VolMgrControl 850581F8
Device \Driver\usbohci \Device\USBPDO-0 866B01F8
Device \Driver\PCI_PNP6505 \Device\00000051 spdc.sys
Device \Driver\usbehci \Device\USBPDO-1 866BB1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{38B88514-416A-457A-B2D4-AC27003921FF} 876FE1F8
Device \Driver\nvstor32 \Device\00000062 8505B1F8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\volmgr \Device\HarddiskVolume1 850581F8
Device \Driver\volmgr \Device\HarddiskVolume2 850581F8
Device \Driver\cdrom \Device\CdRom0 8669E1F8
Device \Driver\cdrom \Device\CdRom1 8669E1F8
Device \Driver\atapi \Device\Ide\IdePort0 8505A1F8
Device \Driver\atapi \Device\Ide\IdePort1 8505A1F8
Device \Driver\volmgr \Device\HarddiskVolume3 850581F8
Device \Driver\volmgr \Device\HarddiskVolume4 850581F8
Device \Driver\sptd \Device\2468194513 spdc.sys
Device \Driver\volmgr \Device\HarddiskVolume5 850581F8
Device \Driver\volmgr \Device\HarddiskVolume6 850581F8
Device \Driver\volmgr \Device\HarddiskVolume7 850581F8
Device \Driver\netbt \Device\NetBt_Wins_Export 876FE1F8
Device \Driver\volmgr \Device\HarddiskVolume8 850581F8
Device \Driver\Smb \Device\NetbiosSmb 877031F8
Device \Driver\nvstor32 \Device\RaidPort0 8505B1F8

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\iScsiPrt \Device\RaidPort1 866CD2D0

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\USBSTOR \Device\0000006a 8CE9E1F8
Device \Driver\USBSTOR \Device\0000006b 8CE9E1F8
Device \Driver\USBSTOR \Device\0000006c 8CE9E1F8
Device \Driver\usbohci \Device\USBFDO-0 866B01F8
Device \Driver\USBSTOR \Device\0000006d 8CE9E1F8
Device \Driver\usbehci \Device\USBFDO-1 866BB1F8
Device \Driver\USBSTOR \Device\0000006e 8CE9E1F8
Device \Driver\ap192lfi \Device\Scsi\ap192lfi1 8661F1F8
Device \Driver\ap192lfi \Device\Scsi\ap192lfi1Port5Path0Target0Lun0 8661F1F8
Device \FileSystem\cdfs \Cdfs A59421F8
Device \Device\00000061 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-22B4A#4&28799283&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x74 0xE7 0x49 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x00 0xBF 0x52 0xFE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD3 0x61 0xF9 0xD0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x74 0xE7 0x49 0x88 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x00 0xBF 0x52 0xFE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD3 0x61 0xF9 0xD0 ...

---- EOF - GMER 1.0.15 ----

 

[ShooblaGoo]

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 20:14:45.79 on 07/04/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.1791.696 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [LXCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCItime.dll,_RunDLLEntry@16
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunServices: [SSDPSRV] c:\windows\system32\ssdpsrv.exe
uPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\822zr1g4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c69dab7&v=6.103.018.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\822zr1g4.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-11-10 21504]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-11-26 517448]
S3 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2011-04-07 03:40:14 2730536 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8d401507-6dd7-40e3-ad5d-fbe6f017f359}\mpengine.dll
2011-04-07 01:09:19 -------- d-----w- c:\windows\system32\catroot2(394)
2011-04-05 21:37:06 -------- d-----w- c:\users\owner\appdata\local\Fallout3
2011-04-05 21:25:31 -------- d-----w- c:\program files\Bethesda Softworks
2011-04-03 23:30:27 2416735 ----a-w- c:\program files\mozilla firefox\INSTALL.EXE
2011-04-01 20:45:51 286720 ----a-w- c:\windows\iun504.exe
2011-03-27 22:32:54 -------- d-----w- c:\users\owner\appdata\local\Xenocode
2011-03-22 21:26:43 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-22 21:26:43 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-22 21:26:43 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-18 02:02:54 -------- d-----w- c:\users\owner\appdata\local\Temporary Projects
2011-03-18 01:31:46 187808 ----a-w- c:\progra~2\microsoft\vbexpress\9.0\1033\ResourceCache.dll
2011-03-18 01:30:56 416 ----a-w- c:\progra~2\microsoft\msdn\9.0\1033\ResourceCache.dll
2011-03-12 18:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-03-12 18:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-02-03 04:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD32 rev.01.0 -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x863F6439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x863fc7d0]; MOV EAX, [0x863fc84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x8207C912] -> \Device\Harddisk0\DR0[0x85D4F300]
3 CLASSPNP[0x826758B3] -> ntkrnlpa!IofCallDriver[0x8207C912] -> [0x85513700]
5 acpi[0x807B96BC] -> ntkrnlpa!IofCallDriver[0x8207C912] -> [0x850DD900]
\Driver\nvstor32[0x855E4220] -> IRP_MJ_CREATE -> 0x863F6439
kernel: MBR read successfully
_asm { JMP 0x65; }
detected disk devices:
\Device\00000061 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-22B4A#4&28799283&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x8505a1f8
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 20:15:40.10 ===============

 

[ShooblaGoo]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 07/10/2009 5:49:23 PM
System Uptime: 07/04/2011 7:30:39 PM (1 hours ago)
.
Motherboard: ACER | | MCP73VE
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | SOCKET775 M/B | 2003/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 197 GiB total, 93.428 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&8CB234F&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&8CB234F&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP338: 06/04/2011 9:20:26 PM - Restore Operation
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.4.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
BitTorrent
Bonjour
Call of Duty Modern Warfare 2
CCleaner
CDisplay 1.8
Connect
D3DX10
Defraggler
DivX Setup
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ijji REACTOR
iTunes
Java Auto Updater
Java(TM) 6 Update 24
kuler
Logitech Gaming Software 5.10
Malwarebytes' Anti-Malware
MapleStory
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 2008 Express Edition - ENU
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.16)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Display Control Panel
NVIDIA Drivers
PDF Settings CS4
Photoshop Camera Raw
Project64 1.6
PVSonyDll
QuickTime
Realtek High Definition Audio Driver
RuneScape Launcher 1.0.4
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Service Pack 1 for SQL Server 2008 (KB968369)
Soldier Front
Sql Server Customer Experience Improvement Program
Suite Shared Configuration CS4
The Sims 2
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 FreeTime
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 IKEA® Home Stuff
The Sims™ 2 Seasons
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2508979)
VC Runtimes MSI
VC80CRTRedist - 8.0.50727.4053
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.0.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
07/04/2011 7:12:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "230" attempting to start the service wercplsupport with arguments "" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
07/04/2011 7:00:31 PM, Error: EventLog [6008] - The previous system shutdown at 6:58:58 PM on 07/04/2011 was unexpected.
07/04/2011 6:55:58 PM, Error: EventLog [6008] - The previous system shutdown at 6:54:12 PM on 07/04/2011 was unexpected.
07/04/2011 6:53:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
07/04/2011 6:53:48 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/04/2011 5:26:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC i8042prt NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sptd tdx Wanarpv6
07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
07/04/2011 5:25:08 PM, Error: EventLog [6008] - The previous system shutdown at 5:23:34 PM on 07/04/2011 was unexpected.
07/04/2011 5:24:33 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
07/04/2011 4:32:34 PM, Error: EventLog [6008] - The previous system shutdown at 3:52:56 PM on 07/04/2011 was unexpected.
07/04/2011 3:45:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
06/04/2011 9:40:14 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Backup Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Signatures loading: Default Loading signature version: 1.0.0.0 Loading engine version: 1.1.3007.0
06/04/2011 9:37:50 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.87.1764.0 Loading engine version: 1.1.5202.0
06/04/2011 8:59:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
06/04/2011 8:46:03 PM, Error: EventLog [6008] - The previous system shutdown at 8:44:06 PM on 06/04/2011 was unexpected.
06/04/2011 8:42:06 PM, Error: EventLog [6008] - The previous system shutdown at 8:32:56 PM on 06/04/2011 was unexpected.
06/04/2011 7:37:20 PM, Error: EventLog [6008] - The previous system shutdown at 7:35:03 PM on 06/04/2011 was unexpected.
06/04/2011 7:33:03 PM, Error: EventLog [6008] - The previous system shutdown at 7:30:26 PM on 06/04/2011 was unexpected.
06/04/2011 6:42:26 PM, Error: EventLog [6008] - The previous system shutdown at 6:40:09 PM on 06/04/2011 was unexpected.
06/04/2011 3:25:04 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
05/04/2011 9:06:10 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
05/04/2011 7:07:59 PM, Error: EventLog [6008] - The previous system shutdown at 7:05:38 PM on 05/04/2011 was unexpected.
05/04/2011 3:16:37 PM, Error: EventLog [6008] - The previous system shutdown at 3:14:58 PM on 05/04/2011 was unexpected.
04/04/2011 4:16:00 PM, Error: EventLog [6008] - The previous system shutdown at 4:14:18 PM on 04/04/2011 was unexpected.
.
==== End Of File ===========================

