TechSpot

New here, need help with rootkit thing

By stoot64
Feb 13, 2011
  1. Hi.

    Call me Al.

    Just did the eight steps, these are my logs.

    Please help!

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-02-14 01:03:55
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500420AS rev.0006HPM1
    Running: x98pbiv8.exe; Driver: C:\Users\A6DF6~1.CAV\AppData\Local\Temp\uxrdrpob.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 02: copy of MBR

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 86F99458

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- Services - GMER 1.0.15 ----

    Service (*** hidden *** ) [BOOT] fsyjzzan <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----



    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5751

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    14/02/2011 1:13:39 AM
    mbam-log-2011-02-14 (01-13-39).txt

    Scan type: Quick scan
    Objects scanned: 187505
    Time elapsed: 3 minute(s), 16 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\windows\system32\drivers\fsyjzzan.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully.





    DDS (Ver_10-12-12.02) - NTFSx86
    Run by a.caveney at 1:18:05.13 on Mon 14/02/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3580.2720 [GMT 11:00]

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
    C:\Users\a.caveney\AppData\Local\vghd\bin\vghd.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
    C:\Users\a.caveney\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\sppsvc.exe
    "C:\Windows\System32\svchost.exe"
    "C:\Windows\System32\svchost.exe"
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Users\a.caveney\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.ask.com?o=15442&l=dis
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    uRun: [Sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /Background
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"
    dRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    StartupFolder: c:\users\a6df6~1.cav\appdata\roaming\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\users\a.caveney\appdata\local\vghd\bin\vghd.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    dPolicies-explorer: NoFolderOptions = 1 (0x1)
    dPolicies-system: DisableRegistryTools = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\a6df6~1.cav\appdata\roaming\mozilla\firefox\profiles\swy5a2zf.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d21a506&v=6.011.025.001&i=26&tp=ab&iy=&ychte=au&lng=en-US&q=
    FF - prefs.js: network.proxy.type - 2
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\a.caveney\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: XULRunner: {0D3354DB-5D86-45F4-9D83-381040B0C0B2} - c:\windows\system32\config\systemprofile\appdata\local\{0D3354DB-5D86-45F4-9D83-381040B0C0B2}
    FF - Ext: XULRunner: {48B0D77B-DCA1-4D95-8936-9CFC93B6CA58} - c:\users\a.caveney\appdata\local\{48B0D77B-DCA1-4D95-8936-9CFC93B6CA58}

    ============= SERVICES / DRIVERS ===============

    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe [2010-1-16 81920]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-5 176128]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-10-31 228408]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-16 167936]
    R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-1-16 28344]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-9 135664]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-5-6 198656]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
    S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-2-8 155344]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-25 1343400]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]

    =============== Created Last 30 ================

    2011-02-13 13:24:02 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-02-12 03:48:12 114688 ----a-w- c:\program files\mozilla firefox\plugins\np32dsw.dll
    2011-02-12 02:52:27 -------- d-----w- c:\program files\common files\Macrovision Shared
    2011-02-11 22:58:29 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlcB858.tmp
    2011-02-09 22:50:51 7 ----a-w- c:\windows\treeskp.sys
    2011-02-09 22:50:51 7 ----a-w- c:\windows\sbacknt.bin
    2011-02-09 22:50:35 -------- d-----w- c:\users\a6df6~1.cav\appdata\local\vghd
    2011-02-08 06:33:45 -------- d-----w- c:\program files\Sony Ericsson
    2011-02-08 06:33:45 -------- d-----w- c:\progra~2\Sony Ericsson
    2011-01-31 16:36:29 -------- d-----w- c:\users\a6df6~1.cav\appdata\roaming\thriXXX
    2011-01-31 16:36:29 -------- d-----w- c:\program files\thriXXX
    2011-01-30 03:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2011-01-30 03:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2011-01-19 10:56:43 -------- d-----w- c:\program files\common files\Steam
    2011-01-19 10:56:42 -------- d-----w- c:\program files\Steam
    2011-01-17 10:31:53 -------- d-----w- C:\vikings
    2011-01-17 10:24:37 -------- d-----w- C:\harry
    2011-01-17 10:24:37 -------- d-----w- C:\Alien Carnage - Halloween Harry
    2011-01-17 10:21:39 -------- d-----w- C:\Dalek
    2011-01-17 09:56:15 -------- d-----w- c:\program files\DOSBox-0.74

    ==================== Find3M ====================


    ============= FINISH: 1:19:03.08 ===============





    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 19/02/2010 4:15:08 PM
    System Uptime: 14/02/2011 1:14:43 AM (0 hours ago)

    Motherboard: Hewlett-Packard | | 3652
    Processor: AMD Athlon(tm) II Dual-Core M340 | Socket S1G3 | 1496/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 453 GiB total, 186.955 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 1.991 GiB free.
    E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.
    F: is CDROM (CDFS)

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================


    2007 Microsoft Office system
    7-Zip 4.60 beta
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe After Effects CS4
    Adobe After Effects CS4 Presets
    Adobe After Effects CS4 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color Video Profiles AE CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Player
    Adobe MotionPicture Color Files CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop 7.0
    Adobe Reader 9.4.2 MUI
    Adobe Setup
    Adobe Shockwave Player
    Adobe Shockwave Player 11
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe XMP Panels CS4
    AdobeColorCommonSetRGB
    AMD USB Filter Driver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Driver Installation Program
    ATI Catalyst Install Manager
    Belarc Advisor 8.1
    BitTorrent
    Bonjour
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 3.0
    Canon MP270 series MP Drivers
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    Carmageddon 2
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CyberLink DVD Suite
    CyberLink MediaShow
    CyberLink PowerDirector
    CyberLink PowerDVD 8
    CyberLink YouCam
    EAX Unified
    Fable - The Lost Chapters
    Facebook Plug-In
    Google Update Helper
    Guitar Pro 6 (6.0.7 b2 r8924)
    HP Customer Experience Enhancements
    HP Games
    HP Quick Launch Buttons
    HP Setup
    HP Support Assistant
    HP Update
    HP User Guides 0148
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    IDT Audio
    InterActual Player
    Java Auto Updater
    Java(TM) 6 Update 20
    Junk Mail filter update
    LabelPrint
    LAME v3.98.2 for Audacity
    LightScribe System Software
    LSI HDA Modem
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.13)
    MSVCRT
    MSXML4 Parser
    Norton Internet Security
    OGA Notifier 2.0.0048.0
    Oracle VM VirtualBox 3.2.8
    Photoshop Camera Raw
    Pixel Bender Toolkit
    Power2Go
    QLBCASL
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek USB 2.0 Card Reader
    Recovery Manager
    SAMSUNG Intelli-studio
    Scrabble PLUS
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    SmartSound Quicktracks Plugin
    SoftStylus
    Sony Ericsson PC Companion 2.01.110
    Sony Ericsson Update Engine
    Sony USB Driver
    StarCraft
    Steam
    Steinberg Cubase LE
    Suite Shared Configuration CS4
    Synaptics Pointing Device Driver
    The Godfather™ II
    thriXXX WebLaunch
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Outlook 2007 Junk Email Filter (kb983486)
    Virgin Mobile
    VirtuaGirl version 1.0.5.1
    VLC media player 1.1.2
    Warcraft III
    Warcraft III: All Products
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR archiver
    WinZip 14.0
    Worms Reloaded
    zeckensack's Glide wrapper (remove only)

    ==== Event Viewer Messages From Past Week ========

    14/02/2011 12:29:35 AM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
    14/02/2011 12:04:31 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    14/02/2011 1:15:04 AM, Error: Service Control Manager [7000] - The Agere Modem Call Progress Audio service failed to start due to the following error: The system cannot find the file specified.
    14/02/2011 1:14:54 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    13/02/2011 9:12:18 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    12/02/2011 2:11:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    11/02/2011 11:57:39 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =========================================================================

    I don't see any AV program running.
    Please, install one of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
    Update, run full scan.
    Report on any findings.

    When done....

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. stoot64

    stoot64 TS Rookie Topic Starter

    I've installed Avira and run a check, and run the other two programs you asked.

    Here are the logs.



    Avira AntiVir Personal
    Report file date: Monday, 14 February 2011 15:20

    Scanning for 2397630 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows 7
    Windows version : (plain) [6.1.7600]
    Boot mode : Normally booted
    Username : a.caveney
    Computer name : ACAVENEY

    Version information:
    BUILD.DAT : 10.0.0.611 31824 Bytes 14/01/2011 13:42:00
    AVSCAN.EXE : 10.0.3.5 435368 Bytes 10/01/2011 03:23:31
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 1/04/2010 01:57:04
    LUKE.DLL : 10.0.3.2 104296 Bytes 10/01/2011 03:23:40
    LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 12:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 22:05:36
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 03:23:50
    VBASE002.VDF : 7.11.3.0 1950720 Bytes 9/02/2011 04:17:37
    VBASE003.VDF : 7.11.3.1 2048 Bytes 9/02/2011 04:17:37
    VBASE004.VDF : 7.11.3.2 2048 Bytes 9/02/2011 04:17:38
    VBASE005.VDF : 7.11.3.3 2048 Bytes 9/02/2011 04:17:38
    VBASE006.VDF : 7.11.3.4 2048 Bytes 9/02/2011 04:17:38
    VBASE007.VDF : 7.11.3.5 2048 Bytes 9/02/2011 04:17:39
    VBASE008.VDF : 7.11.3.6 2048 Bytes 9/02/2011 04:17:39
    VBASE009.VDF : 7.11.3.7 2048 Bytes 9/02/2011 04:17:40
    VBASE010.VDF : 7.11.3.8 2048 Bytes 9/02/2011 04:17:40
    VBASE011.VDF : 7.11.3.9 2048 Bytes 9/02/2011 04:17:40
    VBASE012.VDF : 7.11.3.10 2048 Bytes 9/02/2011 04:17:41
    VBASE013.VDF : 7.11.3.11 2048 Bytes 9/02/2011 04:17:41
    VBASE014.VDF : 7.11.3.12 2048 Bytes 9/02/2011 04:17:41
    VBASE015.VDF : 7.11.3.13 2048 Bytes 9/02/2011 04:17:42
    VBASE016.VDF : 7.11.3.14 2048 Bytes 9/02/2011 04:17:42
    VBASE017.VDF : 7.11.3.15 2048 Bytes 9/02/2011 04:17:43
    VBASE018.VDF : 7.11.3.16 2048 Bytes 9/02/2011 04:17:43
    VBASE019.VDF : 7.11.3.17 2048 Bytes 9/02/2011 04:17:43
    VBASE020.VDF : 7.11.3.18 2048 Bytes 9/02/2011 04:17:44
    VBASE021.VDF : 7.11.3.19 2048 Bytes 9/02/2011 04:17:44
    VBASE022.VDF : 7.11.3.20 2048 Bytes 9/02/2011 04:17:45
    VBASE023.VDF : 7.11.3.21 2048 Bytes 9/02/2011 04:17:45
    VBASE024.VDF : 7.11.3.22 2048 Bytes 9/02/2011 04:17:45
    VBASE025.VDF : 7.11.3.23 2048 Bytes 9/02/2011 04:17:46
    VBASE026.VDF : 7.11.3.24 2048 Bytes 9/02/2011 04:17:46
    VBASE027.VDF : 7.11.3.25 2048 Bytes 9/02/2011 04:17:47
    VBASE028.VDF : 7.11.3.26 2048 Bytes 9/02/2011 04:17:47
    VBASE029.VDF : 7.11.3.27 2048 Bytes 9/02/2011 04:17:47
    VBASE030.VDF : 7.11.3.28 2048 Bytes 9/02/2011 04:17:48
    VBASE031.VDF : 7.11.3.53 128000 Bytes 13/02/2011 04:17:53
    Engineversion : 8.2.4.166
    AEVDF.DLL : 8.1.2.1 106868 Bytes 10/01/2011 03:23:26
    AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 14/02/2011 04:20:17
    AESCN.DLL : 8.1.7.2 127349 Bytes 10/01/2011 03:23:26
    AESBX.DLL : 8.1.3.2 254324 Bytes 10/01/2011 03:23:26
    AERDL.DLL : 8.1.9.2 635252 Bytes 10/01/2011 03:23:25
    AEPACK.DLL : 8.2.4.9 512374 Bytes 14/02/2011 04:20:01
    AEOFFICE.DLL : 8.1.1.16 205179 Bytes 14/02/2011 04:19:45
    AEHEUR.DLL : 8.1.2.76 3273078 Bytes 14/02/2011 04:19:39
    AEHELP.DLL : 8.1.16.1 246134 Bytes 14/02/2011 04:18:22
    AEGEN.DLL : 8.1.5.2 397683 Bytes 14/02/2011 04:18:17
    AEEMU.DLL : 8.1.3.0 393589 Bytes 10/01/2011 03:23:18
    AECORE.DLL : 8.1.19.2 196983 Bytes 14/02/2011 04:18:07
    AEBB.DLL : 8.1.1.0 53618 Bytes 10/01/2011 03:23:18
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 10/01/2011 03:23:32
    AVPREF.DLL : 10.0.0.0 44904 Bytes 10/01/2011 03:23:30
    AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 03:27:13
    AVREG.DLL : 10.0.3.2 53096 Bytes 10/01/2011 03:23:31
    AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10/01/2011 03:23:31
    AVARKT.DLL : 10.0.22.6 231784 Bytes 10/01/2011 03:23:27
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10/01/2011 03:23:28
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 03:27:22
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 10/01/2011 03:23:31
    NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 03:27:21
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 02:10:20
    RCTEXT.DLL : 10.0.58.0 97128 Bytes 10/01/2011 03:23:52

