TechSpot

Multiple Issues after a download

By ShooblaGoo
Apr 7, 2011
  1. Hey, a few days ago I downloaded a certain video. Afterward, on Firefox (IE and Chrome works perfectly) my Google constantly re-directs me onto a random site. At first I thought it was something minor and ignored it, but then other things started happening.
    For example, I began to get the BSOD with the message "Irql not less or equal." My windows update stopped working and I get the message "Code 80072EFE." I also noticed quite a huge lag when I start up and shut down my computer. I can't change any start up programs on my control panel because, for some reason, it takes me to the windows defender screen. I notice more and more problems as each day goes by.

    I use Windows Vista Home basic
    Intel Pentium Dual CPU E2180
    NVIDIA Geforce 7050 / NVIDIA nforce 620i

    I use AVG 2011 Free Antivirus and Malwarebytes for my anti-virus programs.

    Any help would be appreciated. Thank you.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. ShooblaGoo

    ShooblaGoo TS Rookie Topic Starter

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6306

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    07/04/2011 7:17:05 PM
    mbam-log-2011-04-07 (19-17-05).txt

    Scan type: Quick scan
    Objects scanned: 155660
    Time elapsed: 4 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  4. ShooblaGoo

    ShooblaGoo TS Rookie Topic Starter

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-04-07 20:09:47
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000032 WDC_WD32 rev.01.0
    Running: e7emepny.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgloapow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9D86C780]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9D86C830]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9D86C8D0]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9D86C970]

    INT 0x51 ? 843D1BF8
    INT 0x62 ? 86620BF8
    INT 0x72 ? 843D0BF8
    INT 0x82 ? 843D1BF8
    INT 0x83 ? 86620BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 3F1 820E4B74 4 Bytes [80, C7, 86, 9D] {ADD BH, 0x86; POPF }
    .text ntkrnlpa.exe!KeSetEvent + 621 820E4DA4 8 Bytes [30, C8, 86, 9D, D0, C8, 86, ...] {XOR AL, CL; XCHG [EBP-0x62793730], BL}
    .text ntkrnlpa.exe!KeSetEvent + 681 820E4E04 4 Bytes [70, C9, 86, 9D]
    ? System32\Drivers\spdc.sys The system cannot find the path specified. !
    .text USBPORT.SYS!DllUnload 82BAF41B 5 Bytes JMP 866201D8
    .text ap192lfi.SYS 8C536000 2 Bytes [82, C3]
    .text ap192lfi.SYS 8C536003 19 Bytes [82, 6C, C2, 00, 82, 60, 8F, ...] {SUB BYTE [EDX+EAX*8+0x0], -0x7e; PUSHA ; POP DWORD [EAX]; ADD AL, -0x72; ADD [EDX-0x7dff3958], AL; ADD [EAX], AL}
    .text ap192lfi.SYS 8C536017 137 Bytes [00, 32, D7, 78, 80, 3D, D5, ...]
    .text ap192lfi.SYS 8C5360A1 43 Bytes [10, 0E, 82, 74, 06, 08, 82, ...]
    .text ap192lfi.SYS 8C5360CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\Explorer.EXE[872] ntdll.dll!NtProtectVirtualMemory 77B04B84 5 Bytes JMP 0188000A
    .text C:\Windows\Explorer.EXE[872] ntdll.dll!NtWriteVirtualMemory 77B054C4 5 Bytes JMP 0189000A
    .text C:\Windows\Explorer.EXE[872] ntdll.dll!KiUserExceptionDispatcher 77B05BF8 5 Bytes JMP 0177000A
    .text C:\Windows\system32\svchost.exe[1416] ntdll.dll!NtProtectVirtualMemory 77B04B84 5 Bytes JMP 0020000A
    .text C:\Windows\system32\svchost.exe[1416] ntdll.dll!NtWriteVirtualMemory 77B054C4 5 Bytes JMP 0021000A
    .text C:\Windows\system32\svchost.exe[1416] ntdll.dll!KiUserExceptionDispatcher 77B05BF8 5 Bytes JMP 001F000A
    .text C:\Windows\system32\svchost.exe[1416] ole32.dll!CoCreateInstance 75B09F3E 5 Bytes JMP 0097000A

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806916D6] \SystemRoot\System32\Drivers\spdc.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80691042] \SystemRoot\System32\Drivers\spdc.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80691800] \SystemRoot\System32\Drivers\spdc.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806910C0] \SystemRoot\System32\Drivers\spdc.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069113E] \SystemRoot\System32\Drivers\spdc.sys
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortNotification] CC358B04
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortWritePortUchar] 838C55CF
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd)
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8C55A0
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortStallExecution] 54771129
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortInitialize] B18D0502
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
    IAT \SystemRoot\System32\Drivers\ap192lfi.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A0B90] \SystemRoot\System32\Drivers\spdc.sys

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 8505C1F8

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    Device \Driver\volmgr \Device\VolMgrControl 850581F8
    Device \Driver\usbohci \Device\USBPDO-0 866B01F8
    Device \Driver\PCI_PNP6505 \Device\00000051 spdc.sys
    Device \Driver\usbehci \Device\USBPDO-1 866BB1F8
    Device \Driver\netbt \Device\NetBT_Tcpip_{38B88514-416A-457A-B2D4-AC27003921FF} 876FE1F8
    Device \Driver\nvstor32 \Device\00000062 8505B1F8

    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\volmgr \Device\HarddiskVolume1 850581F8
    Device \Driver\volmgr \Device\HarddiskVolume2 850581F8
    Device \Driver\cdrom \Device\CdRom0 8669E1F8
    Device \Driver\cdrom \Device\CdRom1 8669E1F8
    Device \Driver\atapi \Device\Ide\IdePort0 8505A1F8
    Device \Driver\atapi \Device\Ide\IdePort1 8505A1F8
    Device \Driver\volmgr \Device\HarddiskVolume3 850581F8
    Device \Driver\volmgr \Device\HarddiskVolume4 850581F8
    Device \Driver\sptd \Device\2468194513 spdc.sys
    Device \Driver\volmgr \Device\HarddiskVolume5 850581F8
    Device \Driver\volmgr \Device\HarddiskVolume6 850581F8
    Device \Driver\volmgr \Device\HarddiskVolume7 850581F8
    Device \Driver\netbt \Device\NetBt_Wins_Export 876FE1F8
    Device \Driver\volmgr \Device\HarddiskVolume8 850581F8
    Device \Driver\Smb \Device\NetbiosSmb 877031F8
    Device \Driver\nvstor32 \Device\RaidPort0 8505B1F8

    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\iScsiPrt \Device\RaidPort1 866CD2D0

    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\USBSTOR \Device\0000006a 8CE9E1F8
    Device \Driver\USBSTOR \Device\0000006b 8CE9E1F8
    Device \Driver\USBSTOR \Device\0000006c 8CE9E1F8
    Device \Driver\usbohci \Device\USBFDO-0 866B01F8
    Device \Driver\USBSTOR \Device\0000006d 8CE9E1F8
    Device \Driver\usbehci \Device\USBFDO-1 866BB1F8
    Device \Driver\USBSTOR \Device\0000006e 8CE9E1F8
    Device \Driver\ap192lfi \Device\Scsi\ap192lfi1 8661F1F8
    Device \Driver\ap192lfi \Device\Scsi\ap192lfi1Port5Path0Target0Lun0 8661F1F8
    Device \FileSystem\cdfs \Cdfs A59421F8
    Device \Device\00000061 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-22B4A#4&28799283&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x74 0xE7 0x49 0x88 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x00 0xBF 0x52 0xFE ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD3 0x61 0xF9 0xD0 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x74 0xE7 0x49 0x88 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x00 0xBF 0x52 0xFE ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD3 0x61 0xF9 0xD0 ...