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[ShooblaGoo]

2011/04/07 20:31:04.0434 3348 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/07 20:31:04.0839 3348 ================================================================================
2011/04/07 20:31:04.0839 3348 SystemInfo:
2011/04/07 20:31:04.0839 3348
2011/04/07 20:31:04.0839 3348 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/07 20:31:04.0839 3348 Product type: Workstation
2011/04/07 20:31:04.0839 3348 ComputerName: OWNER-PC
2011/04/07 20:31:04.0839 3348 UserName: Owner
2011/04/07 20:31:04.0839 3348 Windows directory: C:\Windows
2011/04/07 20:31:04.0839 3348 System windows directory: C:\Windows
2011/04/07 20:31:04.0839 3348 Processor architecture: Intel x86
2011/04/07 20:31:04.0839 3348 Number of processors: 2
2011/04/07 20:31:04.0839 3348 Page size: 0x1000
2011/04/07 20:31:04.0839 3348 Boot type: Normal boot
2011/04/07 20:31:04.0839 3348 ================================================================================
2011/04/07 20:31:05.0697 3348 Initialize success
2011/04/07 20:31:12.0046 5152 ================================================================================
2011/04/07 20:31:12.0046 5152 Scan started
2011/04/07 20:31:12.0046 5152 Mode: Manual;
2011/04/07 20:31:12.0046 5152 ================================================================================
2011/04/07 20:31:12.0608 5152 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/07 20:31:12.0670 5152 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2011/04/07 20:31:12.0780 5152 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/07 20:31:12.0889 5152 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/07 20:31:12.0951 5152 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/07 20:31:12.0998 5152 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/07 20:31:13.0092 5152 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/07 20:31:13.0248 5152 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/07 20:31:13.0279 5152 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/07 20:31:13.0326 5152 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/04/07 20:31:13.0372 5152 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/07 20:31:13.0419 5152 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/04/07 20:31:13.0466 5152 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/07 20:31:13.0497 5152 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/07 20:31:13.0575 5152 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/07 20:31:13.0638 5152 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/07 20:31:13.0700 5152 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/07 20:31:13.0778 5152 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/07 20:31:13.0887 5152 AVGIDSDriver (5f6c56305ea73760cdafc7604d64bbe0) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/04/07 20:31:13.0918 5152 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/04/07 20:31:13.0965 5152 AVGIDSFilter (0a95333ca80ca8b79d612f3965466cc0) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/04/07 20:31:13.0996 5152 AVGIDSShim (ab7e4b37126447ffe4fb639901012fb3) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/04/07 20:31:14.0043 5152 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/04/07 20:31:14.0090 5152 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/04/07 20:31:14.0168 5152 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/04/07 20:31:14.0215 5152 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/04/07 20:31:14.0277 5152 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/07 20:31:14.0355 5152 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/07 20:31:14.0511 5152 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/07 20:31:14.0542 5152 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/07 20:31:14.0589 5152 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/07 20:31:14.0620 5152 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/07 20:31:14.0652 5152 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/07 20:31:14.0698 5152 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/07 20:31:14.0730 5152 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/07 20:31:14.0761 5152 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/07 20:31:14.0792 5152 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/07 20:31:14.0870 5152 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/07 20:31:14.0917 5152 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/07 20:31:14.0964 5152 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/04/07 20:31:14.0979 5152 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/04/07 20:31:15.0026 5152 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/07 20:31:15.0057 5152 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/07 20:31:15.0135 5152 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/07 20:31:15.0182 5152 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/07 20:31:15.0244 5152 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/07 20:31:15.0291 5152 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/07 20:31:15.0354 5152 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/07 20:31:15.0463 5152 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/07 20:31:15.0510 5152 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/07 20:31:15.0603 5152 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/07 20:31:15.0634 5152 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/07 20:31:15.0681 5152 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/07 20:31:15.0744 5152 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/07 20:31:15.0790 5152 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/07 20:31:15.0837 5152 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/07 20:31:15.0884 5152 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/07 20:31:15.0946 5152 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/07 20:31:15.0978 5152 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/07 20:31:16.0024 5152 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/07 20:31:16.0056 5152 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/07 20:31:16.0118 5152 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/07 20:31:16.0165 5152 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/07 20:31:16.0196 5152 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/07 20:31:16.0243 5152 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/07 20:31:16.0290 5152 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/07 20:31:16.0352 5152 HssDrv (0d6b32306c362750ec6576f1d90c52f7) C:\Windows\system32\DRIVERS\HssDrv.sys
2011/04/07 20:31:16.0399 5152 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/04/07 20:31:16.0446 5152 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/07 20:31:16.0492 5152 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/07 20:31:16.0524 5152 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/07 20:31:16.0570 5152 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/07 20:31:16.0820 5152 IntcAzAudAddService (f6e17c275666a4402588a30e36565910) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/07 20:31:16.0976 5152 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/04/07 20:31:17.0038 5152 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/07 20:31:17.0085 5152 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/07 20:31:17.0179 5152 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/07 20:31:17.0241 5152 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/07 20:31:17.0304 5152 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/07 20:31:17.0350 5152 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/07 20:31:17.0413 5152 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/07 20:31:17.0460 5152 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/07 20:31:17.0491 5152 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/07 20:31:17.0553 5152 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/07 20:31:17.0600 5152 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/07 20:31:17.0662 5152 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/07 20:31:17.0756 5152 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/07 20:31:17.0850 5152 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/07 20:31:17.0896 5152 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/07 20:31:17.0943 5152 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/07 20:31:17.0990 5152 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/07 20:31:18.0037 5152 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/07 20:31:18.0099 5152 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/07 20:31:18.0146 5152 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/07 20:31:18.0193 5152 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/07 20:31:18.0240 5152 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/07 20:31:18.0286 5152 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/07 20:31:18.0333 5152 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/07 20:31:18.0380 5152 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/07 20:31:18.0442 5152 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/07 20:31:18.0474 5152 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/07 20:31:18.0520 5152 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/07 20:31:18.0552 5152 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/07 20:31:18.0583 5152 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/07 20:31:18.0630 5152 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/04/07 20:31:18.0661 5152 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/07 20:31:18.0739 5152 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/07 20:31:18.0770 5152 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/07 20:31:18.0817 5152 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/07 20:31:18.0848 5152 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/07 20:31:18.0879 5152 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/07 20:31:18.0926 5152 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/07 20:31:18.0988 5152 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/07 20:31:19.0051 5152 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/07 20:31:19.0098 5152 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/07 20:31:19.0144 5152 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/07 20:31:19.0191 5152 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/07 20:31:19.0254 5152 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/07 20:31:19.0300 5152 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/07 20:31:19.0347 5152 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/07 20:31:19.0378 5152 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/07 20:31:19.0425 5152 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/07 20:31:19.0472 5152 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/07 20:31:19.0566 5152 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/07 20:31:19.0628 5152 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/07 20:31:19.0675 5152 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/07 20:31:19.0737 5152 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/07 20:31:19.0815 5152 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/07 20:31:19.0846 5152 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/07 20:31:19.0909 5152 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/04/07 20:31:20.0424 5152 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/07 20:31:20.0704 5152 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/07 20:31:20.0751 5152 nvrd32 (5dd1242cabc1ef8dce4438d72d72a436) C:\Windows\system32\drivers\nvrd32.sys