    Configuration settings for the scan:
    Jobname.............................: Short system scan after installation
    Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: off
    Integrity checking of system files..: off
    Scan all files......................: Intelligent file selection
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: Monday, 14 February 2011 15:20

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
    Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avconfig.exe' - '1' Module(s) have been scanned
    Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'conhost.exe' - '1' Module(s) have been scanned
    Scan process 'avshadow.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'setup.exe' - '1' Module(s) have been scanned
    Scan process 'presetup.exe' - '1' Module(s) have been scanned
    Scan process 'avira_antivir_personal_en(3).exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'taskhost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'hphc_service.exe' - '1' Module(s) have been scanned
    Scan process 'CCC.exe' - '1' Module(s) have been scanned
    Scan process 'MOM.exe' - '1' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
    Scan process 'Com4QLBEx.exe' - '1' Module(s) have been scanned
    Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
    Scan process 'VirtuaGirl_Downloader.exe' - '1' Module(s) have been scanned
    Scan process 'PCCompanionInfo.exe' - '1' Module(s) have been scanned
    Scan process 'vghd.exe' - '1' Module(s) have been scanned
    Scan process 'PCCompanion.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPHelper.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuschd2.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'QLBCtrl.exe' - '1' Module(s) have been scanned
    Scan process 'sttray.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'taskhost.exe' - '1' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
    Scan process 'Dwm.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
    Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'IJPLMSVC.EXE' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'aestsrv.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'atieclxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'STacSV.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'atiesrxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:

    Starting to scan executable files (registry).
    The registry was scanned ( '542' files ).



    End of the scan: Monday, 14 February 2011 15:21
    Used time: 00:24 Minute(s)

    The scan has been done completely.

    0 Scanned directories
    1045 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    1045 Files not concerned
    3 Archives were scanned
    0 Warnings
    0 Notes



    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: Hewlett-Packard
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: Presario CQ61 Notebook PC
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 206):
    0x82C05000 \SystemRoot\system32\ntkrnlpa.exe
    0x83015000 \SystemRoot\system32\halmacpi.dll
    0x80BB2000 \SystemRoot\system32\kdcom.dll
    0x83218000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x83223000 \SystemRoot\system32\PSHED.dll
    0x83234000 \SystemRoot\system32\BOOTVID.dll
    0x8323C000 \SystemRoot\system32\CLFS.SYS
    0x8327E000 \SystemRoot\system32\CI.dll
    0x83329000 \SystemRoot\System32\drivers\dyhiykgq.sys
    0x83337000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x833A8000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x833B6000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x83200000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x83209000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x8CC36000 \SystemRoot\system32\DRIVERS\pci.sys
    0x8CC60000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x8CC6B000 \SystemRoot\System32\Drivers\fsyjzzan.sys
    0x8CD2D000 \SystemRoot\system32\DRIVERS\isapnp.sys
    0x8CD3C000 \SystemRoot\system32\DRIVERS\mpio.sys
    0x8CD60000 \SystemRoot\System32\drivers\partmgr.sys
    0x8CD71000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x8CD79000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x8CD84000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x8CD94000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8CDDF000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x8CDE6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x8CDF4000 \SystemRoot\system32\DRIVERS\aliide.sys
    0x8CC00000 \SystemRoot\system32\DRIVERS\amdide.sys
    0x8CC07000 \SystemRoot\system32\DRIVERS\cmdide.sys
    0x8CC0F000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8CE3B000 \SystemRoot\system32\DRIVERS\msdsm.sys
    0x8CE5B000 \SystemRoot\system32\DRIVERS\nvraid.sys
    0x8CE7A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x8CE9F000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x8CEA6000 \SystemRoot\system32\DRIVERS\viaide.sys
    0x8CEAE000 \SystemRoot\system32\DRIVERS\iaStorV.sys
    0x8CF89000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x8CF92000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x8CFB5000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
    0x8D009000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8D050000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x8D05A000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
    0x8D06D000 \SystemRoot\system32\DRIVERS\adp94xx.sys
    0x8D0D7000 \SystemRoot\system32\DRIVERS\adpahci.sys
    0x8D123000 \SystemRoot\system32\DRIVERS\adpu320.sys
    0x8D149000 \SystemRoot\system32\DRIVERS\djsvs.sys
    0x8D15D000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0x8D183000 \SystemRoot\system32\DRIVERS\amdsata.sys
    0x8D19A000 \SystemRoot\system32\DRIVERS\amdsbs.sys
    0x8D1D7000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x8D1E0000 \SystemRoot\system32\DRIVERS\arc.sys
    0x8CFCD000 \SystemRoot\system32\DRIVERS\arcsas.sys
    0x8D238000 \SystemRoot\system32\DRIVERS\elxstor.sys
    0x8D2AB000 \SystemRoot\system32\DRIVERS\iirsp.sys
    0x8D2BB000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
    0x8D2D5000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
    0x8D2E5000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
    0x8D2FF000 \SystemRoot\system32\DRIVERS\megasas.sys
    0x8D30A000 \SystemRoot\system32\DRIVERS\MegaSR.sys
    0x8D39C000 \SystemRoot\system32\DRIVERS\nfrd960.sys
    0x8D3AA000 \SystemRoot\system32\DRIVERS\nvstor.sys
    0x8D402000 \SystemRoot\system32\DRIVERS\ql2300.sys
    0x8D581000 \SystemRoot\system32\DRIVERS\ql40xx.sys
    0x8D5D6000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
    0x8D5E3000 \SystemRoot\system32\DRIVERS\sisraid4.sys
    0x8D3CF000 \SystemRoot\system32\DRIVERS\vsmraid.sys
    0x8D200000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8CFE5000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8D626000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8D755000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8D780000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8D793000 \SystemRoot\System32\Drivers\cng.sys
    0x8D7F0000 \SystemRoot\System32\drivers\pcw.sys
    0x8D600000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8D81A000 \SystemRoot\system32\drivers\ndis.sys
    0x8D8D1000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8D90F000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x8DA29000 \SystemRoot\System32\drivers\tcpip.sys
    0x8DB72000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8DBA3000 \SystemRoot\system32\DRIVERS\wd.sys
    0x8DBAB000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x8DBEA000 \SystemRoot\system32\DRIVERS\stexstor.sys
    0x8DBF3000 \SystemRoot\System32\Drivers\spldr.sys
    0x8DA00000 \SystemRoot\system32\DRIVERS\sbp2port.sys
    0x8D934000 \SystemRoot\System32\drivers\rdyboost.sys
    0x8DA18000 \SystemRoot\System32\Drivers\mup.sys
    0x8D961000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x8D969000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8D99B000 \SystemRoot\system32\DRIVERS\disk.sys
    0x8D9AC000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
    0x8CE00000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8D9E7000 \SystemRoot\System32\Drivers\Null.SYS
    0x8D9EE000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8D800000 \SystemRoot\System32\drivers\vga.sys
    0x92C3D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x92C5E000 \SystemRoot\System32\drivers\watchdog.sys
    0x92C6B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x92C73000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x92C7B000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x92C83000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x92C8E000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x92C9C000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x92CB3000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x92CBE000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x92CF0000 \SystemRoot\system32\drivers\afd.sys
    0x92D4A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x92D51000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x92D70000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x92D81000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x92D8F000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x92DA2000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
    0x92DAB000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
    0x92DCD000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x92E1A000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x92E5B000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x92E65000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x92E6F000 \SystemRoot\System32\drivers\discache.sys
    0x92E7B000 \SystemRoot\System32\Drivers\dfsc.sys
    0x92E93000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x92EA1000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x92EC2000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x9323E000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x92ED3000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x93753000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x9378C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x93000000 \SystemRoot\system32\DRIVERS\athr.sys
    0x93123000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x9312D000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
    0x93159000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x93163000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x931AE000 \SystemRoot\system32\DRIVERS\usbfilter.sys
    0x931B4000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x931B6000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x931C5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x931DD000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
    0x931E6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x937AB000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x931F3000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x937E6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x937EA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x937F3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x93200000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x93212000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x9322A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x92F8A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x92FAC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x92FC4000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x92FDB000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x92E00000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
    0x93235000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x92C00000 \SystemRoot\system32\DRIVERS\ks.sys
    0x92FF2000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x93C09000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x93C33000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x93C77000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x93C88000 \SystemRoot\system32\drivers\AtiHdmi.sys
    0x93CA5000 \SystemRoot\system32\drivers\portcls.sys
    0x93CD4000 \SystemRoot\system32\drivers\drmk.sys
    0x93CED000 \SystemRoot\system32\DRIVERS\stwrt.sys
    0x95A12000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0x95B2E000 \SystemRoot\system32\drivers\modem.sys
    0x95B3B000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x95B46000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x95B59000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x82150000 \SystemRoot\System32\win32k.sys
    0x95B60000 \SystemRoot\System32\drivers\Dxapi.sys
    0x95B6A000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x95B80000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x95B8B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x95BA2000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x95BC6000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x95BD3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x95BDE000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x95BE8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x95A00000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x823B0000 \SystemRoot\System32\TSDDD.dll
    0x823E0000 \SystemRoot\System32\cdd.dll
    0x82000000 \SystemRoot\System32\ATMFD.DLL
    0x93D55000 \SystemRoot\system32\drivers\luafv.sys
    0x93D70000 \SystemRoot\system32\drivers\WudfPf.sys
    0x93D8A000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x93D9A000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x93DE0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x92DDD000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9BA36000 \SystemRoot\system32\drivers\HTTP.sys
    0x9BABB000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9BAD4000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9BAE6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9BB09000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9BB44000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9BB5F000 \SystemRoot\system32\drivers\peauth.sys
    0x9BBF6000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9BA00000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9BA21000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9D219000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9D268000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9D2B9000 \SystemRoot\system32\drivers\tdtcp.sys
    0x9D2C3000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
    0x9D2D0000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0x9D36B000 \??\C:\Users\A6DF6~1.CAV\AppData\Local\Temp\mbr.sys
    0x9D301000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x9D327000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x76F70000 \Windows\System32\ntdll.dll
    0x47750000 \Windows\System32\smss.exe
    0x771B0000 \Windows\System32\apisetschema.dll
    0x00CA0000 \Windows\System32\autochk.exe