    ---- EOF - GMER 1.0.15 ----
     
  5. ShooblaGoo

    ShooblaGoo TS Rookie Topic Starter

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Owner at 20:14:45.79 on 07/04/2011
    Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_24
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.1791.696 [GMT -6:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\nvraidservice.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgchsvx.exe
    C:\Program Files\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Owner\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/
    uSearch Bar = Preserve
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Skytel] Skytel.exe
    mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [LXCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCItime.dll,_RunDLLEntry@16
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRunServices: [SSDPSRV] c:\windows\system32\ssdpsrv.exe
    uPolicies-explorer: RestrictRun = 0 (0x0)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\822zr1g4.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c69dab7&v=6.103.018.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q=
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\users\owner\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\822zr1g4.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-11-10 21504]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-11-26 517448]
    S3 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
    .
    =============== Created Last 30 ================
    .
    2011-04-07 03:40:14 2730536 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8d401507-6dd7-40e3-ad5d-fbe6f017f359}\mpengine.dll
    2011-04-07 01:09:19 -------- d-----w- c:\windows\system32\catroot2(394)
    2011-04-05 21:37:06 -------- d-----w- c:\users\owner\appdata\local\Fallout3
    2011-04-05 21:25:31 -------- d-----w- c:\program files\Bethesda Softworks
    2011-04-03 23:30:27 2416735 ----a-w- c:\program files\mozilla firefox\INSTALL.EXE
    2011-04-01 20:45:51 286720 ----a-w- c:\windows\iun504.exe
    2011-03-27 22:32:54 -------- d-----w- c:\users\owner\appdata\local\Xenocode
    2011-03-22 21:26:43 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-22 21:26:43 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-03-22 21:26:43 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-18 02:02:54 -------- d-----w- c:\users\owner\appdata\local\Temporary Projects
    2011-03-18 01:31:46 187808 ----a-w- c:\progra~2\microsoft\vbexpress\9.0\1033\ResourceCache.dll
    2011-03-18 01:30:56 416 ----a-w- c:\progra~2\microsoft\msdn\9.0\1033\ResourceCache.dll
    2011-03-12 18:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2011-03-12 18:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2011-02-03 04:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: WDC_WD32 rev.01.0 -> Harddisk0\DR0 ->
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x863F6439]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x863fc7d0]; MOV EAX, [0x863fc84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x8207C912] -> \Device\Harddisk0\DR0[0x85D4F300]
    3 CLASSPNP[0x826758B3] -> ntkrnlpa!IofCallDriver[0x8207C912] -> [0x85513700]
    5 acpi[0x807B96BC] -> ntkrnlpa!IofCallDriver[0x8207C912] -> [0x850DD900]
    \Driver\nvstor32[0x855E4220] -> IRP_MJ_CREATE -> 0x863F6439
    kernel: MBR read successfully
    _asm { JMP 0x65; }
    detected disk devices:
    \Device\00000061 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-22B4A#4&28799283&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi -> 0x8505a1f8
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 20:15:40.10 ===============
     
  6. ShooblaGoo

    ShooblaGoo TS Rookie Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume2
    Install Date: 07/10/2009 5:49:23 PM
    System Uptime: 07/04/2011 7:30:39 PM (1 hours ago)
    .
    Motherboard: ACER | | MCP73VE
    Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | SOCKET775 M/B | 2003/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 197 GiB total, 93.428 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&8CB234F&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&8CB234F&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP338: 06/04/2011 9:20:26 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 9.4.3
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2011
    BitTorrent
    Bonjour
    Call of Duty Modern Warfare 2
    CCleaner
    CDisplay 1.8
    Connect
    D3DX10
    Defraggler
    DivX Setup
    Google Chrome
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    ijji REACTOR
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    kuler
    Logitech Gaming Software 5.10
    Malwarebytes' Anti-Malware
    MapleStory
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Help Viewer 1.0
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Professional 2007 Trial
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 Design Tools ENU
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server VSS Writer
    Microsoft Visual Basic 2008 Express Edition - ENU
    Microsoft Visual Basic 2010 Express - ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2010 Express - ENU
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
    Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox (3.6.16)
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Display Control Panel
    NVIDIA Drivers
    PDF Settings CS4
    Photoshop Camera Raw
    Project64 1.6
    PVSonyDll
    QuickTime
    Realtek High Definition Audio Driver
    RuneScape Launcher 1.0.4
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    Service Pack 1 for SQL Server 2008 (KB968369)
    Soldier Front
    Sql Server Customer Experience Improvement Program
    Suite Shared Configuration CS4
    The Sims 2
    The Sims 2 Glamour Life Stuff
    The Sims 2 Nightlife
    The Sims 2 Open For Business
    The Sims 2 Pets
    The Sims 2 University
    The Sims™ 2 Apartment Life
    The Sims™ 2 Bon Voyage
    The Sims™ 2 FreeTime
    The Sims™ 2 H&M® Fashion Stuff
    The Sims™ 2 IKEA® Home Stuff
    The Sims™ 2 Seasons
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2508979)
    VC Runtimes MSI
    VC80CRTRedist - 8.0.50727.4053
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    VLC media player 1.0.5
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    07/04/2011 7:12:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "230" attempting to start the service wercplsupport with arguments "" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
    07/04/2011 7:00:31 PM, Error: EventLog [6008] - The previous system shutdown at 6:58:58 PM on 07/04/2011 was unexpected.
    07/04/2011 6:55:58 PM, Error: EventLog [6008] - The previous system shutdown at 6:54:12 PM on 07/04/2011 was unexpected.
    07/04/2011 6:53:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
    07/04/2011 6:53:48 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    07/04/2011 5:26:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC i8042prt NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sptd tdx Wanarpv6
    07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    07/04/2011 5:26:28 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    07/04/2011 5:25:08 PM, Error: EventLog [6008] - The previous system shutdown at 5:23:34 PM on 07/04/2011 was unexpected.
    07/04/2011 5:24:33 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    07/04/2011 4:32:34 PM, Error: EventLog [6008] - The previous system shutdown at 3:52:56 PM on 07/04/2011 was unexpected.
    07/04/2011 3:45:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    06/04/2011 9:40:14 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Backup Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Signatures loading: Default Loading signature version: 1.0.0.0 Loading engine version: 1.1.3007.0
    06/04/2011 9:37:50 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.87.1764.0 Loading engine version: 1.1.5202.0
    06/04/2011 8:59:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    06/04/2011 8:46:03 PM, Error: EventLog [6008] - The previous system shutdown at 8:44:06 PM on 06/04/2011 was unexpected.
    06/04/2011 8:42:06 PM, Error: EventLog [6008] - The previous system shutdown at 8:32:56 PM on 06/04/2011 was unexpected.
    06/04/2011 7:37:20 PM, Error: EventLog [6008] - The previous system shutdown at 7:35:03 PM on 06/04/2011 was unexpected.
    06/04/2011 7:33:03 PM, Error: EventLog [6008] - The previous system shutdown at 7:30:26 PM on 06/04/2011 was unexpected.
    06/04/2011 6:42:26 PM, Error: EventLog [6008] - The previous system shutdown at 6:40:09 PM on 06/04/2011 was unexpected.
    06/04/2011 3:25:04 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    05/04/2011 9:06:10 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    05/04/2011 7:07:59 PM, Error: EventLog [6008] - The previous system shutdown at 7:05:38 PM on 05/04/2011 was unexpected.
    05/04/2011 3:16:37 PM, Error: EventLog [6008] - The previous system shutdown at 3:14:58 PM on 05/04/2011 was unexpected.
    04/04/2011 4:16:00 PM, Error: EventLog [6008] - The previous system shutdown at 4:14:18 PM on 04/04/2011 was unexpected.
    .
    ==== End Of File ===========================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  8. ShooblaGoo