2011/04/07 20:31:20.0798 5152 nvsmu (af1bd777af00e96c45c77192d7453369) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/04/07 20:31:20.0845 5152 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/07 20:31:20.0892 5152 nvstor32 (1bef40fdca53b43e16e1851faa3440cc) C:\Windows\system32\drivers\nvstor32.sys
2011/04/07 20:31:20.0938 5152 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/07 20:31:21.0048 5152 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/07 20:31:21.0094 5152 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/07 20:31:21.0141 5152 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/07 20:31:21.0172 5152 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/07 20:31:21.0219 5152 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/07 20:31:21.0250 5152 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/07 20:31:21.0282 5152 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/07 20:31:21.0344 5152 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/07 20:31:21.0484 5152 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/07 20:31:21.0531 5152 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/07 20:31:21.0594 5152 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/07 20:31:21.0640 5152 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/07 20:31:21.0703 5152 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/07 20:31:21.0750 5152 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/07 20:31:21.0796 5152 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/07 20:31:21.0843 5152 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/07 20:31:21.0906 5152 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/07 20:31:21.0952 5152 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/07 20:31:21.0984 5152 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/07 20:31:22.0046 5152 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/07 20:31:22.0093 5152 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/04/07 20:31:22.0124 5152 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/07 20:31:22.0186 5152 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/07 20:31:22.0296 5152 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/04/07 20:31:22.0327 5152 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/04/07 20:31:22.0389 5152 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
2011/04/07 20:31:22.0420 5152 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/07 20:31:22.0498 5152 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/07 20:31:22.0561 5152 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/07 20:31:22.0623 5152 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/07 20:31:22.0654 5152 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/04/07 20:31:22.0701 5152 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/07 20:31:22.0764 5152 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/04/07 20:31:22.0810 5152 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/07 20:31:22.0842 5152 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/07 20:31:22.0873 5152 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/07 20:31:22.0935 5152 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/07 20:31:22.0982 5152 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/07 20:31:23.0013 5152 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/07 20:31:23.0076 5152 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/07 20:31:23.0138 5152 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/07 20:31:23.0216 5152 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/07 20:31:23.0216 5152 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/07 20:31:23.0232 5152 sptd - detected Locked file (1)
2011/04/07 20:31:23.0310 5152 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/04/07 20:31:23.0372 5152 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/07 20:31:23.0388 5152 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/07 20:31:23.0466 5152 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/07 20:31:23.0512 5152 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/07 20:31:23.0544 5152 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/07 20:31:23.0590 5152 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/07 20:31:23.0637 5152 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
2011/04/07 20:31:23.0715 5152 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/07 20:31:23.0778 5152 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/07 20:31:23.0824 5152 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/07 20:31:23.0871 5152 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/07 20:31:23.0902 5152 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/07 20:31:23.0949 5152 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/07 20:31:23.0980 5152 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/07 20:31:24.0074 5152 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/07 20:31:24.0105 5152 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/07 20:31:24.0152 5152 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/07 20:31:24.0199 5152 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/07 20:31:24.0246 5152 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/07 20:31:24.0308 5152 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/07 20:31:24.0355 5152 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/07 20:31:24.0402 5152 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/07 20:31:24.0448 5152 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/07 20:31:24.0480 5152 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/07 20:31:24.0558 5152 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/07 20:31:24.0589 5152 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/07 20:31:24.0636 5152 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/07 20:31:24.0667 5152 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/07 20:31:24.0714 5152 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/07 20:31:24.0760 5152 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/07 20:31:24.0807 5152 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/07 20:31:24.0854 5152 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/07 20:31:24.0885 5152 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/07 20:31:24.0932 5152 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/07 20:31:25.0010 5152 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/07 20:31:25.0041 5152 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/07 20:31:25.0072 5152 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/07 20:31:25.0104 5152 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/04/07 20:31:25.0166 5152 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/07 20:31:25.0213 5152 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/07 20:31:25.0260 5152 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/07 20:31:25.0306 5152 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/07 20:31:25.0369 5152 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/07 20:31:25.0416 5152 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/07 20:31:25.0431 5152 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/07 20:31:25.0494 5152 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/07 20:31:25.0540 5152 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/07 20:31:25.0712 5152 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\Windows\system32\drivers\WmBEnum.sys
2011/04/07 20:31:25.0743 5152 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\Windows\system32\drivers\WmFilter.sys
2011/04/07 20:31:25.0790 5152 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/07 20:31:25.0852 5152 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\Windows\system32\drivers\WmVirHid.sys
2011/04/07 20:31:25.0884 5152 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\Windows\system32\drivers\WmXlCore.sys
2011/04/07 20:31:25.0977 5152 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/07 20:31:26.0040 5152 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/07 20:31:26.0164 5152 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
2011/04/07 20:31:26.0227 5152 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/07 20:31:26.0227 5152 ================================================================================
2011/04/07 20:31:26.0227 5152 Scan finished
2011/04/07 20:31:26.0227 5152 ================================================================================
2011/04/07 20:31:26.0258 3172 Detected object count: 2
2011/04/07 20:31:41.0031 3172 Locked file(sptd) - User select action: Skip
2011/04/07 20:31:41.0094 3172 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/07 20:31:41.0094 3172 \HardDisk0 - ok
2011/04/07 20:31:41.0109 3172 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/07 20:31:56.0522 5860 Deinitialize success

 

[Broni]

Good job

How is redirection?