    Processes (total 69):
    0 System Idle Process
    4 System
    240 C:\Windows\System32\smss.exe
    344 csrss.exe
    420 C:\Windows\System32\wininit.exe
    432 csrss.exe
    476 C:\Windows\System32\services.exe
    492 C:\Windows\System32\lsass.exe
    500 C:\Windows\System32\lsm.exe
    600 C:\Windows\System32\svchost.exe
    676 C:\Windows\System32\winlogon.exe
    724 C:\Windows\System32\svchost.exe
    760 C:\Windows\System32\atiesrxx.exe
    868 C:\Windows\System32\svchost.exe
    928 C:\Windows\System32\svchost.exe
    964 C:\Windows\System32\svchost.exe
    1008 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe
    1272 C:\Windows\System32\svchost.exe
    1356 C:\Windows\System32\atieclxx.exe
    1384 C:\Windows\System32\svchost.exe
    1536 C:\Windows\System32\svchost.exe
    1608 C:\Windows\System32\spoolsv.exe
    1724 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe
    1756 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1780 C:\Program Files\Bonjour\mDNSResponder.exe
    1832 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    1864 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1904 C:\Program Files\CyberLink\Shared files\RichVideo.exe
    1924 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    1976 C:\Windows\System32\svchost.exe
    2004 C:\Windows\System32\svchost.exe
    2244 C:\Windows\System32\svchost.exe
    2584 C:\Windows\System32\dwm.exe
    2640 C:\Windows\explorer.exe
    2680 C:\Windows\System32\taskhost.exe
    2944 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2960 C:\Program Files\IDT\WDM\sttray.exe
    2980 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    3004 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3012 C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
    3024 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3164 WmiPrvSE.exe
    3180 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
    3276 C:\Users\a.caveney\AppData\Local\vghd\bin\vghd.exe
    3320 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
    3404 C:\Users\a.caveney\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe
    3460 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    3596 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    3636 C:\Windows\System32\SearchIndexer.exe
    3932 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    4008 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    2820 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    148 C:\Windows\System32\svchost.exe
    3528 C:\Windows\System32\svchost.exe
    308 C:\Windows\System32\wuauclt.exe
    2792 C:\Windows\System32\svchost.exe
    3148 C:\Windows\System32\taskhost.exe
    3096 C:\Program Files\Mozilla Firefox\firefox.exe
    3512 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    2464 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2480 C:\Windows\System32\conhost.exe
    984 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    808 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2432 C:\Program Files\Mozilla Firefox\plugin-container.exe
    2076 C:\Windows\System32\SearchProtocolHost.exe
    1088 C:\Windows\System32\dllhost.exe
    2052 C:\Windows\System32\SearchFilterHost.exe
    3928 C:\Users\a.caveney\Desktop\MBRCheck.exe
    1328 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`6bd00000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000074`6a400000 (FAT32)

    PhysicalDrive0 Model Number: ST9500420AS, Rev: 0006HPM1

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 7075410786CD262C1DA407F0E53E4BA89C80D2E7


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!


    ComboFix 11-02-13.01 - a.caveney 14/02/2011 15:27:57.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3580.2694 [GMT 11:00]
    Running from: c:\users\a.caveney\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\a.caveney\AppData\Local\{48B0D77B-DCA1-4D95-8936-9CFC93B6CA58}
    c:\users\a.caveney\AppData\Local\{48B0D77B-DCA1-4D95-8936-9CFC93B6CA58}\chrome.manifest
    c:\users\a.caveney\AppData\Local\{48B0D77B-DCA1-4D95-8936-9CFC93B6CA58}\chrome\content\_cfg.js
    c:\users\a.caveney\AppData\Local\{48B0D77B-DCA1-4D95-8936-9CFC93B6CA58}\chrome\content\overlay.xul
    c:\users\a.caveney\AppData\Local\{48B0D77B-DCA1-4D95-8936-9CFC93B6CA58}\install.rdf
    c:\users\a.caveney\AppData\Roaming\completescan
    c:\users\a.caveney\AppData\Roaming\install
    c:\windows\system32\service
    c:\windows\system32\service\11062010_TIS17_SfFniAU.log

    .
    ((((((((((((((((((((((((( Files Created from 2011-01-14 to 2011-02-14 )))))))))))))))))))))))))))))))
    .

    2011-02-14 04:40 . 2011-02-14 04:41 -------- d-----w- c:\users\a.caveney\AppData\Local\temp
    2011-02-14 04:40 . 2011-02-14 04:40 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2011-02-14 04:40 . 2011-02-14 04:40 -------- d-----w- c:\users\Mcx1-ACAVENEY\AppData\Local\temp
    2011-02-14 04:40 . 2011-02-14 04:40 -------- d-----w- c:\users\Jukebox\AppData\Local\temp
    2011-02-14 04:40 . 2011-02-14 04:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-14 04:40 . 2011-02-14 04:40 -------- d-----w- c:\users\A6DF6~1~CAV\AppData\Local\temp
    2011-02-14 04:13 . 2011-02-14 04:13 -------- d-----w- c:\programdata\Avira
    2011-02-14 04:13 . 2011-02-14 04:13 -------- d-----w- c:\program files\Avira
    2011-02-14 04:13 . 2011-01-10 03:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-02-14 04:13 . 2011-01-10 03:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-02-13 13:24 . 2011-02-13 13:24 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-02-12 03:48 . 2008-08-06 05:22 114688 ----a-w- c:\program files\Mozilla Firefox\plugins\np32dsw.dll
    2011-02-12 03:45 . 2011-02-12 03:45 -------- d-----w- c:\programdata\FLEXnet
    2011-02-12 02:58 . 2011-02-12 02:58 -------- d-----w- c:\program files\Adobe Media Player
    2011-02-12 02:52 . 2011-02-12 02:52 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2011-02-12 02:45 . 2011-02-12 02:45 -------- d-----w- c:\program files\7-Zip
    2011-02-11 22:58 . 2011-02-11 22:58 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcB858.tmp
    2011-02-09 22:50 . 2011-02-13 14:15 7 ----a-w- c:\windows\treeskp.sys
    2011-02-09 22:50 . 2011-02-13 14:15 7 ----a-w- c:\windows\sbacknt.bin
    2011-02-09 22:50 . 2011-02-09 22:50 -------- d-----w- c:\users\a.caveney\AppData\Local\vghd
    2011-02-08 06:33 . 2011-02-08 06:47 -------- d-----w- c:\programdata\Sony Ericsson
    2011-02-08 06:33 . 2011-02-08 06:47 -------- d-----w- c:\program files\Sony Ericsson
    2011-01-31 16:36 . 2011-01-31 16:38 -------- d-----w- c:\program files\thriXXX
    2011-01-31 16:36 . 2011-01-31 16:36 -------- d-----w- c:\users\a.caveney\AppData\Roaming\thriXXX
    2011-01-30 03:57 . 2011-01-30 03:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2011-01-30 03:57 . 2011-01-30 03:57 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
    2011-01-19 10:56 . 2011-01-19 10:56 -------- d-----w- c:\program files\Common Files\Steam
    2011-01-19 10:56 . 2011-01-20 21:49 -------- d-----w- c:\program files\Steam
    2011-01-17 10:31 . 2011-01-17 10:31 -------- d-----w- C:\vikings
    2011-01-17 10:24 . 2011-01-17 10:26 -------- d-----w- C:\harry
    2011-01-17 10:24 . 2011-01-17 10:24 -------- d-----w- C:\Alien Carnage - Halloween Harry
    2011-01-17 10:21 . 2011-01-17 10:22 -------- d-----w- C:\Dalek
    2011-01-17 09:56 . 2011-01-18 23:57 -------- d-----w- c:\program files\DOSBox-0.74

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-14 08:40 . 2009-07-13 23:12 710720 ----a-w- c:\windows\system32\drivers\ndis.sys
    2011-01-17 10:18 . 2011-01-17 10:16 1020517 ----a-w- C:\Dalek Attack.zip
    2011-01-17 10:16 . 2011-01-17 10:10 2949558 ----a-w- C:\Alien Carnage - Halloween Harry.zip
    2011-01-17 10:14 . 2011-01-17 10:11 1624021 ----a-w- C:\Bio Menace.zip
    2011-01-17 09:56 . 2011-01-17 09:52 1812912 ----a-w- C:\spear-of-destiny.zip
    2011-01-17 09:56 . 2011-01-17 09:53 212870 ----a-w- C:\tyrian-2000.zip
    2011-01-17 09:54 . 2011-01-17 09:53 517299 ----a-w- C:\the-incredible-machine.zip
    2011-01-17 09:51 . 2011-01-17 09:47 1248617 ----a-w- C:\lost-vikings.zip
    2011-01-17 09:50 . 2011-01-17 09:48 1003683 ----a-w- C:\gods.zip
    2010-12-20 07:33 . 2010-04-14 04:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
    2010-12-20 07:09 . 2010-11-05 01:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 07:08 . 2010-11-05 01:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-15 08:36 . 2010-03-29 22:52 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2010-12-15 08:36 . 2010-04-14 04:44 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-01-05 424448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-22 458844]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

    c:\users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    DesktopVideoPlayer.lnk - c:\users\a.caveney\AppData\Local\vghd\bin\vghd.exe [2011-2-10 696320]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-4-28 113664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Users^a.caveney^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Gangsters2Setup.lnk]
    path=c:\users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gangsters2Setup.lnk
    backup=c:\windows\pss\Gangsters2Setup.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2009-03-24 02:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
    2009-07-23 18:04 498744 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 135664]
    R3 adxapie;adxapie;c:\users\A6DF6~1.CAV\AppData\Local\Temp\adxapie.sys [x]
    R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-03 17408]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-21 198656]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-08-05 143184]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-08-05 41936]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 176128]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 28344]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-08-05 100496]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - AVGNTFLT
    *NewlyCreated* - AVIPBB
    *Deregistered* - fsyjzzan