    ShooblaGoo TS Rookie Topic Starter

    2011/04/07 20:31:04.0434 3348 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/04/07 20:31:04.0839 3348 ================================================================================
    2011/04/07 20:31:04.0839 3348 SystemInfo:
    2011/04/07 20:31:04.0839 3348
    2011/04/07 20:31:04.0839 3348 OS Version: 6.0.6002 ServicePack: 2.0
    2011/04/07 20:31:04.0839 3348 Product type: Workstation
    2011/04/07 20:31:04.0839 3348 ComputerName: OWNER-PC
    2011/04/07 20:31:04.0839 3348 UserName: Owner
    2011/04/07 20:31:04.0839 3348 Windows directory: C:\Windows
    2011/04/07 20:31:04.0839 3348 System windows directory: C:\Windows
    2011/04/07 20:31:04.0839 3348 Processor architecture: Intel x86
    2011/04/07 20:31:04.0839 3348 Number of processors: 2
    2011/04/07 20:31:04.0839 3348 Page size: 0x1000
    2011/04/07 20:31:04.0839 3348 Boot type: Normal boot
    2011/04/07 20:31:04.0839 3348 ================================================================================
    2011/04/07 20:31:05.0697 3348 Initialize success
    2011/04/07 20:31:12.0046 5152 ================================================================================
    2011/04/07 20:31:12.0046 5152 Scan started
    2011/04/07 20:31:12.0046 5152 Mode: Manual;
    2011/04/07 20:31:12.0046 5152 ================================================================================
    2011/04/07 20:31:12.0608 5152 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/04/07 20:31:12.0670 5152 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
    2011/04/07 20:31:12.0780 5152 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2011/04/07 20:31:12.0889 5152 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2011/04/07 20:31:12.0951 5152 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2011/04/07 20:31:12.0998 5152 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2011/04/07 20:31:13.0092 5152 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2011/04/07 20:31:13.0248 5152 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2011/04/07 20:31:13.0279 5152 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/04/07 20:31:13.0326 5152 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2011/04/07 20:31:13.0372 5152 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2011/04/07 20:31:13.0419 5152 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2011/04/07 20:31:13.0466 5152 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2011/04/07 20:31:13.0497 5152 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2011/04/07 20:31:13.0575 5152 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2011/04/07 20:31:13.0638 5152 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2011/04/07 20:31:13.0700 5152 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/04/07 20:31:13.0778 5152 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2011/04/07 20:31:13.0887 5152 AVGIDSDriver (5f6c56305ea73760cdafc7604d64bbe0) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    2011/04/07 20:31:13.0918 5152 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    2011/04/07 20:31:13.0965 5152 AVGIDSFilter (0a95333ca80ca8b79d612f3965466cc0) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    2011/04/07 20:31:13.0996 5152 AVGIDSShim (ab7e4b37126447ffe4fb639901012fb3) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
    2011/04/07 20:31:14.0043 5152 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\Windows\system32\DRIVERS\avgldx86.sys
    2011/04/07 20:31:14.0090 5152 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
    2011/04/07 20:31:14.0168 5152 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
    2011/04/07 20:31:14.0215 5152 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\Windows\system32\DRIVERS\avgtdix.sys
    2011/04/07 20:31:14.0277 5152 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/04/07 20:31:14.0355 5152 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2011/04/07 20:31:14.0511 5152 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/04/07 20:31:14.0542 5152 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/04/07 20:31:14.0589 5152 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/04/07 20:31:14.0620 5152 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/04/07 20:31:14.0652 5152 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/04/07 20:31:14.0698 5152 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/04/07 20:31:14.0730 5152 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/04/07 20:31:14.0761 5152 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/04/07 20:31:14.0792 5152 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/04/07 20:31:14.0870 5152 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2011/04/07 20:31:14.0917 5152 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/04/07 20:31:14.0964 5152 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2011/04/07 20:31:14.0979 5152 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
    2011/04/07 20:31:15.0026 5152 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2011/04/07 20:31:15.0057 5152 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2011/04/07 20:31:15.0135 5152 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2011/04/07 20:31:15.0182 5152 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/04/07 20:31:15.0244 5152 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/04/07 20:31:15.0291 5152 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/04/07 20:31:15.0354 5152 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/04/07 20:31:15.0463 5152 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/04/07 20:31:15.0510 5152 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2011/04/07 20:31:15.0603 5152 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/04/07 20:31:15.0634 5152 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/04/07 20:31:15.0681 5152 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/04/07 20:31:15.0744 5152 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/04/07 20:31:15.0790 5152 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/04/07 20:31:15.0837 5152 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/04/07 20:31:15.0884 5152 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/04/07 20:31:15.0946 5152 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/04/07 20:31:15.0978 5152 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/04/07 20:31:16.0024 5152 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/04/07 20:31:16.0056 5152 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2011/04/07 20:31:16.0118 5152 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/04/07 20:31:16.0165 5152 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/04/07 20:31:16.0196 5152 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/04/07 20:31:16.0243 5152 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/04/07 20:31:16.0290 5152 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2011/04/07 20:31:16.0352 5152 HssDrv (0d6b32306c362750ec6576f1d90c52f7) C:\Windows\system32\DRIVERS\HssDrv.sys
    2011/04/07 20:31:16.0399 5152 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
    2011/04/07 20:31:16.0446 5152 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2011/04/07 20:31:16.0492 5152 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/04/07 20:31:16.0524 5152 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2011/04/07 20:31:16.0570 5152 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/04/07 20:31:16.0820 5152 IntcAzAudAddService (f6e17c275666a4402588a30e36565910) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/04/07 20:31:16.0976 5152 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    2011/04/07 20:31:17.0038 5152 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/04/07 20:31:17.0085 5152 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/04/07 20:31:17.0179 5152 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2011/04/07 20:31:17.0241 5152 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/04/07 20:31:17.0304 5152 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/04/07 20:31:17.0350 5152 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2011/04/07 20:31:17.0413 5152 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/04/07 20:31:17.0460 5152 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/04/07 20:31:17.0491 5152 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/04/07 20:31:17.0553 5152 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/04/07 20:31:17.0600 5152 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/04/07 20:31:17.0662 5152 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/04/07 20:31:17.0756 5152 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/04/07 20:31:17.0850 5152 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2011/04/07 20:31:17.0896 5152 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2011/04/07 20:31:17.0943 5152 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/04/07 20:31:17.0990 5152 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/04/07 20:31:18.0037 5152 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2011/04/07 20:31:18.0099 5152 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/04/07 20:31:18.0146 5152 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/04/07 20:31:18.0193 5152 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/04/07 20:31:18.0240 5152 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/04/07 20:31:18.0286 5152 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/04/07 20:31:18.0333 5152 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2011/04/07 20:31:18.0380 5152 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/04/07 20:31:18.0442 5152 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/04/07 20:31:18.0474 5152 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/04/07 20:31:18.0520 5152 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/04/07 20:31:18.0552 5152 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/04/07 20:31:18.0583 5152 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/04/07 20:31:18.0630 5152 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2011/04/07 20:31:18.0661 5152 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2011/04/07 20:31:18.0739 5152 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/04/07 20:31:18.0770 5152 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/04/07 20:31:18.0817 5152 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/04/07 20:31:18.0848 5152 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/04/07 20:31:18.0879 5152 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/04/07 20:31:18.0926 5152 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/04/07 20:31:18.0988 5152 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/04/07 20:31:19.0051 5152 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/04/07 20:31:19.0098 5152 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/04/07 20:31:19.0144 5152 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/04/07 20:31:19.0191 5152 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2011/04/07 20:31:19.0254 5152 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/04/07 20:31:19.0300 5152 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/04/07 20:31:19.0347 5152 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/04/07 20:31:19.0378 5152 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/04/07 20:31:19.0425 5152 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/04/07 20:31:19.0472 5152 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2011/04/07 20:31:19.0566 5152 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/04/07 20:31:19.0628 5152 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/04/07 20:31:19.0675 5152 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/04/07 20:31:19.0737 5152 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/04/07 20:31:19.0815 5152 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/04/07 20:31:19.0846 5152 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/04/07 20:31:19.0909 5152 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
    2011/04/07 20:31:20.0424 5152 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/04/07 20:31:20.0704 5152 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2011/04/07 20:31:20.0751 5152 nvrd32 (5dd1242cabc1ef8dce4438d72d72a436) C:\Windows\system32\drivers\nvrd32.sys
    2011/04/07 20:31:20.0798 5152 nvsmu (af1bd777af00e96c45c77192d7453369) C:\Windows\system32\DRIVERS\nvsmu.sys
    2011/04/07 20:31:20.0845 5152 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2011/04/07 20:31:20.0892 5152 nvstor32 (1bef40fdca53b43e16e1851faa3440cc) C:\Windows\system32\drivers\nvstor32.sys
    2011/04/07 20:31:20.0938 5152 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2011/04/07 20:31:21.0048 5152 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/04/07 20:31:21.0094 5152 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/04/07 20:31:21.0141 5152 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/04/07 20:31:21.0172 5152 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/04/07 20:31:21.0219 5152 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/04/07 20:31:21.0250 5152 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    2011/04/07 20:31:21.0282 5152 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/04/07 20:31:21.0344 5152 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/04/07 20:31:21.0484 5152 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/04/07 20:31:21.0531 5152 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2011/04/07 20:31:21.0594 5152 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/04/07 20:31:21.0640 5152 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2011/04/07 20:31:21.0703 5152 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/04/07 20:31:21.0750 5152 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/04/07 20:31:21.0796 5152 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/04/07 20:31:21.0843 5152 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/04/07 20:31:21.0906 5152 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/04/07 20:31:21.0952 5152 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/04/07 20:31:21.0984 5152 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/04/07 20:31:22.0046 5152 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/04/07 20:31:22.0093 5152 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2011/04/07 20:31:22.0124 5152 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/04/07 20:31:22.0186 5152 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/04/07 20:31:22.0296 5152 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
    2011/04/07 20:31:22.0327 5152 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
    2011/04/07 20:31:22.0389 5152 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
    2011/04/07 20:31:22.0420 5152 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/04/07 20:31:22.0498 5152 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/04/07 20:31:22.0561 5152 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/04/07 20:31:22.0623 5152 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
    2011/04/07 20:31:22.0654 5152 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
    2011/04/07 20:31:22.0701 5152 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/04/07 20:31:22.0764 5152 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    2011/04/07 20:31:22.0810 5152 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/04/07 20:31:22.0842 5152 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    2011/04/07 20:31:22.0873 5152 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/04/07 20:31:22.0935 5152 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2011/04/07 20:31:22.0982 5152 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2011/04/07 20:31:23.0013 5152 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2011/04/07 20:31:23.0076 5152 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/04/07 20:31:23.0138 5152 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/04/07 20:31:23.0216 5152 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    2011/04/07 20:31:23.0216 5152 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    2011/04/07 20:31:23.0232 5152 sptd - detected Locked file (1)
    2011/04/07 20:31:23.0310 5152 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
    2011/04/07 20:31:23.0372 5152 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
    2011/04/07 20:31:23.0388 5152 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/04/07 20:31:23.0466 5152 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/04/07 20:31:23.0512 5152 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/04/07 20:31:23.0544 5152 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/04/07 20:31:23.0590 5152 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/04/07 20:31:23.0637 5152 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
    2011/04/07 20:31:23.0715 5152 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2011/04/07 20:31:23.0778 5152 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/04/07 20:31:23.0824 5152 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2011/04/07 20:31:23.0871 5152 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/04/07 20:31:23.0902 5152 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/04/07 20:31:23.0949 5152 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/04/07 20:31:23.0980 5152 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/04/07 20:31:24.0074 5152 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/04/07 20:31:24.0105 5152 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/04/07 20:31:24.0152 5152 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/04/07 20:31:24.0199 5152 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2011/04/07 20:31:24.0246 5152 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/04/07 20:31:24.0308 5152 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2011/04/07 20:31:24.0355 5152 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2011/04/07 20:31:24.0402 5152 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/04/07 20:31:24.0448 5152 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/04/07 20:31:24.0480 5152 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/04/07 20:31:24.0558 5152 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/04/07 20:31:24.0589 5152 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/04/07 20:31:24.0636 5152 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/04/07 20:31:24.0667 5152 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/04/07 20:31:24.0714 5152 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/04/07 20:31:24.0760 5152 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/04/07 20:31:24.0807 5152 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/04/07 20:31:24.0854 5152 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/04/07 20:31:24.0885 5152 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/04/07 20:31:24.0932 5152 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/04/07 20:31:25.0010 5152 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/04/07 20:31:25.0041 5152 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2011/04/07 20:31:25.0072 5152 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2011/04/07 20:31:25.0104 5152 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2011/04/07 20:31:25.0166 5152 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/04/07 20:31:25.0213 5152 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/04/07 20:31:25.0260 5152 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/04/07 20:31:25.0306 5152 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2011/04/07 20:31:25.0369 5152 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/04/07 20:31:25.0416 5152 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/07 20:31:25.0431 5152 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/07 20:31:25.0494 5152 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    2011/04/07 20:31:25.0540 5152 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/04/07 20:31:25.0712 5152 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\Windows\system32\drivers\WmBEnum.sys
    2011/04/07 20:31:25.0743 5152 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\Windows\system32\drivers\WmFilter.sys
    2011/04/07 20:31:25.0790 5152 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/04/07 20:31:25.0852 5152 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\Windows\system32\drivers\WmVirHid.sys
    2011/04/07 20:31:25.0884 5152 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\Windows\system32\drivers\WmXlCore.sys
    2011/04/07 20:31:25.0977 5152 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/04/07 20:31:26.0040 5152 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/04/07 20:31:26.0164 5152 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
    2011/04/07 20:31:26.0227 5152 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/04/07 20:31:26.0227 5152 ================================================================================
    2011/04/07 20:31:26.0227 5152 Scan finished
    2011/04/07 20:31:26.0227 5152 ================================================================================
    2011/04/07 20:31:26.0258 3172 Detected object count: 2
    2011/04/07 20:31:41.0031 3172 Locked file(sptd) - User select action: Skip
    2011/04/07 20:31:41.0094 3172 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/04/07 20:31:41.0094 3172 \HardDisk0 - ok
    2011/04/07 20:31:41.0109 3172 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/04/07 20:31:56.0522 5860 Deinitialize success
     