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[ShooblaGoo]

It seems like the redirection is gone!
I can already feel my computer go from snail like speeds to a jet.
Thank you for that. I am truly grateful.
-------------------------------------------------------------------------------------------------
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ACER
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ACER
System Product Name: Aspire M1640
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 160):
0x82048000 \SystemRoot\system32\ntkrnlpa.exe
0x82015000 \SystemRoot\system32\hal.dll
0x8040A000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80481000 \SystemRoot\system32\PSHED.dll
0x80492000 \SystemRoot\system32\BOOTVID.dll
0x8049A000 \SystemRoot\system32\CLFS.SYS
0x804DB000 \SystemRoot\system32\CI.dll
0x8060A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80686000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80693000 \SystemRoot\System32\Drivers\spdi.sys
0x80786000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8078F000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B5000 \SystemRoot\system32\drivers\acpi.sys
0x80600000 \SystemRoot\system32\drivers\msisadrv.sys
0x805BB000 \SystemRoot\system32\drivers\pci.sys
0x805E2000 \SystemRoot\System32\drivers\partmgr.sys
0x805F1000 \SystemRoot\system32\drivers\volmgr.sys
0x8260F000 \SystemRoot\System32\drivers\volmgrx.sys
0x82659000 \SystemRoot\system32\drivers\nvrd32.sys
0x8267D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8269E000 \SystemRoot\system32\drivers\pciide.sys
0x826A5000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x826B3000 \SystemRoot\System32\drivers\mountmgr.sys
0x826C3000 \SystemRoot\system32\drivers\nvraid.sys
0x826DC000 \SystemRoot\system32\drivers\atapi.sys
0x826E4000 \SystemRoot\system32\drivers\ataport.SYS
0x82702000 \SystemRoot\system32\drivers\nvstor32.sys
0x82728000 \SystemRoot\system32\drivers\storport.sys
0x82769000 \SystemRoot\system32\drivers\fltmgr.sys
0x8279B000 \SystemRoot\system32\drivers\fileinfo.sys
0x87402000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87473000 \SystemRoot\system32\drivers\ndis.sys
0x8757E000 \SystemRoot\system32\drivers\msrpc.sys
0x875A9000 \SystemRoot\system32\drivers\NETIO.SYS
0x87607000 \SystemRoot\System32\drivers\tcpip.sys
0x876F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8780B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8791B000 \SystemRoot\system32\drivers\wd.sys
0x87923000 \SystemRoot\system32\drivers\volsnap.sys
0x8795C000 \SystemRoot\System32\Drivers\spldr.sys
0x87964000 \SystemRoot\System32\Drivers\mup.sys
0x87973000 \SystemRoot\System32\drivers\ecache.sys
0x8799A000 \SystemRoot\system32\drivers\disk.sys
0x879AB000 \SystemRoot\system32\drivers\crcdisk.sys
0x879B4000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x879B9000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x87800000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8770C000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87715000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x87724000 \SystemRoot\system32\DRIVERS\serial.sys
0x8773E000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8775B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x87766000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8776F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x87779000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x877B7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B20C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B299000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B2A9000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8B2B7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B2CF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8B2D5000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8B40F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8BE8D000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8BE8F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8BF2F000 \SystemRoot\System32\drivers\watchdog.sys
0x8BF3B000 \SystemRoot\System32\Drivers\aht2fcfm.SYS
0x8BF74000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8BF7D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8BFAC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BFB7000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0x8BFC7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BFDE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B3D5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BFE9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x877C6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x877DA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x877EF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B40B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x827AB000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BFF8000 \SystemRoot\system32\drivers\WmBEnum.sys
0x875E4000 \SystemRoot\system32\drivers\WmXlCore.sys
0x8B200000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x875F3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C600000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C635000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C802000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8C646000 \SystemRoot\system32\drivers\portcls.sys
0x8C673000 \SystemRoot\system32\drivers\drmk.sys
0x8C9E3000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8C9EF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C9F8000 \SystemRoot\System32\Drivers\Null.SYS
0x8C698000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C69F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C6BB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8C6C2000 \SystemRoot\System32\drivers\vga.sys
0x8C6CE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C6EF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C6F7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C6FF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C70A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C718000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C721000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C737000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C74B000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8C793000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D00C000 \SystemRoot\system32\drivers\afd.sys
0x8D054000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D06A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D078000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D08B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D0C7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D0D1000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8D0E6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D0E8000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D0FF000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x8D13B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8D144000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8D154000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D15C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8D173000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8D17C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D189000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8D193000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x95800000 \SystemRoot\System32\win32k.sys
0x8D1B9000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D1C3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95A20000 \SystemRoot\System32\TSDDD.dll
0x95A40000 \SystemRoot\System32\cdd.dll
0x95A50000 \SystemRoot\System32\ATMFD.DLL
0x8D1D2000 \SystemRoot\system32\drivers\luafv.sys
0x9AA03000 \SystemRoot\system32\drivers\spsys.sys
0x9AAB3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9AAC3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9AAD6000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9AADF000 \SystemRoot\system32\drivers\HTTP.sys
0x9AB4C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9AB69000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9AB82000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9AB97000 \SystemRoot\system32\drivers\mrxdav.sys
0x9ABB8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8C7C5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9ABD7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x879C2000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9BE04000 \SystemRoot\System32\DRIVERS\srv.sys
0x9BE52000 \SystemRoot\System32\Drivers\adfs.SYS
0x9BE63000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0x9BE6E000 \SystemRoot\system32\drivers\peauth.sys
0x9BF4C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9BF56000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9BF62000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9BF77000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x9BF89000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x9BF93000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x9BFBB000 \SystemRoot\system32\drivers\WmVirHid.sys
0x9BFBE000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77450000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 69):
0 System Idle Process
4 System
492 C:\Windows\System32\smss.exe
524 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
776 csrss.exe
832 C:\Windows\System32\wininit.exe
844 csrss.exe
876 C:\Windows\System32\services.exe
900 C:\Windows\System32\lsass.exe
912 C:\Windows\System32\lsm.exe
944 C:\Windows\System32\winlogon.exe
1088 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\nvvsvc.exe
1168 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\svchost.exe
1376 C:\Windows\System32\svchost.exe
1392 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\audiodg.exe
1500 C:\Windows\System32\svchost.exe
1516 C:\Windows\System32\SLsvc.exe
1552 C:\Windows\System32\svchost.exe
1608 C:\Windows\System32\nvvsvc.exe
1712 C:\Windows\System32\svchost.exe
2012 C:\Windows\System32\spoolsv.exe
2040 C:\Windows\System32\svchost.exe
1908 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1820 C:\Program Files\AVG\AVG10\avgwdsvc.exe
704 C:\Program Files\Bonjour\mDNSResponder.exe
1688 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
1904 C:\Windows\System32\svchost.exe
348 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2060 C:\Windows\System32\svchost.exe
2100 C:\Windows\System32\svchost.exe
2152 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2212 C:\Windows\System32\SearchIndexer.exe
2264 WUDFHost.exe
2352 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
2572 C:\Program Files\AVG\AVG10\avgnsx.exe
2848 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3180 C:\Windows\System32\dwm.exe
3224 C:\Windows\System32\taskeng.exe
3272 C:\Windows\explorer.exe
3444 C:\Windows\RtHDVCpl.exe
3560 C:\Windows\System32\nvraidservice.exe
3796 WmiPrvSE.exe
3844 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3956 C:\Windows\System32\wbem\unsecapp.exe
2596 C:\Program Files\AVG\AVG10\avgtray.exe
2640 C:\Program Files\Logitech\Gaming Software\LWEMon.exe
3148 C:\Program Files\iTunes\iTunesHelper.exe
2708 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2408 C:\Program Files\Windows Sidebar\sidebar.exe
1348 C:\Program Files\Windows Media Player\wmpnscfg.exe
3684 C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
3088 C:\Program Files\Windows Sidebar\sidebar.exe
1388 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
3116 C:\Program Files\Windows Media Player\wmpnetwk.exe
3204 C:\Program Files\iPod\bin\iPodService.exe
5716 C:\Program Files\Mozilla Firefox\firefox.exe
5804 C:\Windows\System32\taskeng.exe
5072 C:\Windows\System32\svchost.exe
3672 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
5620 C:\Program Files\AVG\AVG10\avgcsrvx.exe
5064 C:\Program Files\Mozilla Firefox\plugin-container.exe
2580 C:\Windows\System32\SearchProtocolHost.exe
3708 C:\Windows\System32\SearchFilterHost.exe
4020 dllhost.exe
5776 dllhost.exe
5884 C:\Users\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)