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-08-20 21:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 12:56]

    2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 12:56]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com?o=15442&l=dis
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\a.caveney\AppData\Roaming\Mozilla\Firefox\Profiles\swy5a2zf.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d21a506&v=6.011.025.001&i=26&tp=ab&iy=&ychte=au&lng=en-US&q=
    FF - prefs.js: network.proxy.type - 2
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: XULRunner: {0D3354DB-5D86-45F4-9D83-381040B0C0B2} - c:\windows\system32\config\systemprofile\AppData\Local\{0D3354DB-5D86-45F4-9D83-381040B0C0B2}
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    MSConfigStartUp-HPADVISOR - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    AddRemove-LSI Soft Modem - c:\windows\agrsmdel



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fsyjzzan]

    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3017484975-2806290812-2973588613-1000\Software\SecuROM\License information*]
    @Allowed: (Read) (RestrictedCode)
    "datasecu"=hex:18,68,64,7e,29,33,15,da,cd,6b,92,24,a9,e3,82,c6,49,1d,9f,ab,09,
    58,94,b4,64,c0,f6,10,a4,fe,0e,96,d2,fa,9f,6b,f8,11,d6,c8,a8,66,57,ed,70,1a,\
    "rkeysecu"=hex:8e,16,85,50,16,01,79,9a,0c,ea,a2,b1,52,b6,a5,b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-02-14 15:55:38
    ComboFix-quarantined-files.txt 2011-02-14 04:55

    Pre-Run: 200,051,146,752 bytes free
    Post-Run: 200,002,109,440 bytes free

    - - End Of File - - 9B04DCCCA9B6869875329B2E184C6410
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\treeskp.sys
    c:\windows\sbacknt.bin
    c:\users\A6DF6~1.CAV\AppData\Local\Temp\adxapie.sys
    
    
    Folder::
    c:\users\a.caveney\AppData\Local\vghd
    
    
    Driver::
    adxapie
    
    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fsyjzzan]
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  5. stoot64

    stoot64 TS Rookie Topic Starter

    Do I disable the AV software again?
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Yes..............
     
  7. stoot64

    stoot64 TS Rookie Topic Starter

    My bad, I didn't see point four.
     
  8. stoot64

    stoot64 TS Rookie Topic Starter

    I did what you said and it rebooted and disabled all my browsers, so I'm on my mum's pc now.

    Here's the log:

    ComboFix 11-02-13.01 - a.caveney 14/02/2011 16:36:34.2.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3580.2496 [GMT 11:00]
    Running from: c:\users\a.caveney\Desktop\ComboFix.exe
    Command switches used :: c:\users\a.caveney\Desktop\cfscript.txt
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point

    FILE ::
    "c:\users\A6DF6~1.CAV\AppData\Local\Temp\adxapie.sys"
    "c:\windows\sbacknt.bin"
    "c:\windows\treeskp.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\a.caveney\AppData\Local\vghd
    c:\users\a.caveney\AppData\Local\vghd\bin\D3DX9_43.dll
    c:\users\a.caveney\AppData\Local\vghd\bin\dxmodules.dll
    c:\users\a.caveney\AppData\Local\vghd\bin\msvcp100.dll
    c:\users\a.caveney\AppData\Local\vghd\bin\msvcr100.dll
    c:\users\a.caveney\AppData\Local\vghd\bin\System.dll
    c:\users\a.caveney\AppData\Local\vghd\bin\unins000.dat
    c:\users\a.caveney\AppData\Local\vghd\bin\unins000.exe
    c:\users\a.caveney\AppData\Local\vghd\bin\unins000.msg
    c:\users\a.caveney\AppData\Local\vghd\bin\uninstall.ico
    c:\users\a.caveney\AppData\Local\vghd\bin\vghd.exe
    c:\users\a.caveney\AppData\Local\vghd\bin\vghd.scr
    c:\users\a.caveney\AppData\Local\vghd\bin\vhd.dll
    c:\users\a.caveney\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe
    c:\users\a.caveney\AppData\Local\vghd\bin\Windows.dll
    c:\users\a.caveney\AppData\Local\vghd\bin\WindowsEx.dll
    c:\users\a.caveney\AppData\Local\vghd\data\a0108\a0108.vhddat
    c:\users\a.caveney\AppData\Local\vghd\data\a0108\a0108.vhddld
    c:\users\a.caveney\AppData\Local\vghd\data\a0108\a0108.vhdinf
    c:\users\a.caveney\AppData\Local\vghd\data\a0108\a0108c.jpg
    c:\users\a.caveney\AppData\Local\vghd\data\a0108\a0108d.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\a0108\a0108e.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\a0217\a0217.vhddat
    c:\users\a.caveney\AppData\Local\vghd\data\a0217\a0217.vhddld
    c:\users\a.caveney\AppData\Local\vghd\data\a0217\a0217.vhdinf
    c:\users\a.caveney\AppData\Local\vghd\data\a0217\a0217c.jpg
    c:\users\a.caveney\AppData\Local\vghd\data\a0217\a0217d.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\a0217\a0217e.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\a0321\a0321.vhddat
    c:\users\a.caveney\AppData\Local\vghd\data\a0321\a0321.vhddld
    c:\users\a.caveney\AppData\Local\vghd\data\a0321\a0321.vhdinf
    c:\users\a.caveney\AppData\Local\vghd\data\a0321\a0321c.jpg
    c:\users\a.caveney\AppData\Local\vghd\data\a0321\a0321d.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\a0321\a0321e.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\a0458\a0458.vhddat
    c:\users\a.caveney\AppData\Local\vghd\data\a0458\a0458.vhddld
    c:\users\a.caveney\AppData\Local\vghd\data\a0458\a0458.vhdinf
    c:\users\a.caveney\AppData\Local\vghd\data\a0458\a0458c.jpg
    c:\users\a.caveney\AppData\Local\vghd\data\a0458\a0458d.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\a0458\a0458e.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\a0460\a0460.vhddat
    c:\users\a.caveney\AppData\Local\vghd\data\a0460\a0460.vhddld
    c:\users\a.caveney\AppData\Local\vghd\data\a0460\a0460.vhdinf
    c:\users\a.caveney\AppData\Local\vghd\data\a0460\a0460c.jpg
    c:\users\a.caveney\AppData\Local\vghd\data\a0460\a0460d.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\a0460\a0460e.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\a0542\a0542.vhddat
    c:\users\a.caveney\AppData\Local\vghd\data\a0542\a0542.vhddld
    c:\users\a.caveney\AppData\Local\vghd\data\a0542\a0542.vhdinf
    c:\users\a.caveney\AppData\Local\vghd\data\a0542\a0542c.jpg
    c:\users\a.caveney\AppData\Local\vghd\data\a0542\a0542d.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\a0542\a0542e.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\a0666\a0666.vhddat
    c:\users\a.caveney\AppData\Local\vghd\data\a0666\a0666.vhddld
    c:\users\a.caveney\AppData\Local\vghd\data\a0666\a0666.vhdinf
    c:\users\a.caveney\AppData\Local\vghd\data\a0666\a0666c.jpg
    c:\users\a.caveney\AppData\Local\vghd\data\a0666\a0666d.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\a0666\a0666e.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\a0670\a0670.vhddat
    c:\users\a.caveney\AppData\Local\vghd\data\a0670\a0670.vhddld
    c:\users\a.caveney\AppData\Local\vghd\data\a0670\a0670.vhdinf
    c:\users\a.caveney\AppData\Local\vghd\data\a0670\a0670c.jpg
    c:\users\a.caveney\AppData\Local\vghd\data\a0670\a0670d.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\a0670\a0670e.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\club1_0.scd
    c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\club1_2.scd
    c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\floor.JPG
    c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\fond_hustler_01.jpg
    c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\fond_hustler_02.jpg
    c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\ico_scr.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\logo.BMP
    c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\sky1.jpg
    c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\sky2.jpg
    c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\slideshow\bkgd_01.jpg
    c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\slideshow\bkgd_03.jpg
    c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\slideshow\bkgd_05.jpg
    c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\slideshow\bkgd_07.jpg
    c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\slideshow\bkgd_21.jpg
    c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\slideshow\bkgd_28.jpg
    c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\slideshow\bkgd_34.jpg
    c:\users\a.caveney\AppData\Local\vghd\data\calendar.cld
    c:\users\a.caveney\AppData\Local\vghd\data\DLScript.cds
    c:\users\a.caveney\AppData\Local\vghd\data\License.txt
    c:\users\a.caveney\AppData\Local\vghd\data\models.lst
    c:\users\a.caveney\AppData\Local\vghd\data\newmodels.lst
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\back_register_congrats_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\backadvanced.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\backbmplist.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\backdelete.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\backenterpassword.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\background.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\background_licence.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\backmodels_border.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\backplaylist.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\backregister_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\backscreensaver.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\backsettings.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\backwarnbox.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_add_playlist_click_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_add_playlist_on_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_buy_click.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_buy_on.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_cancel_click_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_cancel_on_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_confirm_click.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_confirm_on.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_delete_playlist_click_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_delete_playlist_on_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_downloadtrailer_click_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_downloadtrailer_on_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_finish_click_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_finish_on_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_load_playlist_click_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_load_playlist_on_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_mini_cancel.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_mini_cancel_wait.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_mode.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_models.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_preview_click_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_preview_on_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_save_playlist_click_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_save_playlist_on_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_skins.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_toggle_click_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_toggle_on_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_whatsnew_click.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_whatsnew_on.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\calendar_nocard.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\checkbox.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\checkbox_fav.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\checkbox_models.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\checkbox_nok.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\checkbox_off.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\checkbox_off_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\checkbox_ok.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_delete.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_delete_on.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_download.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_download_off.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_play.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_play_on.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_playingnow.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_plus.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_plus_on.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_progressbar.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_progressbar_list.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\confirmbox.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\Demo_DL_off_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\Demo_DL_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\DL_Back_Reset.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\dl_internal.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\dl_nocard.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\dualscreen.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\empty_girl.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\empty_girl_small.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\favorite_small.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\Illus_startcollection_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\list_disabled.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\list_enabled.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\logo.BMP
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\magnify.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\multicard.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\multicard.jpg
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\oncard_player.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\plus.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\radio.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\register_sticker.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\shadow.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\show_DL_off_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\show_DL_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\slider.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_background.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_deleted.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_deleted_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_onstage_big_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_onstage_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_play.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_play_off.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_tomorrow_list_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_tomorrow_us.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_trailer.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_trailer_mini.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\thumb_notopmost.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\thumb_shadow.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\thumb_side1.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\thumb_side2.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\thumb_smallmode.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\tip_background.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\tip_background_small.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\tooltip_button.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\tooltip_button_click.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\tooltip_check_off.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\tooltip_check_on.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\tooltip_close.bmp
    c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\version.txt
    c:\users\a.caveney\AppData\Local\vghd\data\Vghd_info.log
    c:\users\a.caveney\AppData\Local\vghd\data\virtuagirllicense.txt.us
    c:\users\a.caveney\AppData\Local\vghd\data\virtuagirlredirect.cds
    c:\users\a.caveney\AppData\Local\vghd\models\a0108\a0108.vhdtrailers
    c:\users\a.caveney\AppData\Local\vghd\models\a0108\a0108_0103.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0108\a0108_1101.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0108\a0108_4102.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0217\a0217.vhdtrailers
    c:\users\a.caveney\AppData\Local\vghd\models\a0217\a0217_0101.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0217\a0217_1103.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0217\a0217_68102.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0321\a0321.vhdtrailers
    c:\users\a.caveney\AppData\Local\vghd\models\a0321\a0321_1201.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0321\a0321_2103.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0458\a0458.vhdtrailers
    c:\users\a.caveney\AppData\Local\vghd\models\a0458\a0458_32101.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0458\a0458_33103.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0458\a0458_4102.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0460\a0460.vhdtrailers
    c:\users\a.caveney\AppData\Local\vghd\models\a0460\a0460_32101.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0460\a0460_33103.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0460\a0460_36102.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0542\a0542.vhdtrailers
    c:\users\a.caveney\AppData\Local\vghd\models\a0542\a0542_1103.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0542\a0542_64101.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0542\a0542_68102.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0666\a0666.vhdtrailers
    c:\users\a.caveney\AppData\Local\vghd\models\a0666\a0666_1112.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0666\a0666_4111.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0666\a0666_64110.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0670\a0670.vhdtrailers
    c:\users\a.caveney\AppData\Local\vghd\models\a0670\a0670_0101.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0670\a0670_1103.demo
    c:\users\a.caveney\AppData\Local\vghd\models\a0670\a0670_68102.demo
    c:\windows\sbacknt.bin
    c:\windows\System32\config\systemprofile\AppData\Local\{0D3354DB-5D86-45F4-9D83-381040B0C0B2}
    c:\windows\System32\config\systemprofile\AppData\Local\{0D3354DB-5D86-45F4-9D83-381040B0C0B2}\chrome.manifest
    c:\windows\System32\config\systemprofile\AppData\Local\{0D3354DB-5D86-45F4-9D83-381040B0C0B2}\chrome\content\_cfg.js
    c:\windows\System32\config\systemprofile\AppData\Local\{0D3354DB-5D86-45F4-9D83-381040B0C0B2}\chrome\content\overlay.xul
    c:\windows\System32\config\systemprofile\AppData\Local\{0D3354DB-5D86-45F4-9D83-381040B0C0B2}\install.rdf
    c:\windows\treeskp.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_ADXAPIE
    -------\Service_adxapie