  9. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Good job :)

    How is redirection?

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  10. ShooblaGoo

    ShooblaGoo TS Rookie Topic Starter

    It seems like the redirection is gone! :D
    I can already feel my computer go from snail like speeds to a jet.
    Thank you for that. I am truly grateful.

    -------------------------------------------------------------------------------------------------
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Basic Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: ACER
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: ACER
    System Product Name: Aspire M1640
    Logical Drives Mask: 0x000001fc

    Kernel Drivers (total 160):
    0x82048000 \SystemRoot\system32\ntkrnlpa.exe
    0x82015000 \SystemRoot\system32\hal.dll
    0x8040A000 \SystemRoot\system32\kdcom.dll
    0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x80481000 \SystemRoot\system32\PSHED.dll
    0x80492000 \SystemRoot\system32\BOOTVID.dll
    0x8049A000 \SystemRoot\system32\CLFS.SYS
    0x804DB000 \SystemRoot\system32\CI.dll
    0x8060A000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x80686000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80693000 \SystemRoot\System32\Drivers\spdi.sys
    0x80786000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x8078F000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x807B5000 \SystemRoot\system32\drivers\acpi.sys
    0x80600000 \SystemRoot\system32\drivers\msisadrv.sys
    0x805BB000 \SystemRoot\system32\drivers\pci.sys
    0x805E2000 \SystemRoot\System32\drivers\partmgr.sys
    0x805F1000 \SystemRoot\system32\drivers\volmgr.sys
    0x8260F000 \SystemRoot\System32\drivers\volmgrx.sys
    0x82659000 \SystemRoot\system32\drivers\nvrd32.sys
    0x8267D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x8269E000 \SystemRoot\system32\drivers\pciide.sys
    0x826A5000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x826B3000 \SystemRoot\System32\drivers\mountmgr.sys
    0x826C3000 \SystemRoot\system32\drivers\nvraid.sys
    0x826DC000 \SystemRoot\system32\drivers\atapi.sys
    0x826E4000 \SystemRoot\system32\drivers\ataport.SYS
    0x82702000 \SystemRoot\system32\drivers\nvstor32.sys
    0x82728000 \SystemRoot\system32\drivers\storport.sys
    0x82769000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8279B000 \SystemRoot\system32\drivers\fileinfo.sys
    0x87402000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x87473000 \SystemRoot\system32\drivers\ndis.sys
    0x8757E000 \SystemRoot\system32\drivers\msrpc.sys
    0x875A9000 \SystemRoot\system32\drivers\NETIO.SYS
    0x87607000 \SystemRoot\System32\drivers\tcpip.sys
    0x876F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8780B000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8791B000 \SystemRoot\system32\drivers\wd.sys
    0x87923000 \SystemRoot\system32\drivers\volsnap.sys
    0x8795C000 \SystemRoot\System32\Drivers\spldr.sys
    0x87964000 \SystemRoot\System32\Drivers\mup.sys
    0x87973000 \SystemRoot\System32\drivers\ecache.sys
    0x8799A000 \SystemRoot\system32\drivers\disk.sys
    0x879AB000 \SystemRoot\system32\drivers\crcdisk.sys
    0x879B4000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
    0x879B9000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
    0x87800000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8770C000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x87715000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x87724000 \SystemRoot\system32\DRIVERS\serial.sys
    0x8773E000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x8775B000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x87766000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x8776F000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x87779000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x877B7000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8B20C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8B299000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x8B2A9000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x8B2B7000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8B2CF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8B2D5000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
    0x8B40F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8BE8D000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x8BE8F000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8BF2F000 \SystemRoot\System32\drivers\watchdog.sys
    0x8BF3B000 \SystemRoot\System32\Drivers\aht2fcfm.SYS
    0x8BF74000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x8BF7D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8BFAC000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8BFB7000 \SystemRoot\system32\DRIVERS\HssDrv.sys
    0x8BFC7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8BFDE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8B3D5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8BFE9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x877C6000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x877DA000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x877EF000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8B400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8B40B000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x827AB000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8BFF8000 \SystemRoot\system32\drivers\WmBEnum.sys
    0x875E4000 \SystemRoot\system32\drivers\WmXlCore.sys
    0x8B200000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x875F3000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8C600000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8C635000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8C802000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x8C646000 \SystemRoot\system32\drivers\portcls.sys
    0x8C673000 \SystemRoot\system32\drivers\drmk.sys
    0x8C9E3000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
    0x8C9EF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8C9F8000 \SystemRoot\System32\Drivers\Null.SYS
    0x8C698000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8C69F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8C6BB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8C6C2000 \SystemRoot\System32\drivers\vga.sys
    0x8C6CE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8C6EF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8C6F7000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8C6FF000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8C70A000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8C718000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8C721000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8C737000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8C74B000 \SystemRoot\system32\DRIVERS\avgtdix.sys
    0x8C793000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8D00C000 \SystemRoot\system32\drivers\afd.sys
    0x8D054000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8D06A000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8D078000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8D08B000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8D0C7000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8D0D1000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x8D0E6000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8D0E8000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8D0FF000 \SystemRoot\system32\DRIVERS\avgldx86.sys
    0x8D13B000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8D144000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x8D154000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8D15C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x8D173000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x8D17C000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8D189000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x8D193000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
    0x95800000 \SystemRoot\System32\win32k.sys
    0x8D1B9000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8D1C3000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x95A20000 \SystemRoot\System32\TSDDD.dll
    0x95A40000 \SystemRoot\System32\cdd.dll
    0x95A50000 \SystemRoot\System32\ATMFD.DLL
    0x8D1D2000 \SystemRoot\system32\drivers\luafv.sys
    0x9AA03000 \SystemRoot\system32\drivers\spsys.sys
    0x9AAB3000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9AAC3000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9AAD6000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x9AADF000 \SystemRoot\system32\drivers\HTTP.sys
    0x9AB4C000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9AB69000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9AB82000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9AB97000 \SystemRoot\system32\drivers\mrxdav.sys
    0x9ABB8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x8C7C5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9ABD7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x879C2000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9BE04000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9BE52000 \SystemRoot\System32\Drivers\adfs.SYS
    0x9BE63000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
    0x9BE6E000 \SystemRoot\system32\drivers\peauth.sys
    0x9BF4C000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9BF56000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9BF62000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x9BF77000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
    0x9BF89000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
    0x9BF93000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
    0x9BFBB000 \SystemRoot\system32\drivers\WmVirHid.sys
    0x9BFBE000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x77450000 \Windows\System32\ntdll.dll
    0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