PhysicalDrive0 Model Number: WDC WD3200AAJS-22B4A, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 3C96C0879729CBB43ED661230E66AA4AB8C9650D


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

 

[Broni]

Good news

 

[ShooblaGoo]

ComboFix 11-04-07.07 - Owner 07/04/2011 21:08:49.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.1791.1064 [GMT -6:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\MapleStory.url
.
.
((((((((((((((((((((((((( Files Created from 2011-03-08 to 2011-04-08 )))))))))))))))))))))))))))))))
.
.
2011-04-08 03:16 . 2011-04-08 03:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-07 15:13 . 2011-04-07 15:13 -------- d-----w- c:\programdata\WindowsSearch
2011-04-07 03:40 . 2008-01-05 11:37 2730536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D401507-6DD7-40E3-AD5D-FBE6F017F359}\mpengine.dll
2011-04-07 01:09 . 2011-04-07 01:11 -------- d-----w- c:\windows\system32\catroot2(394)
2011-04-05 21:37 . 2011-04-05 21:37 -------- d-----w- c:\users\Owner\AppData\Local\Fallout3
2011-04-05 21:25 . 2011-04-05 21:25 -------- d-----w- c:\program files\Bethesda Softworks
2011-04-03 23:30 . 1997-03-11 20:36 2416735 ----a-w- c:\program files\Mozilla Firefox\INSTALL.EXE
2011-04-01 20:45 . 2011-04-03 22:58 286720 ----a-w- c:\windows\iun504.exe
2011-03-27 22:32 . 2011-03-27 22:32 -------- d-----w- c:\users\Owner\AppData\Local\Xenocode
2011-03-22 21:26 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-22 21:26 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-22 21:26 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-18 02:02 . 2011-03-18 03:09 -------- d-----w- c:\users\Owner\AppData\Local\Temporary Projects
2011-03-18 01:31 . 2011-03-18 01:31 187808 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2011-03-18 01:30 . 2011-03-18 01:30 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-03-13 05:52 . 2011-03-13 05:52 -------- d-----w- c:\program files\Common Files\Java
2011-03-13 05:50 . 2011-03-13 05:50 -------- d-----w- c:\programdata\McAfee
2011-03-12 18:28 . 2011-03-12 18:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 18:28 . 2011-03-12 18:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 01:57 . 2010-05-01 21:15 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2011-03-10 22:17 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-03 04:40 . 2010-04-21 21:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-20 16:37 . 2011-02-09 03:07 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 03:07 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 03:07 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 03:07 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-09 03:07 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 03:07 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-09 03:07 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 03:07 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 03:07 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 03:07 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 03:07 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 03:07 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 03:07 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 03:07 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 03:07 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 03:07 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 03:07 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 03:07 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 03:07 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 03:07 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 03:07 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 03:07 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 03:07 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 03:07 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 03:07 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47 . 2011-02-09 03:05 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 03:05 292352 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Google Update"="c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-19 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 4702208]
"Skytel"="Skytel.exe" [2010-04-25 1826816]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-11-12 203296]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"LXCICATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2010-04-25 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 08:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe [2010-04-25 491520]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-12-03 3377880]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva324;XDva324;c:\windows\system32\XDva324.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-31 691696]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4252191657-479862217-4056747601-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-19 23:56]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4252191657-479862217-4056747601-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-19 23:56]
.
2011-04-08 c:\windows\Tasks\User_Feed_Synchronization-{054E6C20-2892-4CAA-9DB1-49EADB2D8425}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\822zr1g4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c69dab7&v=6.103.018.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-07 21:16
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCICATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2011-04-07 21:18:07
ComboFix-quarantined-files.txt 2011-04-08 03:18
.
Pre-Run: 106,715,164,672 bytes free
Post-Run: 106,640,977,920 bytes free
.
- - End Of File - - C1FB1D6EA55A7A766E089F8239AC74D1

 

[Broni]

Looks good

You can reinstall your AVG now.

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[ShooblaGoo]

Sorry about yesterday. I went to study for a test when scanning, and fell asleep, haha.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 08/04/2011 2:25:59 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): c:\pagefile.sys 2685 2685 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 196.87 Gb Total Space | 97.86 Gb Free Space | 49.71% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/08 14:24:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/02/17 06:21:58 | 002,190,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/11 06:25:52 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:46 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/18 16:06:27 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/16 14:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/06/14 17:10:30 | 000,153,672 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/12 17:06:20 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2007/10/11 10:53:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (SafeList) ==========

MOD - [2011/04/08 14:24:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/04/24 22:38:23 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\Windows\System32\lxcicoms.exe -- (lxci_device)
SRV - [2009/12/03 17:29:00 | 003,377,880 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/11/21 20:45:34 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/03/30 17:16:52 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/16 14:33:42 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hssdrv.sys -- (HssDrv)
DRV - [2010/06/16 14:33:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/05/31 16:18:53 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/04/27 17:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/04/27 17:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/04/27 17:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/04/27 15:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/11/12 17:02:46 | 000,146,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/11/12 17:02:46 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/08/25 02:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/08/01 11:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4252191657-479862217-4056747601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-4252191657-479862217-4056747601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-4252191657-479862217-4056747601-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4252191657-479862217-4056747601-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..extensions.enabledItems: {0471d3b0-a403-11df-981c-0800200c9a66}:0.921
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4d9f6c6e&v=6.103.018.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/04/08 14:13:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/08 14:13:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 15:13:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 15:13:15 | 000,000,000 | ---D | M]