    ((((((((((((((((((((((((( Files Created from 2011-01-14 to 2011-02-14 )))))))))))))))))))))))))))))))
    .

    2011-02-14 05:46 . 2011-02-14 05:46 -------- d-----w- c:\users\Mcx1-ACAVENEY\AppData\Local\temp
    2011-02-14 05:46 . 2011-02-14 05:46 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-14 05:46 . 2011-02-14 05:58 -------- d-----w- c:\users\a.caveney\AppData\Local\temp
    2011-02-14 05:46 . 2011-02-14 05:46 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2011-02-14 05:46 . 2011-02-14 05:46 -------- d-----w- c:\users\Jukebox\AppData\Local\temp
    2011-02-14 05:46 . 2011-02-14 05:46 -------- d-----w- c:\users\A6DF6~1~CAV\AppData\Local\temp
    2011-02-14 05:34 . 2011-02-14 05:34 -------- d-----w- C:\32788R22FWJFW
    2011-02-14 04:13 . 2011-02-14 04:13 -------- d-----w- c:\programdata\Avira
    2011-02-14 04:13 . 2011-02-14 04:13 -------- d-----w- c:\program files\Avira
    2011-02-14 04:13 . 2011-01-10 03:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-02-14 04:13 . 2011-01-10 03:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-02-13 13:24 . 2011-02-13 13:24 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-02-12 03:48 . 2008-08-06 05:22 114688 ----a-w- c:\program files\Mozilla Firefox\plugins\np32dsw.dll
    2011-02-12 03:45 . 2011-02-12 03:45 -------- d-----w- c:\programdata\FLEXnet
    2011-02-12 02:58 . 2011-02-12 02:58 -------- d-----w- c:\program files\Adobe Media Player
    2011-02-12 02:52 . 2011-02-12 02:52 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2011-02-12 02:45 . 2011-02-12 02:45 -------- d-----w- c:\program files\7-Zip
    2011-02-11 22:58 . 2011-02-11 22:58 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcB858.tmp
    2011-02-08 06:33 . 2011-02-08 06:47 -------- d-----w- c:\programdata\Sony Ericsson
    2011-02-08 06:33 . 2011-02-08 06:47 -------- d-----w- c:\program files\Sony Ericsson
    2011-01-31 16:36 . 2011-01-31 16:38 -------- d-----w- c:\program files\thriXXX
    2011-01-31 16:36 . 2011-01-31 16:36 -------- d-----w- c:\users\a.caveney\AppData\Roaming\thriXXX
    2011-01-30 03:57 . 2011-01-30 03:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2011-01-30 03:57 . 2011-01-30 03:57 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
    2011-01-19 10:56 . 2011-01-19 10:56 -------- d-----w- c:\program files\Common Files\Steam
    2011-01-19 10:56 . 2011-01-20 21:49 -------- d-----w- c:\program files\Steam
    2011-01-17 10:31 . 2011-01-17 10:31 -------- d-----w- C:\vikings
    2011-01-17 10:24 . 2011-01-17 10:26 -------- d-----w- C:\harry
    2011-01-17 10:24 . 2011-01-17 10:24 -------- d-----w- C:\Alien Carnage - Halloween Harry
    2011-01-17 10:21 . 2011-01-17 10:22 -------- d-----w- C:\Dalek
    2011-01-17 09:56 . 2011-01-18 23:57 -------- d-----w- c:\program files\DOSBox-0.74

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-14 08:40 . 2009-07-13 23:12 710720 ----a-w- c:\windows\system32\drivers\ndis.sys
    2011-01-17 10:18 . 2011-01-17 10:16 1020517 ----a-w- C:\Dalek Attack.zip
    2011-01-17 10:16 . 2011-01-17 10:10 2949558 ----a-w- C:\Alien Carnage - Halloween Harry.zip
    2011-01-17 10:14 . 2011-01-17 10:11 1624021 ----a-w- C:\Bio Menace.zip
    2011-01-17 09:56 . 2011-01-17 09:52 1812912 ----a-w- C:\spear-of-destiny.zip
    2011-01-17 09:56 . 2011-01-17 09:53 212870 ----a-w- C:\tyrian-2000.zip
    2011-01-17 09:54 . 2011-01-17 09:53 517299 ----a-w- C:\the-incredible-machine.zip
    2011-01-17 09:51 . 2011-01-17 09:47 1248617 ----a-w- C:\lost-vikings.zip
    2011-01-17 09:50 . 2011-01-17 09:48 1003683 ----a-w- C:\gods.zip
    2010-12-20 07:33 . 2010-04-14 04:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
    2010-12-20 07:09 . 2010-11-05 01:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 07:08 . 2010-11-05 01:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-15 08:36 . 2010-03-29 22:52 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2010-12-15 08:36 . 2010-04-14 04:44 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-01-05 424448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-22 458844]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

    c:\users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    DesktopVideoPlayer.lnk - c:\users\a.caveney\AppData\Local\vghd\bin\vghd.exe [N/A]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-4-28 113664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Users^a.caveney^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Gangsters2Setup.lnk]
    path=c:\users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gangsters2Setup.lnk
    backup=c:\windows\pss\Gangsters2Setup.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2009-03-24 02:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
    2009-07-23 18:04 498744 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 135664]
    R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-03 17408]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-21 198656]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-08-05 143184]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-08-05 41936]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 176128]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 28344]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-08-05 100496]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - fsyjzzan

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-08-20 21:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 12:56]

    2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 12:56]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com?o=15442&l=dis
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\a.caveney\AppData\Roaming\Mozilla\Firefox\Profiles\swy5a2zf.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d21a506&v=6.011.025.001&i=26&tp=ab&iy=&ychte=au&lng=en-US&q=
    FF - prefs.js: network.proxy.type - 2
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-VirtuaGirl_is1 - c:\users\a.caveney\AppData\Local\vghd\bin\unins000.exe



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fsyjzzan]

    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3017484975-2806290812-2973588613-1000\Software\SecuROM\License information*]
    @Allowed: (Read) (RestrictedCode)
    "datasecu"=hex:18,68,64,7e,29,33,15,da,cd,6b,92,24,a9,e3,82,c6,49,1d,9f,ab,09,
    58,94,b4,64,c0,f6,10,a4,fe,0e,96,d2,fa,9f,6b,f8,11,d6,c8,a8,66,57,ed,70,1a,\
    "rkeysecu"=hex:8e,16,85,50,16,01,79,9a,0c,ea,a2,b1,52,b6,a5,b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
    c:\windows\system32\atieclxx.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Canon\IJPLM\IJPLMSVC.EXE
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\CyberLink\Shared files\RichVideo.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\windows\system32\sppsvc.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2011-02-14 17:03:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-14 06:03
    ComboFix2.txt 2011-02-14 04:55

    Pre-Run: 200,051,036,160 bytes free
    Post-Run: 199,887,843,328 bytes free

    - - End Of File - - 85C5D914FD66C6D25FAED2E5D2F22F69
     
  9. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\drivers\fsyjzzan.sys
    
    Rootkit::
    c:\windows\system32\drivers\fsyjzzan.sys
    
    Driver::
    fsyjzzan
    
    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fsyjzzan]
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  10. stoot64

    stoot64 TS Rookie Topic Starter

    ComboFix 11-02-13.01 - a.caveney 15/02/2011 17:03:19.3.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3580.2607 [GMT 11:00]
    Running from: c:\users\a.caveney\Desktop\ComboFix.exe
    Command switches used :: c:\users\a.caveney\Desktop\cfscript.txt
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point

    FILE ::
    "c:\windows\system32\drivers\fsyjzzan.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_FSYJZZAN
    -------\Service_fsyjzzan


    ((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 )))))))))))))))))))))))))))))))
    .