    Processes (total 69):
    0 System Idle Process
    4 System
    492 C:\Windows\System32\smss.exe
    524 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    776 csrss.exe
    832 C:\Windows\System32\wininit.exe
    844 csrss.exe
    876 C:\Windows\System32\services.exe
    900 C:\Windows\System32\lsass.exe
    912 C:\Windows\System32\lsm.exe
    944 C:\Windows\System32\winlogon.exe
    1088 C:\Windows\System32\svchost.exe
    1140 C:\Windows\System32\nvvsvc.exe
    1168 C:\Windows\System32\svchost.exe
    1316 C:\Windows\System32\svchost.exe
    1376 C:\Windows\System32\svchost.exe
    1392 C:\Windows\System32\svchost.exe
    1476 C:\Windows\System32\audiodg.exe
    1500 C:\Windows\System32\svchost.exe
    1516 C:\Windows\System32\SLsvc.exe
    1552 C:\Windows\System32\svchost.exe
    1608 C:\Windows\System32\nvvsvc.exe
    1712 C:\Windows\System32\svchost.exe
    2012 C:\Windows\System32\spoolsv.exe
    2040 C:\Windows\System32\svchost.exe
    1908 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1820 C:\Program Files\AVG\AVG10\avgwdsvc.exe
    704 C:\Program Files\Bonjour\mDNSResponder.exe
    1688 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    1904 C:\Windows\System32\svchost.exe
    348 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    2060 C:\Windows\System32\svchost.exe
    2100 C:\Windows\System32\svchost.exe
    2152 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2212 C:\Windows\System32\SearchIndexer.exe
    2264 WUDFHost.exe
    2352 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    2572 C:\Program Files\AVG\AVG10\avgnsx.exe
    2848 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3180 C:\Windows\System32\dwm.exe
    3224 C:\Windows\System32\taskeng.exe
    3272 C:\Windows\explorer.exe
    3444 C:\Windows\RtHDVCpl.exe
    3560 C:\Windows\System32\nvraidservice.exe
    3796 WmiPrvSE.exe
    3844 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    3956 C:\Windows\System32\wbem\unsecapp.exe
    2596 C:\Program Files\AVG\AVG10\avgtray.exe
    2640 C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    3148 C:\Program Files\iTunes\iTunesHelper.exe
    2708 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2408 C:\Program Files\Windows Sidebar\sidebar.exe
    1348 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3684 C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    3088 C:\Program Files\Windows Sidebar\sidebar.exe
    1388 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    3116 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3204 C:\Program Files\iPod\bin\iPodService.exe
    5716 C:\Program Files\Mozilla Firefox\firefox.exe
    5804 C:\Windows\System32\taskeng.exe
    5072 C:\Windows\System32\svchost.exe
    3672 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    5620 C:\Program Files\AVG\AVG10\avgcsrvx.exe
    5064 C:\Program Files\Mozilla Firefox\plugin-container.exe
    2580 C:\Windows\System32\SearchProtocolHost.exe
    3708 C:\Windows\System32\SearchFilterHost.exe
    4020 dllhost.exe
    5776 dllhost.exe
    5884 C:\Users\Owner\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)

    PhysicalDrive0 Model Number: WDC WD3200AAJS-22B4A, Rev: 01.0

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 3C96C0879729CBB43ED661230E66AA4AB8C9650D


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  11. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Good news :)
     
  12. ShooblaGoo

    ShooblaGoo TS Rookie Topic Starter

    ComboFix 11-04-07.07 - Owner 07/04/2011 21:08:49.1.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.1791.1064 [GMT -6:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\MapleStory.url
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-08 to 2011-04-08 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-08 03:16 . 2011-04-08 03:16 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-07 15:13 . 2011-04-07 15:13 -------- d-----w- c:\programdata\WindowsSearch
    2011-04-07 03:40 . 2008-01-05 11:37 2730536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D401507-6DD7-40E3-AD5D-FBE6F017F359}\mpengine.dll
    2011-04-07 01:09 . 2011-04-07 01:11 -------- d-----w- c:\windows\system32\catroot2(394)
    2011-04-05 21:37 . 2011-04-05 21:37 -------- d-----w- c:\users\Owner\AppData\Local\Fallout3
    2011-04-05 21:25 . 2011-04-05 21:25 -------- d-----w- c:\program files\Bethesda Softworks
    2011-04-03 23:30 . 1997-03-11 20:36 2416735 ----a-w- c:\program files\Mozilla Firefox\INSTALL.EXE
    2011-04-01 20:45 . 2011-04-03 22:58 286720 ----a-w- c:\windows\iun504.exe
    2011-03-27 22:32 . 2011-03-27 22:32 -------- d-----w- c:\users\Owner\AppData\Local\Xenocode
    2011-03-22 21:26 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-03-22 21:26 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-22 21:26 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-18 02:02 . 2011-03-18 03:09 -------- d-----w- c:\users\Owner\AppData\Local\Temporary Projects
    2011-03-18 01:31 . 2011-03-18 01:31 187808 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
    2011-03-18 01:30 . 2011-03-18 01:30 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
    2011-03-13 05:52 . 2011-03-13 05:52 -------- d-----w- c:\program files\Common Files\Java
    2011-03-13 05:50 . 2011-03-13 05:50 -------- d-----w- c:\programdata\McAfee
    2011-03-12 18:28 . 2011-03-12 18:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2011-03-12 18:28 . 2011-03-12 18:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-18 01:57 . 2010-05-01 21:15 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
    2011-03-10 22:17 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-02-03 04:40 . 2010-04-21 21:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-20 16:37 . 2011-02-09 03:07 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-20 16:08 . 2011-02-09 03:07 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08 . 2011-02-09 03:07 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08 . 2011-02-09 03:07 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:08 . 2011-02-09 03:07 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08 . 2011-02-09 03:07 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:07 . 2011-02-09 03:07 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07 . 2011-02-09 03:07 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07 . 2011-02-09 03:07 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06 . 2011-02-09 03:07 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06 . 2011-02-09 03:07 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04 . 2011-02-09 03:07 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 16:04 . 2011-02-09 03:07 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 14:28 . 2011-02-09 03:07 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27 . 2011-02-09 03:07 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26 . 2011-02-09 03:07 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25 . 2011-02-09 03:07 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24 . 2011-02-09 03:07 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15 . 2011-02-09 03:07 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14 . 2011-02-09 03:07 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14 . 2011-02-09 03:07 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14 . 2011-02-09 03:07 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12 . 2011-02-09 03:07 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11 . 2011-02-09 03:07 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47 . 2011-02-09 03:07 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-08 08:47 . 2011-02-09 03:05 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28 . 2011-02-09 03:05 292352 ----a-w- c:\windows\system32\atmfd.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "Google Update"="c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-19 136176]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 4702208]
    "Skytel"="Skytel.exe" [2010-04-25 1826816]
    "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-11-12 203296]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "LXCICATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2010-04-25 73728]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-11-10 08:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe [2010-04-25 491520]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-12-03 3377880]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 XDva324;XDva324;c:\windows\system32\XDva324.sys [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-31 691696]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4252191657-479862217-4056747601-1000Core.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-19 23:56]
    .
    2011-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4252191657-479862217-4056747601-1000UA.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-19 23:56]
    .
    2011-04-08 c:\windows\Tasks\User_Feed_Synchronization-{054E6C20-2892-4CAA-9DB1-49EADB2D8425}.job
    - c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    uInternet Settings,ProxyOverride = *.local
    DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\822zr1g4.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c69dab7&v=6.103.018.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-07 21:16
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    LXCICATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    Completion time: 2011-04-07 21:18:07
    ComboFix-quarantined-files.txt 2011-04-08 03:18
    .
    Pre-Run: 106,715,164,672 bytes free
    Post-Run: 106,640,977,920 bytes free
    .
    - - End Of File - - C1FB1D6EA55A7A766E089F8239AC74D1
     