[2009/11/13 15:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/04/08 14:21:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\822zr1g4.default\extensions
[2011/04/06 21:25:45 | 000,000,000 | ---D | M] (SmallringFX DARKBlue) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\822zr1g4.default\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
[2010/05/09 10:40:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\822zr1g4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/03 21:31:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\822zr1g4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/31 18:49:32 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\822zr1g4.default\extensions\DeviceDetection@logitech.com
[2010/05/28 16:54:46 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\822zr1g4.default\extensions\DTToolbar@toolbarnet.com
[2011/03/27 18:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\822zr1g4.default\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}\chrome\mozapps\extensions
[2010/05/28 16:54:32 | 000,002,059 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\822zr1g4.default\searchplugins\daemon-search.xml
[2011/03/12 23:51:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/21 15:31:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 15:30:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 14:32:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/08 22:41:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/12 23:51:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/08 14:13:22 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/04/08 14:13:33 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/07/03 01:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010/03/14 18:01:13 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2011/04/07 21:16:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-4252191657-479862217-4056747601-1000\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LXCICATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCItime.DLL ()
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4252191657-479862217-4056747601-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4252191657-479862217-4056747601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} http://www.yoyogames.com/downloads/activex/YoYo.cab (YYGInstantPlay Control)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/04/08 14:24:33 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/04/08 14:18:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVG10
[2011/04/08 14:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/04/08 14:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/04/08 14:11:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/04/08 13:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/08 13:30:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/07 21:18:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/07 21:07:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/07 21:07:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/07 21:07:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/07 21:07:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/07 21:06:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/07 21:06:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/07 09:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/04/06 21:37:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Fallout.3-RELOADED
[2011/04/06 19:09:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2(394)
[2011/04/05 15:37:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Fallout3
[2011/04/05 15:25:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My Games
[2011/04/05 15:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2011/04/01 14:45:51 | 000,286,720 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun504.exe
[2011/03/30 17:16:52 | 000,134,480 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSDriver.sys
[2011/03/27 16:32:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Xenocode
[2011/03/17 20:02:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Temporary Projects
[2011/03/17 19:30:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Visual Studio 2008
[2011/03/12 23:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/12 23:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2005/10/24 06:36:58 | 000,630,784 | ---- | C] ( ) -- C:\Windows\System32\lxcipmui.dll
[2005/10/24 06:36:06 | 001,183,744 | ---- | C] ( ) -- C:\Windows\System32\lxciserv.dll
[2005/10/24 06:34:22 | 000,491,520 | ---- | C] ( ) -- C:\Windows\System32\lxcilmpm.dll
[2005/10/24 06:34:06 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcicomm.dll
[2005/10/24 06:34:00 | 000,368,640 | ---- | C] ( ) -- C:\Windows\System32\lxcicfg.exe
[2005/10/24 06:33:20 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxciih.exe
[2005/10/24 06:33:10 | 000,114,688 | ---- | C] ( ) -- C:\Windows\System32\lxcipplc.dll
[2005/10/24 06:33:04 | 000,491,520 | ---- | C] ( ) -- C:\Windows\System32\lxcicoms.exe
[2005/10/24 06:32:44 | 000,704,512 | ---- | C] ( ) -- C:\Windows\System32\lxcicomc.dll
[2005/10/24 06:32:22 | 000,155,648 | ---- | C] ( ) -- C:\Windows\System32\lxciprox.dll
[2005/10/24 06:29:54 | 001,122,304 | ---- | C] ( ) -- C:\Windows\System32\lxciusb1.dll
[2005/10/24 06:28:32 | 000,770,048 | ---- | C] ( ) -- C:\Windows\System32\lxcihbn3.dll

========== Files - Modified Within 30 Days ==========

[2011/04/08 14:32:38 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{054E6C20-2892-4CAA-9DB1-49EADB2D8425}.job
[2011/04/08 14:24:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/04/08 14:21:57 | 111,950,108 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/04/08 14:20:19 | 000,055,781 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/08 14:19:55 | 000,055,781 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/08 14:19:53 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/08 14:19:53 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/08 14:19:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/08 14:19:43 | 1878,228,992 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/08 14:13:25 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/04/08 14:11:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4252191657-479862217-4056747601-1000UA.job
[2011/04/07 21:16:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/07 20:14:20 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\prvlcl.dat
[2011/04/07 19:00:15 | 197,475,126 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/07 15:47:48 | 000,712,616 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/07 15:47:48 | 000,147,706 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/07 02:24:33 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/04/03 16:58:19 | 000,286,720 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun504.exe
[2011/04/03 16:11:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4252191657-479862217-4056747601-1000Core.job
[2011/04/03 09:50:19 | 000,000,046 | ---- | M] () -- C:\Users\Owner\jagex_runescape_preferences.dat
[2011/04/03 09:49:32 | 000,000,023 | ---- | M] () -- C:\Users\Owner\jagexappletviewer.preferences
[2011/04/03 09:49:31 | 000,000,117 | ---- | M] () -- C:\Users\Owner\jagex_runescape_preferences2.dat
[2011/03/30 17:16:52 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSDriver.sys
[2011/03/27 10:15:28 | 002,326,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/25 18:13:22 | 000,002,042 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2011/03/25 18:13:22 | 000,002,004 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/25 17:56:33 | 000,334,274 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/03/22 15:20:05 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011/04/08 14:13:25 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/04/07 21:07:18 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/07 21:07:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/07 21:07:18 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/07 21:07:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/07 21:07:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/07 18:55:42 | 197,475,126 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/07 17:28:43 | 1878,228,992 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/17 19:30:40 | 000,001,264 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 2008 Express Edition.lnk
[2010/07/20 15:38:43 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2010/02/12 19:10:26 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\prvlcl.dat
[2010/01/30 21:43:34 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2010/01/27 12:01:08 | 000,000,552 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d8caps.dat
[2010/01/24 20:22:25 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/11/14 13:29:47 | 000,015,360 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/13 21:31:15 | 000,055,781 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/13 21:31:05 | 000,055,781 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/13 15:31:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/13 15:31:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/12 21:47:40 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2009/11/12 21:46:08 | 000,006,048 | ---- | C] () -- C:\Windows\System32\MCC16.dll
[2009/11/12 20:49:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcivs.dll
[2009/11/10 17:32:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/10/07 21:09:51 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/10/07 19:54:16 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2006/11/02 06:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:44:53 | 002,326,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:33:01 | 000,712,616 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,147,706 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/01/16 19:36:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.minecraft
[2011/01/08 21:29:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Atari
[2011/04/08 14:18:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG10
[2010/03/10 16:44:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG9
[2011/04/07 17:43:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitTorrent
[2010/05/28 17:00:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
[2010/05/28 14:37:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Pro
[2010/07/09 19:56:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dev-Cpp
[2010/03/21 12:05:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2010/01/15 23:20:44 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\ijjigame
[2011/01/08 21:28:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2011/02/01 19:56:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NavNet Solutions
[2010/03/21 09:55:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2010/10/22 18:20:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Stellarium
[2010/01/25 20:34:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\twistedScape
[2010/08/23 20:47:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wizet
[2011/04/08 14:18:31 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/08 14:32:38 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{054E6C20-2892-4CAA-9DB1-49EADB2D8425}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/06/27 16:13:57 | 000,001,024 | ---- | M] () -- C:\.rnd
[2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/04/24 22:13:42 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/01/22 21:13:04 | 000,000,908 | ---- | M] () -- C:\CDFE.log
[2011/04/07 21:18:07 | 000,013,384 | ---- | M] () -- C:\ComboFix.txt
[2010/07/02 11:37:08 | 000,000,010 | RHS- | M] () -- C:\config.sys
[2011/04/08 14:19:43 | 1878,228,992 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/19 10:54:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/22 21:01:25 | 000,000,000 | ---- | M] () -- C:\lxcifire.000
[2010/01/22 21:05:39 | 000,000,000 | ---- | M] () -- C:\lxcifire.001
[2010/01/22 21:13:02 | 000,000,000 | ---- | M] () -- C:\lxcifire.csv
[2010/01/22 21:02:14 | 000,001,032 | ---- | M] () -- C:\LXCIINST.000
[2010/01/22 21:06:04 | 000,001,290 | ---- | M] () -- C:\LXCIINST.001
[2010/01/22 21:13:25 | 000,001,289 | ---- | M] () -- C:\LXCIINST.csv
[2010/08/19 10:54:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/04/08 14:19:41 | 2815,426,560 | -HS- | M] () -- C:\pagefile.sys
[2011/04/07 20:31:56 | 000,061,674 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_07.04.2011_20.31.04_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 06:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 06:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/11/13 18:20:01 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/04/25 00:30:22 | 000,115,200 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\lxcipp5c.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/11/10 17:25:17 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/04/24 22:37:11 | 006,045,696 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2010/04/24 22:37:11 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2010/04/24 22:37:11 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2010/04/24 22:37:12 | 014,671,872 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2010/04/24 22:37:12 | 005,902,336 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/21 18:22:24 | 000,000,286 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/04/08 14:24:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2008/08/29 10:12:28 | 000,932,864 | ---- | M] () -- C:\Users\Owner\Desktop\Xpadder.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/10/07 19:54:27 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/04/08 14:19:55 | 000,055,781 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