    2011-02-15 06:17 . 2011-02-15 06:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2011-02-15 06:17 . 2011-02-15 06:17 -------- d-----w- c:\users\Mcx1-ACAVENEY\AppData\Local\temp
    2011-02-15 06:17 . 2011-02-15 06:17 -------- d-----w- c:\users\Jukebox\AppData\Local\temp
    2011-02-15 06:17 . 2011-02-15 06:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-15 06:17 . 2011-02-15 06:17 -------- d-----w- c:\users\A6DF6~1~CAV\AppData\Local\temp
    2011-02-14 05:46 . 2011-02-15 06:22 -------- d-----w- c:\users\a.caveney\AppData\Local\temp
    2011-02-14 04:13 . 2011-02-14 04:13 -------- d-----w- c:\programdata\Avira
    2011-02-14 04:13 . 2011-02-14 04:13 -------- d-----w- c:\program files\Avira
    2011-02-14 04:13 . 2011-01-10 03:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-02-14 04:13 . 2011-01-10 03:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-02-13 13:24 . 2011-02-13 13:24 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-02-12 03:48 . 2008-08-06 05:22 114688 ----a-w- c:\program files\Mozilla Firefox\plugins\np32dsw.dll
    2011-02-12 03:45 . 2011-02-12 03:45 -------- d-----w- c:\programdata\FLEXnet
    2011-02-12 02:58 . 2011-02-12 02:58 -------- d-----w- c:\program files\Adobe Media Player
    2011-02-12 02:52 . 2011-02-12 02:52 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2011-02-12 02:45 . 2011-02-12 02:45 -------- d-----w- c:\program files\7-Zip
    2011-02-11 22:58 . 2011-02-11 22:58 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcB858.tmp
    2011-02-08 06:33 . 2011-02-08 06:47 -------- d-----w- c:\programdata\Sony Ericsson
    2011-02-08 06:33 . 2011-02-08 06:47 -------- d-----w- c:\program files\Sony Ericsson
    2011-01-31 16:36 . 2011-01-31 16:38 -------- d-----w- c:\program files\thriXXX
    2011-01-31 16:36 . 2011-01-31 16:36 -------- d-----w- c:\users\a.caveney\AppData\Roaming\thriXXX
    2011-01-30 03:57 . 2011-01-30 03:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2011-01-30 03:57 . 2011-01-30 03:57 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
    2011-01-19 10:56 . 2011-01-19 10:56 -------- d-----w- c:\program files\Common Files\Steam
    2011-01-19 10:56 . 2011-01-20 21:49 -------- d-----w- c:\program files\Steam
    2011-01-17 10:31 . 2011-01-17 10:31 -------- d-----w- C:\vikings
    2011-01-17 10:24 . 2011-01-17 10:26 -------- d-----w- C:\harry
    2011-01-17 10:24 . 2011-01-17 10:24 -------- d-----w- C:\Alien Carnage - Halloween Harry
    2011-01-17 10:21 . 2011-01-17 10:22 -------- d-----w- C:\Dalek
    2011-01-17 09:56 . 2011-01-18 23:57 -------- d-----w- c:\program files\DOSBox-0.74

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-15 06:18 . 2010-07-17 22:56 768000 ----a-w- c:\windows\system32\drivers\fsyjzzan.sys
    2011-02-14 08:40 . 2009-07-13 23:12 710720 ----a-w- c:\windows\system32\drivers\ndis.sys
    2011-01-17 10:18 . 2011-01-17 10:16 1020517 ----a-w- C:\Dalek Attack.zip
    2011-01-17 10:16 . 2011-01-17 10:10 2949558 ----a-w- C:\Alien Carnage - Halloween Harry.zip
    2011-01-17 10:14 . 2011-01-17 10:11 1624021 ----a-w- C:\Bio Menace.zip
    2011-01-17 09:56 . 2011-01-17 09:52 1812912 ----a-w- C:\spear-of-destiny.zip
    2011-01-17 09:56 . 2011-01-17 09:53 212870 ----a-w- C:\tyrian-2000.zip
    2011-01-17 09:54 . 2011-01-17 09:53 517299 ----a-w- C:\the-incredible-machine.zip
    2011-01-17 09:51 . 2011-01-17 09:47 1248617 ----a-w- C:\lost-vikings.zip
    2011-01-17 09:50 . 2011-01-17 09:48 1003683 ----a-w- C:\gods.zip
    2010-12-20 07:33 . 2010-04-14 04:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
    2010-12-20 07:09 . 2010-11-05 01:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 07:08 . 2010-11-05 01:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-15 08:36 . 2010-03-29 22:52 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2010-12-15 08:36 . 2010-04-14 04:44 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2011-02-14_04.41.20 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 04:55 . 2011-02-15 06:24 66278 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-02-19 05:16 . 2011-02-15 06:24 18538 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3017484975-2806290812-2973588613-1000_UserData.bin
    - 2010-01-16 08:35 . 2011-02-14 04:14 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-01-16 08:35 . 2011-02-15 06:19 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-01-16 08:35 . 2011-02-15 06:19 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-01-16 08:35 . 2011-02-14 04:14 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:41 . 2011-02-14 04:14 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:41 . 2011-02-15 06:19 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-02-19 05:20 . 2011-02-14 22:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-02-19 05:20 . 2011-02-14 01:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-02-19 05:20 . 2011-02-14 22:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-02-19 05:20 . 2011-02-14 01:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-02-14 07:36 . 2011-02-15 06:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-02-13 14:14 . 2011-02-13 14:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-02-13 14:14 . 2011-02-13 14:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-02-14 07:36 . 2011-02-15 06:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-02-24 12:09 . 2011-02-15 04:22 211972 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
    + 2010-02-19 22:33 . 2011-02-14 11:19 295122 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 02:03 . 2011-02-14 11:39 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:03 . 2011-02-14 00:57 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:05 . 2011-02-14 22:31 2434968 c:\windows\System32\perfh009.dat
    + 2009-07-14 02:05 . 2011-02-14 22:31 1022540 c:\windows\System32\perfc009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-01-05 424448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-22 458844]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

    c:\users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    DesktopVideoPlayer.lnk - c:\users\a.caveney\AppData\Local\vghd\bin\vghd.exe [N/A]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-4-28 113664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Users^a.caveney^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Gangsters2Setup.lnk]
    path=c:\users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gangsters2Setup.lnk
    backup=c:\windows\pss\Gangsters2Setup.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2009-03-24 02:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
    2009-07-23 18:04 498744 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-03 17408]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-21 198656]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 176128]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-08-20 21:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 12:56]

    2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 12:56]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com?o=15442&l=dis
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\a.caveney\AppData\Roaming\Mozilla\Firefox\Profiles\swy5a2zf.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d21a506&v=6.011.025.001&i=26&tp=ab&iy=&ychte=au&lng=en-US&q=
    FF - prefs.js: network.proxy.type - 2
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3017484975-2806290812-2973588613-1000\Software\SecuROM\License information*]
    @Allowed: (Read) (RestrictedCode)
    "datasecu"=hex:18,68,64,7e,29,33,15,da,cd,6b,92,24,a9,e3,82,c6,49,1d,9f,ab,09,
    58,94,b4,64,c0,f6,10,a4,fe,0e,96,d2,fa,9f,6b,f8,11,d6,c8,a8,66,57,ed,70,1a,\
    "rkeysecu"=hex:8e,16,85,50,16,01,79,9a,0c,ea,a2,b1,52,b6,a5,b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
    c:\windows\system32\atieclxx.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Canon\IJPLM\IJPLMSVC.EXE
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\system32\conhost.exe
    c:\program files\CyberLink\Shared files\RichVideo.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2011-02-15 17:26:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-15 06:26
    ComboFix2.txt 2011-02-14 06:03
    ComboFix3.txt 2011-02-14 04:55

    Pre-Run: 198,057,725,952 bytes free
    Post-Run: 197,965,279,232 bytes free

    - - End Of File - - C4418B04E0438E5172339E86AEE52AF7
     
  11. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\drivers\fsyjzzan.sys
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  12. stoot64

    stoot64 TS Rookie Topic Starter

    ComboFix 11-02-13.01 - a.caveney 16/02/2011 15:37:02.5.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3580.2595 [GMT 11:00]
    Running from: c:\users\a.caveney\Desktop\ComboFix.exe
    Command switches used :: c:\users\a.caveney\Desktop\cfscript.txt
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point

    FILE ::
    "c:\windows\system32\drivers\fsyjzzan.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\fsyjzzan.sys

    .
    ((((((((((((((((((((((((( Files Created from 2011-01-16 to 2011-02-16 )))))))))))))))))))))))))))))))
    .

    2011-02-16 04:48 . 2011-02-16 04:48 -------- d-----w- c:\users\a.caveney\AppData\Local\temp
    2011-02-16 04:48 . 2011-02-16 04:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2011-02-16 04:48 . 2011-02-16 04:48 -------- d-----w- c:\users\Mcx1-ACAVENEY\AppData\Local\temp
    2011-02-16 04:48 . 2011-02-16 04:48 -------- d-----w- c:\users\Jukebox\AppData\Local\temp
    2011-02-16 04:48 . 2011-02-16 04:48 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-16 04:48 . 2011-02-16 04:48 -------- d-----w- c:\users\A6DF6~1~CAV\AppData\Local\temp
    2011-02-14 04:13 . 2011-02-14 04:13 -------- d-----w- c:\programdata\Avira
    2011-02-14 04:13 . 2011-02-14 04:13 -------- d-----w- c:\program files\Avira
    2011-02-14 04:13 . 2011-01-10 03:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-02-14 04:13 . 2011-01-10 03:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-02-13 13:24 . 2011-02-13 13:24 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-02-12 03:48 . 2008-08-06 05:22 114688 ----a-w- c:\program files\Mozilla Firefox\plugins\np32dsw.dll
    2011-02-12 03:45 . 2011-02-12 03:45 -------- d-----w- c:\programdata\FLEXnet
    2011-02-12 02:58 . 2011-02-12 02:58 -------- d-----w- c:\program files\Adobe Media Player
    2011-02-12 02:52 . 2011-02-12 02:52 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2011-02-12 02:45 . 2011-02-12 02:45 -------- d-----w- c:\program files\7-Zip
    2011-02-11 22:58 . 2011-02-11 22:58 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcB858.tmp
    2011-02-08 06:33 . 2011-02-08 06:47 -------- d-----w- c:\programdata\Sony Ericsson
    2011-02-08 06:33 . 2011-02-08 06:47 -------- d-----w- c:\program files\Sony Ericsson
    2011-01-31 16:36 . 2011-01-31 16:38 -------- d-----w- c:\program files\thriXXX
    2011-01-31 16:36 . 2011-01-31 16:36 -------- d-----w- c:\users\a.caveney\AppData\Roaming\thriXXX
    2011-01-30 03:57 . 2011-01-30 03:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2011-01-30 03:57 . 2011-01-30 03:57 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
    2011-01-19 10:56 . 2011-01-19 10:56 -------- d-----w- c:\program files\Common Files\Steam
    2011-01-19 10:56 . 2011-01-20 21:49 -------- d-----w- c:\program files\Steam
    2011-01-17 10:31 . 2011-01-17 10:31 -------- d-----w- C:\vikings
    2011-01-17 10:24 . 2011-01-17 10:26 -------- d-----w- C:\harry
    2011-01-17 10:24 . 2011-01-17 10:24 -------- d-----w- C:\Alien Carnage - Halloween Harry
    2011-01-17 10:21 . 2011-01-17 10:22 -------- d-----w- C:\Dalek
    2011-01-17 09:56 . 2011-01-18 23:57 -------- d-----w- c:\program files\DOSBox-0.74