  13. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Looks good :)

    You can reinstall your AVG now.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. ShooblaGoo

    ShooblaGoo TS Rookie Topic Starter

    Sorry about yesterday. I went to study for a test when scanning, and fell asleep, haha.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    OTL logfile created on: 08/04/2011 2:25:59 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): c:\pagefile.sys 2685 2685 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 196.87 Gb Total Space | 97.86 Gb Free Space | 49.71% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/04/08 14:24:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    PRC - [2011/02/17 06:21:58 | 002,190,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2011/02/11 06:25:52 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2011/02/08 05:32:46 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2010/10/18 16:06:27 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2010/09/16 14:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/06/14 17:10:30 | 000,153,672 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/11/12 17:06:20 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
    PRC - [2007/10/11 10:53:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/04/08 14:24:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/04/24 22:38:23 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\Windows\System32\lxcicoms.exe -- (lxci_device)
    SRV - [2009/12/03 17:29:00 | 003,377,880 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
    SRV - [2009/11/21 20:45:34 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/03/30 17:16:52 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2010/06/16 14:33:42 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hssdrv.sys -- (HssDrv)
    DRV - [2010/06/16 14:33:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
    DRV - [2010/05/31 16:18:53 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010/04/27 17:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
    DRV - [2010/04/27 17:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
    DRV - [2010/04/27 17:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
    DRV - [2010/04/27 15:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
    DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
    DRV - [2008/11/12 17:02:46 | 000,146,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2008/11/12 17:02:46 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
    DRV - [2008/08/25 02:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2008/08/01 11:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4252191657-479862217-4056747601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    IE - HKU\S-1-5-21-4252191657-479862217-4056747601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
    IE - HKU\S-1-5-21-4252191657-479862217-4056747601-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4252191657-479862217-4056747601-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
    FF - prefs.js..extensions.enabledItems: {0471d3b0-a403-11df-981c-0800200c9a66}:0.921
    FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4d9f6c6e&v=6.103.018.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q="

    FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/04/08 14:13:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/08 14:13:22 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 15:13:15 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 15:13:15 | 000,000,000 | ---D | M]

    [2009/11/13 15:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
    [2011/04/08 14:21:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\822zr1g4.default\extensions
    [2011/04/06 21:25:45 | 000,000,000 | ---D | M] (SmallringFX DARKBlue) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\822zr1g4.default\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
    [2010/05/09 10:40:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\822zr1g4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/01/03 21:31:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\822zr1g4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/12/31 18:49:32 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\822zr1g4.default\extensions\DeviceDetection@logitech.com
    [2010/05/28 16:54:46 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\822zr1g4.default\extensions\DTToolbar@toolbarnet.com
    [2011/03/27 18:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\822zr1g4.default\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}\chrome\mozapps\extensions
    [2010/05/28 16:54:32 | 000,002,059 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\822zr1g4.default\searchplugins\daemon-search.xml
    [2011/03/12 23:51:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/21 15:31:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/03 15:30:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/07 14:32:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/08 22:41:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/03/12 23:51:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/04/08 14:13:22 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
    [2011/04/08 14:13:33 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
    [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2009/07/03 01:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
    [2010/03/14 18:01:13 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

    O1 HOSTS File: ([2011/04/07 21:16:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O3 - HKU\S-1-5-21-4252191657-479862217-4056747601-1000\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [LXCICATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCItime.DLL ()
    O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4252191657-479862217-4056747601-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4252191657-479862217-4056747601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (Reg Error: Key error.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} http://www.yoyogames.com/downloads/activex/YoYo.cab (YYGInstantPlay Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/08 14:24:33 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2011/04/08 14:18:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVG10
    [2011/04/08 14:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
    [2011/04/08 14:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
    [2011/04/08 14:11:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2011/04/08 13:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2011/04/08 13:30:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/04/07 21:18:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/04/07 21:07:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/04/07 21:07:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/04/07 21:07:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/04/07 21:07:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/04/07 21:06:41 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/07 21:06:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/04/07 09:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2011/04/06 21:37:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Fallout.3-RELOADED
    [2011/04/06 19:09:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2(394)
    [2011/04/05 15:37:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Fallout3
    [2011/04/05 15:25:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My Games
    [2011/04/05 15:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
    [2011/04/01 14:45:51 | 000,286,720 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun504.exe
    [2011/03/30 17:16:52 | 000,134,480 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSDriver.sys
    [2011/03/27 16:32:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Xenocode
    [2011/03/17 20:02:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Temporary Projects
    [2011/03/17 19:30:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Visual Studio 2008
    [2011/03/12 23:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/03/12 23:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2005/10/24 06:36:58 | 000,630,784 | ---- | C] ( ) -- C:\Windows\System32\lxcipmui.dll
    [2005/10/24 06:36:06 | 001,183,744 | ---- | C] ( ) -- C:\Windows\System32\lxciserv.dll
    [2005/10/24 06:34:22 | 000,491,520 | ---- | C] ( ) -- C:\Windows\System32\lxcilmpm.dll
    [2005/10/24 06:34:06 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcicomm.dll
    [2005/10/24 06:34:00 | 000,368,640 | ---- | C] ( ) -- C:\Windows\System32\lxcicfg.exe
    [2005/10/24 06:33:20 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxciih.exe
    [2005/10/24 06:33:10 | 000,114,688 | ---- | C] ( ) -- C:\Windows\System32\lxcipplc.dll
    [2005/10/24 06:33:04 | 000,491,520 | ---- | C] ( ) -- C:\Windows\System32\lxcicoms.exe
    [2005/10/24 06:32:44 | 000,704,512 | ---- | C] ( ) -- C:\Windows\System32\lxcicomc.dll
    [2005/10/24 06:32:22 | 000,155,648 | ---- | C] ( ) -- C:\Windows\System32\lxciprox.dll
    [2005/10/24 06:29:54 | 001,122,304 | ---- | C] ( ) -- C:\Windows\System32\lxciusb1.dll
    [2005/10/24 06:28:32 | 000,770,048 | ---- | C] ( ) -- C:\Windows\System32\lxcihbn3.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/04/08 14:32:38 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{054E6C20-2892-4CAA-9DB1-49EADB2D8425}.job
    [2011/04/08 14:24:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2011/04/08 14:21:57 | 111,950,108 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2011/04/08 14:20:19 | 000,055,781 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2011/04/08 14:19:55 | 000,055,781 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2011/04/08 14:19:53 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/04/08 14:19:53 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/04/08 14:19:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/04/08 14:19:43 | 1878,228,992 | -HS- | M] () -- C:\hiberfil.sys
    [2011/04/08 14:13:25 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
    [2011/04/08 14:11:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4252191657-479862217-4056747601-1000UA.job
    [2011/04/07 21:16:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/04/07 20:14:20 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\prvlcl.dat
    [2011/04/07 19:00:15 | 197,475,126 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/04/07 15:47:48 | 000,712,616 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/04/07 15:47:48 | 000,147,706 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/04/07 02:24:33 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2011/04/03 16:58:19 | 000,286,720 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun504.exe
    [2011/04/03 16:11:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4252191657-479862217-4056747601-1000Core.job
    [2011/04/03 09:50:19 | 000,000,046 | ---- | M] () -- C:\Users\Owner\jagex_runescape_preferences.dat
    [2011/04/03 09:49:32 | 000,000,023 | ---- | M] () -- C:\Users\Owner\jagexappletviewer.preferences
    [2011/04/03 09:49:31 | 000,000,117 | ---- | M] () -- C:\Users\Owner\jagex_runescape_preferences2.dat
    [2011/03/30 17:16:52 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSDriver.sys
    [2011/03/27 10:15:28 | 002,326,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/03/25 18:13:22 | 000,002,042 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
    [2011/03/25 18:13:22 | 000,002,004 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/03/25 17:56:33 | 000,334,274 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2011/03/22 15:20:05 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