[ShooblaGoo]

OTL Extras logfile created on: 08/04/2011 2:25:59 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): c:\pagefile.sys 2685 2685 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 196.87 Gb Total Space | 97.86 Gb Free Space | 49.71% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014DF2BD-6000-47E0-9464-26974710AF9F}" = lport=139 | protocol=6 | dir=in | app=system |
"{077E2152-B3AB-4BF6-99BC-41FBAB684C44}" = lport=138 | protocol=17 | dir=in | app=system |
"{13EBDB8E-6BBC-439D-A2C9-01E21705D6E1}" = rport=137 | protocol=17 | dir=out | app=system |
"{147CB04D-B7E6-4C4C-B579-8EAB4671F4ED}" = lport=137 | protocol=17 | dir=in | app=system |
"{30621162-E6DE-41A7-9BD1-1EAF741CF217}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{3382F534-D491-4C62-8B51-F4064D855FEA}" = lport=445 | protocol=6 | dir=in | app=system |
"{3F9B7EC7-4CAC-42C7-8176-C9A052BDA37A}" = rport=138 | protocol=17 | dir=out | app=system |
"{412DE158-2126-45B8-A5E2-25BE3A07E24F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{5D6267EB-1B95-40EE-BC99-38BAE4E1CAF9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8FAE1CB8-0D6E-4A6F-83FF-485B65DA47F2}" = rport=445 | protocol=6 | dir=out | app=system |
"{A71B5E70-DDF4-4B5B-B4E3-B49048843812}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AB0BC620-DDBE-4C7E-A52E-AADDE3B30787}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C208C248-34D8-4703-9318-F97DB7046863}" = rport=139 | protocol=6 | dir=out | app=system |
"{CE64EBF4-3E5D-4856-B060-B77CBD2CF065}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D0817BD6-949A-44EC-819B-44EBA0C472E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F8FF84E9-1145-4AF5-BDD4-C7D147EF23E1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{FE91EA31-FF5F-4CEF-A63C-77653243B5D4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05F75747-5C59-4132-93CA-EDA1303C1FA0}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{06CCC25A-AC96-44CB-A11E-69AACC4B7151}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{1272B8CA-AB51-459D-B51E-DB76C10A4362}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{2CECBDAF-28C9-4818-A800-16CCAE60529C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2DA3712C-0893-44A5-8DD5-1E249E6CBBB2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{3C2BD707-3094-4773-888E-C09D50718911}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{48AA4AB9-5D48-4582-A462-7BF06BB859C8}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{4D5046C9-D410-4B0A-89D7-C63DE5C2A4AB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{509C73FB-896A-4175-ACC3-94A5E8A288C9}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5D2DE231-8580-47FB-BF07-5093C8FCE6A2}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{6504811F-D9B5-416D-8430-95DF73F59E2F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{686B0524-57D9-4E41-803B-9C6F69247176}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{70248A09-F2F3-4B88-94B7-96DA48C9960A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7252B237-5CEB-4A13-B9B6-F43BEE09029F}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{77D4971D-39D4-4CFB-A3F4-C66A85E58A7A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{830BACAE-5D28-43B9-AFA6-316DC8574DED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{84A3ABCF-A502-4420-8EED-6469569550BE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{8CD0BF54-0B80-48CD-BD7B-22266B3F58A9}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{9227C856-7690-4029-8909-1143062B08DD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9331369E-4E62-40E6-B9E7-05BDFF8643F4}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\ijjioptimizer.exe |
"{98869696-3945-49E1-B6D4-BD5A705144A1}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\ijjioptimizer.exe |
"{9FD203EE-9845-4330-A7BA-54E1BD24EFB0}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{BE20AD35-6880-4000-8798-B9B3F70EDD4B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C075A7A0-D1DB-4AF5-BE1D-E7FAE28EF659}" = protocol=6 | dir=in | app=c:\program files\ijji\ijji reactor\ijjioptimizer.exe |
"{C1D0BEAC-95A9-43DC-AD67-2DC8FBDB402F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{C65EA5C5-80C7-4966-9D11-8C8471BCFBEC}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{D3E73FCE-113D-4B52-A724-28BE43EF3709}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{D55FA047-AB3E-48FB-9223-03A81F59AB63}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{DEFF7A7C-C8C6-4099-85AF-CB7EC487ADDF}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{EB028FF5-21FB-4E77-BF59-6147025DBA57}" = protocol=17 | dir=in | app=c:\program files\ijji\ijji reactor\ijjioptimizer.exe |
"{F8A8A01E-DA93-42A3-A40A-6B7D7176C358}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FE62A911-C144-4BB4-9BAF-35EB12077EE5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{0CD604FE-F80B-42BA-8C76-B4705F661DF1}C:\users\owner\documents\splinter cell double agent\tcscda\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=c:\users\owner\documents\splinter cell double agent\tcscda\scda-offline\system\splintercell4.exe |
"TCP Query User{0D22DEE5-336D-487A-B064-2E040BA13F80}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{13FADDE2-548D-4A1C-BD66-B07DC3C3CABE}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{151A14AC-D600-4024-8FE0-FC1FC453AD76}C:\program files\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus_dedicatedserver.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus_dedicatedserver.exe |
"TCP Query User{3204A5E7-7363-4F35-87EA-53E3582F0E36}C:\users\owner\appdata\local\temp\pylf6fb.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\pylf6fb.tmp\pyrun.exe |
"TCP Query User{39AA73DB-ED4A-4F6A-AABE-F955EC7D032F}C:\program files\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe |
"TCP Query User{41059991-3AA7-42CB-A960-2F85C0CF15F4}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{559D1DAA-6A8D-427A-B439-0500424BF92B}C:\users\owner\appdata\local\temp\pyl8a29.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\pyl8a29.tmp\pyrun.exe |
"TCP Query User{59659F61-F0F8-4042-8F6C-AFE9057809CF}C:\program files\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus.ex" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus.ex |
"TCP Query User{602D027F-735D-4CA4-A37D-4F1C765E3684}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{7395C39D-D990-4D3C-B738-97D13EE511AC}C:\program files\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\modern warfare 2\iw4mp.exe |
"TCP Query User{92E675ED-0443-4183-AA41-082294D99B5B}C:\users\owner\appdata\local\temp\pyl39bd.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\pyl39bd.tmp\pyrun.exe |
"TCP Query User{C4E4AF5F-76B6-4E40-BE4F-14B8169D3B75}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D286CF17-6B8D-40C2-B84A-B3C427C8F28D}C:\ijji\english\u_sf\soldierfront.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe |
"TCP Query User{DD68527C-9DCE-4B58-A353-AC774298F986}C:\users\owner\documents\chaos theory\system\splintercell3.exe" = protocol=6 | dir=in | app=c:\users\owner\documents\chaos theory\system\splintercell3.exe |