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-14 08:40 . 2009-07-13 23:12 710720 ----a-w- c:\windows\system32\drivers\ndis.sys
    2011-01-17 10:18 . 2011-01-17 10:16 1020517 ----a-w- C:\Dalek Attack.zip
    2011-01-17 10:16 . 2011-01-17 10:10 2949558 ----a-w- C:\Alien Carnage - Halloween Harry.zip
    2011-01-17 10:14 . 2011-01-17 10:11 1624021 ----a-w- C:\Bio Menace.zip
    2011-01-17 09:56 . 2011-01-17 09:52 1812912 ----a-w- C:\spear-of-destiny.zip
    2011-01-17 09:56 . 2011-01-17 09:53 212870 ----a-w- C:\tyrian-2000.zip
    2011-01-17 09:54 . 2011-01-17 09:53 517299 ----a-w- C:\the-incredible-machine.zip
    2011-01-17 09:51 . 2011-01-17 09:47 1248617 ----a-w- C:\lost-vikings.zip
    2011-01-17 09:50 . 2011-01-17 09:48 1003683 ----a-w- C:\gods.zip
    2010-12-20 07:33 . 2010-04-14 04:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
    2010-12-20 07:09 . 2010-11-05 01:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 07:08 . 2010-11-05 01:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-15 08:36 . 2010-03-29 22:52 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2010-12-15 08:36 . 2010-04-14 04:44 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-01-05 424448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-22 458844]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

    c:\users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    DesktopVideoPlayer.lnk - c:\users\a.caveney\AppData\Local\vghd\bin\vghd.exe [N/A]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-4-28 113664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Users^a.caveney^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Gangsters2Setup.lnk]
    path=c:\users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gangsters2Setup.lnk
    backup=c:\windows\pss\Gangsters2Setup.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2009-03-24 02:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
    2009-07-23 18:04 498744 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 135664]
    R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-03 17408]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-21 198656]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-08-05 143184]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-08-05 41936]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 176128]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 28344]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-08-05 100496]


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-08-20 21:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 12:56]

    2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 12:56]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com?o=15442&l=dis
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\a.caveney\AppData\Roaming\Mozilla\Firefox\Profiles\swy5a2zf.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d21a506&v=6.011.025.001&i=26&tp=ab&iy=&ychte=au&lng=en-US&q=
    FF - prefs.js: network.proxy.type - 2
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3017484975-2806290812-2973588613-1000\Software\SecuROM\License information*]
    @Allowed: (Read) (RestrictedCode)
    "datasecu"=hex:18,68,64,7e,29,33,15,da,cd,6b,92,24,a9,e3,82,c6,49,1d,9f,ab,09,
    58,94,b4,64,c0,f6,10,a4,fe,0e,96,d2,fa,9f,6b,f8,11,d6,c8,a8,66,57,ed,70,1a,\
    "rkeysecu"=hex:8e,16,85,50,16,01,79,9a,0c,ea,a2,b1,52,b6,a5,b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-02-16 15:50:23
    ComboFix-quarantined-files.txt 2011-02-16 04:50
    ComboFix2.txt 2011-02-16 03:59
    ComboFix3.txt 2011-02-15 06:26
    ComboFix4.txt 2011-02-14 06:03
    ComboFix5.txt 2011-02-16 04:35

    Pre-Run: 197,861,679,104 bytes free
    Post-Run: 197,822,947,328 bytes free

    - - End Of File - - FBC194BA7A832F2238F5777AE1F28AB7
     
  13. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Very good. It finally looks clean.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. stoot64

    stoot64 TS Rookie Topic Starter

    OTL logfile created on: 2/16/2011 9:26:13 PM - Run 2
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\a.caveney\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 453.49 Gb Total Space | 184.18 Gb Free Space | 40.61% Space Free | Partition Type: NTFS
    Drive D: | 11.98 Gb Total Space | 1.99 Gb Free Space | 16.63% Space Free | Partition Type: NTFS
    Drive E: | 99.02 Mb Total Space | 92.43 Mb Free Space | 93.35% Space Free | Partition Type: FAT32
    Drive F: | 599.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: ACAVENEY | User Name: a.caveney | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/02/16 16:32:59 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\a.caveney\Desktop\OTL.exe
    PRC - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2011/01/05 11:31:10 | 000,424,448 | ---- | M] (Sony Ericsson) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
    PRC - [2010/12/13 13:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/02/18 12:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2009/10/31 16:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/08/05 15:45:12 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2009/08/05 15:44:44 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2009/07/22 12:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2009/07/22 12:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe
    PRC - [2009/07/14 12:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/14 12:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2009/03/03 08:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe
    PRC - [2009/02/11 03:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/02/16 16:32:59 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\a.caveney\Desktop\OTL.exe
    MOD - [2009/07/14 12:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
    MOD - [2009/07/14 12:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
    MOD - [2009/07/14 12:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009/07/14 12:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll
    MOD - [2009/07/14 12:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll
    MOD - [2009/07/14 12:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009/07/14 12:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
    MOD - [2009/07/14 12:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll
    MOD - [2009/07/14 12:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009/07/14 12:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
    MOD - [2009/07/14 12:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
    MOD - [2009/07/14 12:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009/07/14 12:15:21 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
    MOD - [2009/07/14 12:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
    MOD - [2009/07/14 12:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
    MOD - [2009/07/14 12:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009/07/14 12:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll
    MOD - [2009/07/14 12:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009/07/14 12:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
    MOD - [2009/07/14 12:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
    MOD - [2009/07/14 12:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (AgereModemAudio)
    SRV - [2011/02/12 13:52:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/10/26 16:05:24 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/25 23:45:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/08/05 15:44:44 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2009/07/22 12:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe -- (STacSV)
    SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2009/07/14 12:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009/07/14 12:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009/07/14 12:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009/07/14 12:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009/07/14 12:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009/07/14 12:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009/07/14 12:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 12:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009/07/14 12:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009/07/14 12:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/14 12:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009/07/14 12:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/14 12:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009/07/14 12:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/14 12:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/14 12:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009/07/14 12:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009/07/14 12:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
    SRV - [2009/07/14 12:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009/07/14 12:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
    SRV - [2009/06/06 11:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/03/03 08:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe -- (AESTFilters)
    SRV - [2009/02/11 03:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/01/10 14:23:53 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/01/10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/08/05 14:08:04 | 000,100,496 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
    DRV - [2010/08/05 14:08:04 | 000,041,936 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
    DRV - [2010/08/05 14:08:02 | 000,143,184 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
    DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/05/27 23:32:58 | 000,245,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2009/12/11 18:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009/11/04 02:59:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
    DRV - [2009/10/21 18:16:08 | 000,198,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
    DRV - [2009/09/22 14:45:12 | 001,172,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/09/10 16:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2009/08/05 16:22:18 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009/07/24 18:48:00 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV - [2009/07/22 12:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2009/07/14 12:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009/07/14 12:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009/07/14 12:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009/07/14 12:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009/07/14 12:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009/07/14 12:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009/07/14 12:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009/07/14 12:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009/07/14 12:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009/07/14 12:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009/07/14 12:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009/07/14 12:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009/07/14 12:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009/07/14 12:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009/07/14 12:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009/07/14 12:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009/07/14 12:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009/07/14 12:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009/07/14 12:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009/07/14 12:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009/07/14 12:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009/07/14 12:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009/07/14 12:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009/07/14 12:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009/07/14 12:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009/07/14 12:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009/07/14 12:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009/07/14 12:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009/07/14 12:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/14 12:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009/07/14 12:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009/07/14 12:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009/07/14 12:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009/07/14 12:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009/07/14 12:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009/07/14 12:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009/07/14 12:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009/07/14 12:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009/07/14 11:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2009/07/14 11:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
    DRV - [2009/07/14 11:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009/07/14 10:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009/07/14 10:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009/07/14 10:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009/07/14 10:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
    DRV - [2009/07/14 10:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009/07/14 10:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
    DRV - [2009/07/14 10:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
    DRV - [2009/07/14 10:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2009/07/14 10:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009/07/14 10:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009/07/14 10:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\CompositeBus.sys -- (CompositeBus)
    DRV - [2009/07/14 10:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009/07/14 10:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009/07/14 10:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009/07/14 10:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009/07/14 10:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
    DRV - [2009/07/14 09:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/14 09:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
    DRV - [2009/07/14 09:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2009/07/14 09:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
    DRV - [2009/07/14 09:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009/07/14 09:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009/07/14 09:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
    DRV - [2009/07/14 09:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
    DRV - [2009/07/14 09:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
    DRV - [2009/07/14 09:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2009/07/14 09:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
    DRV - [2009/07/14 09:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009/07/14 09:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009/07/14 09:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2009/06/11 08:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2009/05/23 17:52:04 | 000,167,936 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
    DRV - [2009/05/05 16:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV - [2009/04/30 02:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2009/04/07 12:12:44 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/03/10 01:49:08 | 000,028,344 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
    DRV - [2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sonypvs1.sys -- (sonypvs1)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.jp.msn.com/CQALL/13
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.jp.msn.com/CQALL/13
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643



    IE - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15442&l=dis
    IE - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4d21a506&v=6.011.025.001&i=26&tp=ab&iy=&ychte=au&lng=en-US&q="
    FF - prefs.js..network.proxy.autoconfig_url: "http://pac.tafensw.edu.au/hit/hiproxy.pac"
    FF - prefs.js..network.proxy.type: 2

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/31 12:22:07 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/12 14:48:12 | 000,000,000 | ---D | M]

    [2010/02/20 02:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a.caveney\AppData\Roaming\Mozilla\Extensions
    [2010/03/10 01:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a.caveney\AppData\Roaming\Mozilla\Firefox\Profiles\swy5a2zf.default\extensions
    [2010/03/10 01:47:21 | 000,002,424 | ---- | M] () -- C:\Users\a.caveney\AppData\Roaming\Mozilla\Firefox\Profiles\swy5a2zf.default\searchplugins\askcom.xml
    [2011/02/16 16:23:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/19 00:10:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/04/12 18:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2006/08/09 21:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll

    O1 HOSTS File: ([2011/02/16 15:48:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
    O4 - Startup: C:\Users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 08:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2008/01/22 21:34:34 | 000,000,066 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
    NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()