    ========== Files Created - No Company Name ==========

    [2011/04/08 14:13:25 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
    [2011/04/07 21:07:18 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/04/07 21:07:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/04/07 21:07:18 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/04/07 21:07:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/04/07 21:07:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/04/07 18:55:42 | 197,475,126 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/04/07 17:28:43 | 1878,228,992 | -HS- | C] () -- C:\hiberfil.sys
    [2011/03/17 19:30:40 | 000,001,264 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 2008 Express Edition.lnk
    [2010/07/20 15:38:43 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
    [2010/02/12 19:10:26 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\prvlcl.dat
    [2010/01/30 21:43:34 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
    [2010/01/27 12:01:08 | 000,000,552 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d8caps.dat
    [2010/01/24 20:22:25 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
    [2009/11/14 13:29:47 | 000,015,360 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/11/13 21:31:15 | 000,055,781 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/11/13 21:31:05 | 000,055,781 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/11/13 15:31:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/11/13 15:31:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/11/12 21:47:40 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
    [2009/11/12 21:46:08 | 000,006,048 | ---- | C] () -- C:\Windows\System32\MCC16.dll
    [2009/11/12 20:49:59 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcivs.dll
    [2009/11/10 17:32:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009/10/07 21:09:51 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2009/10/07 19:54:16 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2006/11/02 06:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 06:44:53 | 002,326,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 04:33:01 | 000,712,616 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 04:33:01 | 000,147,706 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== LOP Check ==========

    [2011/01/16 19:36:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.minecraft
    [2011/01/08 21:29:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Atari
    [2011/04/08 14:18:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG10
    [2010/03/10 16:44:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG9
    [2011/04/07 17:43:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitTorrent
    [2010/05/28 17:00:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
    [2010/05/28 14:37:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Pro
    [2010/07/09 19:56:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dev-Cpp
    [2010/03/21 12:05:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
    [2010/01/15 23:20:44 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\ijjigame
    [2011/01/08 21:28:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
    [2011/02/01 19:56:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NavNet Solutions
    [2010/03/21 09:55:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
    [2010/10/22 18:20:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Stellarium
    [2010/01/25 20:34:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\twistedScape
    [2010/08/23 20:47:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wizet
    [2011/04/08 14:18:31 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/04/08 14:32:38 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{054E6C20-2892-4CAA-9DB1-49EADB2D8425}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/06/27 16:13:57 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2010/04/24 22:13:42 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2010/01/22 21:13:04 | 000,000,908 | ---- | M] () -- C:\CDFE.log
    [2011/04/07 21:18:07 | 000,013,384 | ---- | M] () -- C:\ComboFix.txt
    [2010/07/02 11:37:08 | 000,000,010 | RHS- | M] () -- C:\config.sys
    [2011/04/08 14:19:43 | 1878,228,992 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/19 10:54:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/01/22 21:01:25 | 000,000,000 | ---- | M] () -- C:\lxcifire.000
    [2010/01/22 21:05:39 | 000,000,000 | ---- | M] () -- C:\lxcifire.001
    [2010/01/22 21:13:02 | 000,000,000 | ---- | M] () -- C:\lxcifire.csv
    [2010/01/22 21:02:14 | 000,001,032 | ---- | M] () -- C:\LXCIINST.000
    [2010/01/22 21:06:04 | 000,001,290 | ---- | M] () -- C:\LXCIINST.001
    [2010/01/22 21:13:25 | 000,001,289 | ---- | M] () -- C:\LXCIINST.csv
    [2010/08/19 10:54:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/04/08 14:19:41 | 2815,426,560 | -HS- | M] () -- C:\pagefile.sys
    [2011/04/07 20:31:56 | 000,061,674 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_07.04.2011_20.31.04_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 06:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 06:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 06:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/11/13 18:20:01 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/04/25 00:30:22 | 000,115,200 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\lxcipp5c.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/11/10 17:25:17 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2010/04/24 22:37:11 | 006,045,696 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2010/04/24 22:37:11 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2010/04/24 22:37:11 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2010/04/24 22:37:12 | 014,671,872 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2010/04/24 22:37:12 | 005,902,336 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/11/21 18:22:24 | 000,000,286 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/04/08 14:24:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2008/08/29 10:12:28 | 000,932,864 | ---- | M] () -- C:\Users\Owner\Desktop\Xpadder.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/10/07 19:54:27 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/04/08 14:19:55 | 000,055,781 | ---- | M] () -- C:\ProgramData\nvModes.001