"TCP Query User{DF99B848-FA45-4208-8239-82416533E25A}C:\users\owner\appdata\local\temp\pyl300c.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\pyl300c.tmp\pyrun.exe |
"TCP Query User{E3B6B409-4A34-43E9-81D3-887B412F9C55}C:\program files\ijji\ijji reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files\ijji\ijji reactor\reactor.exe |
"TCP Query User{EE49A6E0-059F-4F97-AEB3-31D947AB5E5B}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{05E6F850-EDF5-40C0-8B0C-5951FBDE8770}C:\program files\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe |
"UDP Query User{1DA1D5FE-9360-4AB6-991E-F657637BC684}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{2595E4DE-2A92-42CB-BD31-4B283CB0A0C1}C:\users\owner\appdata\local\temp\pylf6fb.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\pylf6fb.tmp\pyrun.exe |
"UDP Query User{27228D0E-8F9E-49B4-BEF5-536BDC9E94F4}C:\program files\ijji\ijji reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files\ijji\ijji reactor\reactor.exe |
"UDP Query User{29FF0702-CE1A-43E6-A32A-8276DCE1EC7E}C:\ijji\english\u_sf\soldierfront.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe |
"UDP Query User{339C77E5-A153-4666-8023-AA1CA721E5F4}C:\program files\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus.ex" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus.ex |
"UDP Query User{59F7B79A-7A00-417A-915F-5C478545FE64}C:\users\owner\documents\chaos theory\system\splintercell3.exe" = protocol=17 | dir=in | app=c:\users\owner\documents\chaos theory\system\splintercell3.exe |
"UDP Query User{66630EDA-9099-48F0-AC66-FD2C54E2E38A}C:\users\owner\appdata\local\temp\pyl300c.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\pyl300c.tmp\pyrun.exe |
"UDP Query User{75729CBF-936B-4198-8E66-43444F158F31}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{766D897B-3134-4345-B995-BCD084096052}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{7E2A8360-52D8-4651-98AC-DBF192AF6952}C:\program files\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus_dedicatedserver.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus_dedicatedserver.exe |
"UDP Query User{87B9868D-65DC-4C04-9771-B0068371867E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8B507DCB-3237-48F9-B2D7-EF9090A16009}C:\users\owner\appdata\local\temp\pyl8a29.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\pyl8a29.tmp\pyrun.exe |
"UDP Query User{AD257E0C-C65C-45AD-9341-3CAD11371397}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CD409759-39D5-4336-9E95-4661FDBFA484}C:\users\owner\appdata\local\temp\pyl39bd.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\pyl39bd.tmp\pyrun.exe |
"UDP Query User{DA90D8DC-D882-4E0F-A2AF-0A5B90EF9E5F}C:\program files\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\modern warfare 2\iw4mp.exe |
"UDP Query User{DC49BE90-650F-49D1-B00B-38F05772C876}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E9176332-832F-44F3-8B45-BF88816042D3}C:\users\owner\documents\splinter cell double agent\tcscda\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=c:\users\owner\documents\splinter cell double agent\tcscda\scda-offline\system\splintercell4.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24EEF6D7-A7B6-4AA9-AFD9-407185A7769F}" = MapleStory
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.0.4
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6003F12D-6DAF-4C3F-9FFA-F4A721DC6BBF}" = AVG 2011
"{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}" = Soldier Front
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C19AB6C4-BBD0-49EF-927D-9C7CB80BC0B0}" = MapleStory
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AVG" = AVG 2011
"BitTorrent" = BitTorrent
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Defraggler" = Defraggler
"DivX Setup.divx.com" = DivX Setup
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PROR" = Microsoft Office Professional 2007 Trial
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4252191657-479862217-4056747601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

[Broni]

No worries
School is always more important.

Let me take a look at your logs....

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O3 - HKU\S-1-5-21-4252191657-479862217-4056747601-1000\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
  O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab...i_4.1.71.0.cab (Reg Error: Key error.)
  O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirements...qlabdetect.cab (Reg Error: Key error.)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[ShooblaGoo]

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-4252191657-479862217-4056747601-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
Starting removal of ActiveX control {140E4DF8-9E14-4A34-9577-C77561ED7883}
C:\Windows\Downloaded Program Files\SystemRequirementsLab.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{140E4DF8-9E14-4A34-9577-C77561ED7883}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{140E4DF8-9E14-4A34-9577-C77561ED7883}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{140E4DF8-9E14-4A34-9577-C77561ED7883}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{140E4DF8-9E14-4A34-9577-C77561ED7883}\ not found.
Starting removal of ActiveX control {40F576AD-8680-4F9E-9490-99D069CD665F}
C:\Windows\Downloaded Program Files\sysreqlabdetect.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 10844946 bytes
->Temporary Internet Files folder emptied: 394711 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 100216183 bytes
->Google Chrome cache emptied: 54840536 bytes
->Flash cache emptied: 1506 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 94 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 159.00 mb


[EMPTYFLASH]

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04082011_150538

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[ShooblaGoo]

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2011
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.2.153.1
Adobe Reader 9.4.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
``````````End of Log````````````

 

[Broni]

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

...and Eset....

 

[ShooblaGoo]

Newest version of Adobe Reader downloaded and installed.
ESET never produced a log because "no threats were found."

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

 

[ShooblaGoo]

Yay! Thank you for all your help. I couldn't have done it without you.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 432040 bytes
->Temporary Internet Files folder emptied: 63141 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 10032084 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 1325492 bytes

Total Files Cleaned = 11.00 mb


[EMPTYFLASH]

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.22.3 log created on 04082011_175238

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[Broni]

Way to go!!

Good luck and stay safe