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  15. ShooblaGoo

    ShooblaGoo TS Rookie Topic Starter

    OTL Extras logfile created on: 08/04/2011 2:25:59 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): c:\pagefile.sys 2685 2685 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 196.87 Gb Total Space | 97.86 Gb Free Space | 49.71% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{014DF2BD-6000-47E0-9464-26974710AF9F}" = lport=139 | protocol=6 | dir=in | app=system |
    "{077E2152-B3AB-4BF6-99BC-41FBAB684C44}" = lport=138 | protocol=17 | dir=in | app=system |
    "{13EBDB8E-6BBC-439D-A2C9-01E21705D6E1}" = rport=137 | protocol=17 | dir=out | app=system |
    "{147CB04D-B7E6-4C4C-B579-8EAB4671F4ED}" = lport=137 | protocol=17 | dir=in | app=system |
    "{30621162-E6DE-41A7-9BD1-1EAF741CF217}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
    "{3382F534-D491-4C62-8B51-F4064D855FEA}" = lport=445 | protocol=6 | dir=in | app=system |
    "{3F9B7EC7-4CAC-42C7-8176-C9A052BDA37A}" = rport=138 | protocol=17 | dir=out | app=system |
    "{412DE158-2126-45B8-A5E2-25BE3A07E24F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
    "{5D6267EB-1B95-40EE-BC99-38BAE4E1CAF9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{8FAE1CB8-0D6E-4A6F-83FF-485B65DA47F2}" = rport=445 | protocol=6 | dir=out | app=system |
    "{A71B5E70-DDF4-4B5B-B4E3-B49048843812}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{AB0BC620-DDBE-4C7E-A52E-AADDE3B30787}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{C208C248-34D8-4703-9318-F97DB7046863}" = rport=139 | protocol=6 | dir=out | app=system |
    "{CE64EBF4-3E5D-4856-B060-B77CBD2CF065}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{D0817BD6-949A-44EC-819B-44EBA0C472E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{F8FF84E9-1145-4AF5-BDD4-C7D147EF23E1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{FE91EA31-FF5F-4CEF-A63C-77653243B5D4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05F75747-5C59-4132-93CA-EDA1303C1FA0}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{06CCC25A-AC96-44CB-A11E-69AACC4B7151}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{1272B8CA-AB51-459D-B51E-DB76C10A4362}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{2CECBDAF-28C9-4818-A800-16CCAE60529C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{2DA3712C-0893-44A5-8DD5-1E249E6CBBB2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{3C2BD707-3094-4773-888E-C09D50718911}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{48AA4AB9-5D48-4582-A462-7BF06BB859C8}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{4D5046C9-D410-4B0A-89D7-C63DE5C2A4AB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{509C73FB-896A-4175-ACC3-94A5E8A288C9}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{5D2DE231-8580-47FB-BF07-5093C8FCE6A2}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
    "{6504811F-D9B5-416D-8430-95DF73F59E2F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{686B0524-57D9-4E41-803B-9C6F69247176}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{70248A09-F2F3-4B88-94B7-96DA48C9960A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{7252B237-5CEB-4A13-B9B6-F43BEE09029F}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
    "{77D4971D-39D4-4CFB-A3F4-C66A85E58A7A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{830BACAE-5D28-43B9-AFA6-316DC8574DED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{84A3ABCF-A502-4420-8EED-6469569550BE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{8CD0BF54-0B80-48CD-BD7B-22266B3F58A9}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{9227C856-7690-4029-8909-1143062B08DD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{9331369E-4E62-40E6-B9E7-05BDFF8643F4}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\ijjioptimizer.exe |
    "{98869696-3945-49E1-B6D4-BD5A705144A1}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\ijjioptimizer.exe |
    "{9FD203EE-9845-4330-A7BA-54E1BD24EFB0}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{BE20AD35-6880-4000-8798-B9B3F70EDD4B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{C075A7A0-D1DB-4AF5-BE1D-E7FAE28EF659}" = protocol=6 | dir=in | app=c:\program files\ijji\ijji reactor\ijjioptimizer.exe |
    "{C1D0BEAC-95A9-43DC-AD67-2DC8FBDB402F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{C65EA5C5-80C7-4966-9D11-8C8471BCFBEC}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{D3E73FCE-113D-4B52-A724-28BE43EF3709}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{D55FA047-AB3E-48FB-9223-03A81F59AB63}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{DEFF7A7C-C8C6-4099-85AF-CB7EC487ADDF}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "{EB028FF5-21FB-4E77-BF59-6147025DBA57}" = protocol=17 | dir=in | app=c:\program files\ijji\ijji reactor\ijjioptimizer.exe |
    "{F8A8A01E-DA93-42A3-A40A-6B7D7176C358}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{FE62A911-C144-4BB4-9BAF-35EB12077EE5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "TCP Query User{0CD604FE-F80B-42BA-8C76-B4705F661DF1}C:\users\owner\documents\splinter cell double agent\tcscda\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=c:\users\owner\documents\splinter cell double agent\tcscda\scda-offline\system\splintercell4.exe |
    "TCP Query User{0D22DEE5-336D-487A-B064-2E040BA13F80}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "TCP Query User{13FADDE2-548D-4A1C-BD66-B07DC3C3CABE}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{151A14AC-D600-4024-8FE0-FC1FC453AD76}C:\program files\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus_dedicatedserver.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus_dedicatedserver.exe |
    "TCP Query User{3204A5E7-7363-4F35-87EA-53E3582F0E36}C:\users\owner\appdata\local\temp\pylf6fb.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\pylf6fb.tmp\pyrun.exe |
    "TCP Query User{39AA73DB-ED4A-4F6A-AABE-F955EC7D032F}C:\program files\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe |
    "TCP Query User{41059991-3AA7-42CB-A960-2F85C0CF15F4}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "TCP Query User{559D1DAA-6A8D-427A-B439-0500424BF92B}C:\users\owner\appdata\local\temp\pyl8a29.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\pyl8a29.tmp\pyrun.exe |
    "TCP Query User{59659F61-F0F8-4042-8F6C-AFE9057809CF}C:\program files\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus.ex" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus.ex |
    "TCP Query User{602D027F-735D-4CA4-A37D-4F1C765E3684}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "TCP Query User{7395C39D-D990-4D3C-B738-97D13EE511AC}C:\program files\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\modern warfare 2\iw4mp.exe |
    "TCP Query User{92E675ED-0443-4183-AA41-082294D99B5B}C:\users\owner\appdata\local\temp\pyl39bd.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\pyl39bd.tmp\pyrun.exe |
    "TCP Query User{C4E4AF5F-76B6-4E40-BE4F-14B8169D3B75}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{D286CF17-6B8D-40C2-B84A-B3C427C8F28D}C:\ijji\english\u_sf\soldierfront.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe |
    "TCP Query User{DD68527C-9DCE-4B58-A353-AC774298F986}C:\users\owner\documents\chaos theory\system\splintercell3.exe" = protocol=6 | dir=in | app=c:\users\owner\documents\chaos theory\system\splintercell3.exe |
    "TCP Query User{DF99B848-FA45-4208-8239-82416533E25A}C:\users\owner\appdata\local\temp\pyl300c.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\pyl300c.tmp\pyrun.exe |
    "TCP Query User{E3B6B409-4A34-43E9-81D3-887B412F9C55}C:\program files\ijji\ijji reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files\ijji\ijji reactor\reactor.exe |
    "TCP Query User{EE49A6E0-059F-4F97-AEB3-31D947AB5E5B}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "UDP Query User{05E6F850-EDF5-40C0-8B0C-5951FBDE8770}C:\program files\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe |
    "UDP Query User{1DA1D5FE-9360-4AB6-991E-F657637BC684}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "UDP Query User{2595E4DE-2A92-42CB-BD31-4B283CB0A0C1}C:\users\owner\appdata\local\temp\pylf6fb.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\pylf6fb.tmp\pyrun.exe |
    "UDP Query User{27228D0E-8F9E-49B4-BEF5-536BDC9E94F4}C:\program files\ijji\ijji reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files\ijji\ijji reactor\reactor.exe |
    "UDP Query User{29FF0702-CE1A-43E6-A32A-8276DCE1EC7E}C:\ijji\english\u_sf\soldierfront.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe |
    "UDP Query User{339C77E5-A153-4666-8023-AA1CA721E5F4}C:\program files\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus.ex" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus.ex |
    "UDP Query User{59F7B79A-7A00-417A-915F-5C478545FE64}C:\users\owner\documents\chaos theory\system\splintercell3.exe" = protocol=17 | dir=in | app=c:\users\owner\documents\chaos theory\system\splintercell3.exe |
    "UDP Query User{66630EDA-9099-48F0-AC66-FD2C54E2E38A}C:\users\owner\appdata\local\temp\pyl300c.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\pyl300c.tmp\pyrun.exe |
    "UDP Query User{75729CBF-936B-4198-8E66-43444F158F31}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "UDP Query User{766D897B-3134-4345-B995-BCD084096052}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "UDP Query User{7E2A8360-52D8-4651-98AC-DBF192AF6952}C:\program files\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus_dedicatedserver.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus_dedicatedserver.exe |
    "UDP Query User{87B9868D-65DC-4C04-9771-B0068371867E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{8B507DCB-3237-48F9-B2D7-EF9090A16009}C:\users\owner\appdata\local\temp\pyl8a29.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\pyl8a29.tmp\pyrun.exe |
    "UDP Query User{AD257E0C-C65C-45AD-9341-3CAD11371397}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "UDP Query User{CD409759-39D5-4336-9E95-4661FDBFA484}C:\users\owner\appdata\local\temp\pyl39bd.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\pyl39bd.tmp\pyrun.exe |
    "UDP Query User{DA90D8DC-D882-4E0F-A2AF-0A5B90EF9E5F}C:\program files\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\modern warfare 2\iw4mp.exe |
    "UDP Query User{DC49BE90-650F-49D1-B00B-38F05772C876}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{E9176332-832F-44F3-8B45-BF88816042D3}C:\users\owner\documents\splinter cell double agent\tcscda\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=c:\users\owner\documents\splinter cell double agent\tcscda\scda-offline\system\splintercell4.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{24EEF6D7-A7B6-4AA9-AFD9-407185A7769F}" = MapleStory
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
    "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
    "{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
    "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
    "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
    "{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
    "{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
    "{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
    "{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.0.4
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6003F12D-6DAF-4C3F-9FFA-F4A721DC6BBF}" = AVG 2011
    "{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
    "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
    "{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}" = Soldier Front
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU
    "{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
    "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{C19AB6C4-BBD0-49EF-927D-9C7CB80BC0B0}" = MapleStory
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
    "{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
    "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
    "{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "AVG" = AVG 2011
    "BitTorrent" = BitTorrent
    "Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
    "CCleaner" = CCleaner
    "CDisplay_is1" = CDisplay 1.8
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Defraggler" = Defraggler
    "DivX Setup.divx.com" = DivX Setup
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MapleStory" = MapleStory
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
    "Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU
    "Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
    "Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
    "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "PROR" = Microsoft Office Professional 2007 Trial
    "VLC media player" = VLC media player 1.0.5
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4252191657-479862217-4056747601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  16. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    No worries :)
    School is always more important.

    Let me take a look at your logs....
     
  17. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O3 - HKU\S-1-5-21-4252191657-479862217-4056747601-1000\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
      O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab...i_4.1.71.0.cab (Reg Error: Key error.)
      O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirements...qlabdetect.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. ShooblaGoo

    ShooblaGoo TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_USERS\S-1-5-21-4252191657-479862217-4056747601-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
    Starting removal of ActiveX control {140E4DF8-9E14-4A34-9577-C77561ED7883}
    C:\Windows\Downloaded Program Files\SystemRequirementsLab.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{140E4DF8-9E14-4A34-9577-C77561ED7883}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{140E4DF8-9E14-4A34-9577-C77561ED7883}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{140E4DF8-9E14-4A34-9577-C77561ED7883}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{140E4DF8-9E14-4A34-9577-C77561ED7883}\ not found.
    Starting removal of ActiveX control {40F576AD-8680-4F9E-9490-99D069CD665F}
    C:\Windows\Downloaded Program Files\sysreqlabdetect.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    File oft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 10844946 bytes
    ->Temporary Internet Files folder emptied: 394711 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 100216183 bytes
    ->Google Chrome cache emptied: 54840536 bytes
    ->Flash cache emptied: 1506 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 94 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 159.00 mb


    [EMPTYFLASH]

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 04082011_150538

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  19. ShooblaGoo

    ShooblaGoo TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    AVG 2011
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player 10.2.153.1
    Adobe Reader 9.4.3
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    ``````````End of Log````````````
     
  20. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    ...and Eset....
     
  21. ShooblaGoo

    ShooblaGoo TS Rookie Topic Starter

    Newest version of Adobe Reader downloaded and installed.
    ESET never produced a log because "no threats were found."
     
  22. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  23. ShooblaGoo

    ShooblaGoo TS Rookie Topic Starter

    Yay! Thank you for all your help. I couldn't have done it without you.

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 432040 bytes
    ->Temporary Internet Files folder emptied: 63141 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 10032084 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 1325492 bytes

    Total Files Cleaned = 11.00 mb


    [EMPTYFLASH]

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.22.3 log created on 04082011_175238

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  24. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...