    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/16 16:32:12 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\a.caveney\Desktop\OTL.exe
    [2011/02/16 15:50:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/02/16 15:50:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/02/16 15:50:25 | 000,000,000 | ---D | C] -- C:\Users\a.caveney\AppData\Local\temp
    [2011/02/16 15:35:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/02/14 16:35:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/02/14 16:35:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/02/14 16:35:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/02/14 15:26:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/02/14 15:25:28 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/02/14 15:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2011/02/14 15:13:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2011/02/14 15:13:14 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2011/02/14 15:13:14 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2011/02/14 15:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2011/02/14 15:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/02/14 00:29:30 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\a.caveney\Desktop\TFC.exe
    [2011/02/14 00:24:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2011/02/14 00:20:16 | 001,366,104 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\a.caveney\Desktop\TDSSKiller.exe
    [2011/02/12 14:48:55 | 000,000,000 | ---D | C] -- C:\Users\a.caveney\Documents\Adobe
    [2011/02/12 14:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
    [2011/02/12 13:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
    [2011/02/12 13:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
    [2011/02/12 13:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
    [2011/02/12 13:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2011/02/12 13:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2011/02/12 13:22:16 | 000,000,000 | ---D | C] -- C:\Users\a.caveney\Desktop\Adobe CS4
    [2011/02/10 09:50:37 | 000,000,000 | ---D | C] -- C:\Users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtuaGirl
    [2011/02/08 17:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
    [2011/02/08 17:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
    [2011/02/08 17:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
    [2011/02/01 03:38:08 | 000,000,000 | ---D | C] -- C:\Users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\thriXXX
    [2011/02/01 03:36:29 | 000,000,000 | ---D | C] -- C:\Users\a.caveney\AppData\Roaming\thriXXX
    [2011/02/01 03:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\thriXXX
    [2011/01/20 01:59:05 | 000,000,000 | ---D | C] -- C:\Users\a.caveney\Desktop\House MD Season 1
    [2011/01/19 21:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    [2011/01/19 21:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
    [2011/01/19 21:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
    [2011/01/17 21:31:53 | 000,000,000 | ---D | C] -- C:\vikings
    [1 C:\Users\a.caveney\Documents\*.tmp files -> C:\Users\a.caveney\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/02/16 21:13:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/02/16 21:13:47 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/02/16 17:36:35 | 000,023,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/02/16 17:36:35 | 000,023,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/02/16 17:33:40 | 002,537,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/02/16 17:33:40 | 001,074,584 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/02/16 17:29:26 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/02/16 17:29:03 | 2815,586,304 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/16 16:32:59 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\a.caveney\Desktop\OTL.exe
    [2011/02/16 15:48:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/02/14 15:19:52 | 000,080,384 | ---- | M] () -- C:\Users\a.caveney\Desktop\MBRCheck.exe
    [2011/02/14 15:13:24 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011/02/14 12:07:03 | 004,267,704 | R--- | M] () -- C:\Users\a.caveney\Desktop\ComboFix.exe
    [2011/02/14 00:58:49 | 000,296,448 | ---- | M] () -- C:\Users\a.caveney\Desktop\x98pbiv8.exe
    [2011/02/14 00:29:22 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\a.caveney\Desktop\TFC.exe
    [2011/02/12 17:38:44 | 002,372,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/02/12 14:58:19 | 000,001,277 | ---- | M] () -- C:\Users\a.caveney\Desktop\Adobe After Effects CS4.lnk
    [2011/02/12 10:01:48 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/02/11 15:24:38 | 000,153,149 | ---- | M] () -- C:\Users\Public\Documents\Untitled (5).wma
    [2011/02/10 11:08:26 | 001,366,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\a.caveney\Desktop\TDSSKiller.exe
    [2011/02/10 09:50:37 | 000,001,078 | ---- | M] () -- C:\Users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk
    [2011/02/09 09:12:37 | 000,441,104 | ---- | M] () -- C:\Users\a.caveney\Desktop\clocks 1.wav
    [2011/02/09 09:08:33 | 000,129,464 | ---- | M] () -- C:\Users\a.caveney\Desktop\kiddies.wav
    [2011/02/08 17:45:23 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
    [2011/02/01 23:40:15 | 002,338,821 | ---- | M] () -- C:\Users\a.caveney\Desktop\Steviescars.png
    [2011/02/01 09:47:05 | 000,019,454 | ---- | M] () -- C:\Users\a.caveney\Desktop\resume.docx
    [2011/01/25 21:55:17 | 027,377,384 | ---- | M] () -- C:\Users\a.caveney\Desktop\Come On Baby.wav
    [2011/01/25 21:46:42 | 026,269,004 | ---- | M] () -- C:\Users\a.caveney\Desktop\caroline.wav
    [2011/01/20 13:05:37 | 000,011,479 | ---- | M] () -- C:\Users\a.caveney\Desktop\muso poster.docx
    [2011/01/19 22:44:49 | 000,000,215 | ---- | M] () -- C:\Users\a.caveney\Desktop\Worms Reloaded.url
    [2011/01/19 22:39:26 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
    [1 C:\Users\a.caveney\Documents\*.tmp files -> C:\Users\a.caveney\Documents\*.tmp -> ]
     
  15. stoot64

    stoot64 TS Rookie Topic Starter

    ========== Files Created - No Company Name ==========

    [2011/02/14 16:35:05 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/02/14 16:35:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/02/14 16:35:05 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/02/14 16:35:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/02/14 16:35:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/02/14 15:22:42 | 000,080,384 | ---- | C] () -- C:\Users\a.caveney\Desktop\MBRCheck.exe
    [2011/02/14 15:13:24 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011/02/14 12:09:45 | 004,267,704 | R--- | C] () -- C:\Users\a.caveney\Desktop\ComboFix.exe
    [2011/02/14 00:59:26 | 000,296,448 | ---- | C] () -- C:\Users\a.caveney\Desktop\x98pbiv8.exe
    [2011/02/12 14:58:19 | 000,001,277 | ---- | C] () -- C:\Users\a.caveney\Desktop\Adobe After Effects CS4.lnk
    [2011/02/12 14:51:13 | 000,001,389 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mocha for After Effects CS4.lnk
    [2011/02/12 14:26:51 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk
    [2011/02/12 14:04:07 | 000,001,277 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS4.lnk
    [2011/02/12 14:02:06 | 000,001,057 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
    [2011/02/12 14:00:54 | 000,001,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS4.lnk
    [2011/02/12 13:59:46 | 000,002,285 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit.lnk
    [2011/02/12 13:55:10 | 000,001,241 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
    [2011/02/12 13:54:33 | 000,001,365 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
    [2011/02/12 10:01:48 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/02/11 15:24:38 | 000,153,149 | ---- | C] () -- C:\Users\Public\Documents\Untitled (5).wma
    [2011/02/10 09:50:37 | 000,001,078 | ---- | C] () -- C:\Users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk
    [2011/02/09 09:12:37 | 000,441,104 | ---- | C] () -- C:\Users\a.caveney\Desktop\clocks 1.wav
    [2011/02/09 09:08:33 | 000,129,464 | ---- | C] () -- C:\Users\a.caveney\Desktop\kiddies.wav
    [2011/02/08 17:34:01 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
    [2011/02/01 23:40:13 | 002,338,821 | ---- | C] () -- C:\Users\a.caveney\Desktop\Steviescars.png
    [2011/01/25 21:46:33 | 026,269,004 | ---- | C] () -- C:\Users\a.caveney\Desktop\caroline.wav
    [2011/01/25 21:10:22 | 027,377,384 | ---- | C] () -- C:\Users\a.caveney\Desktop\Come On Baby.wav
    [2011/01/20 13:05:36 | 000,011,479 | ---- | C] () -- C:\Users\a.caveney\Desktop\muso poster.docx
    [2011/01/19 21:56:43 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
    [2010/11/07 10:21:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/10/23 11:11:26 | 000,000,006 | ---- | C] () -- C:\Users\a.caveney\AppData\Roaming\start
    [2010/10/23 11:03:08 | 000,000,200 | ---- | C] () -- C:\Users\a.caveney\AppData\Roaming\35095.bat
    [2010/07/28 18:47:47 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010/07/28 18:47:47 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2010/07/20 14:40:36 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
    [2010/07/19 16:14:00 | 000,000,120 | ---- | C] () -- C:\Users\a.caveney\AppData\Local\Lpugusef.dat
    [2010/07/19 16:14:00 | 000,000,000 | ---- | C] () -- C:\Users\a.caveney\AppData\Local\Vwagezezocoh.bin
    [2010/06/29 14:18:17 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2010/05/11 15:16:20 | 000,003,584 | ---- | C] () -- C:\Users\a.caveney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/03/30 23:19:16 | 000,000,067 | ---- | C] () -- C:\Windows\wininit.ini
    [2010/03/30 16:06:00 | 000,000,359 | ---- | C] () -- C:\Users\a.caveney\AppData\Roaming\Gangsters2Setup.lnk
    [2010/03/15 20:48:14 | 000,003,247 | ---- | C] () -- C:\Users\a.caveney\AppData\Roaming\glide_wrapper.zbag.ini
    [2010/02/19 16:22:55 | 000,000,000 | ---- | C] () -- C:\Users\a.caveney\AppData\Local\QSwitch.txt
    [2010/02/19 16:22:55 | 000,000,000 | ---- | C] () -- C:\Users\a.caveney\AppData\Local\DSwitch.txt
    [2010/02/19 16:22:55 | 000,000,000 | ---- | C] () -- C:\Users\a.caveney\AppData\Local\AtStart.txt
    [2010/02/19 16:22:52 | 000,000,189 | ---- | C] () -- C:\ProgramData\HPWALog.txt
    [2010/01/16 19:47:09 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
    [2010/01/16 19:47:04 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2010/01/16 19:46:51 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2010/01/16 19:46:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2010/01/16 19:45:58 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2010/01/16 19:34:56 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2010/01/16 19:32:04 | 000,000,282 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
    [2010/01/16 19:32:04 | 000,000,223 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini
    [2009/10/31 14:50:59 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2009/10/31 14:47:48 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2009/10/31 14:46:53 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2009/10/31 14:46:26 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/07/14 10:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2005/06/20 03:45:22 | 000,258,048 | ---- | C] () -- C:\Windows\glide3x.dll
    [2005/06/20 03:45:18 | 000,262,144 | ---- | C] () -- C:\Windows\glide2x.dll
    [2002/08/08 10:13:02 | 000,319,488 | R--- | C] () -- C:\Users\a.caveney\AppData\Roaming\MafiaSetup.exe
    [1997/06/14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

    ========== LOP Check ==========

    [2010/07/28 18:41:52 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\AnvSoft
    [2010/03/15 21:39:50 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\Atari
    [2010/04/30 17:55:14 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\Audacity
    [2011/01/03 21:30:35 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\AVG10
    [2011/02/16 18:26:08 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\BitTorrent
    [2010/03/07 09:28:47 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\Facebook
    [2010/02/21 22:09:46 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\GOL_byHasbro
    [2010/04/13 03:28:03 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\gtk-2.0
    [2010/12/21 19:02:58 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\Guitar Pro 6
    [2010/02/21 08:38:32 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\Leadertech
    [2010/07/20 14:45:58 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\Motorola
    [2010/05/13 02:24:19 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\muvee Technologies
    [2010/07/17 00:40:28 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\Scrabble Plus
    [2010/04/30 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\Steinberg
    [2011/02/01 03:36:29 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\thriXXX
    [2010/05/06 19:40:37 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\Vodafone
    [2010/02/19 17:15:47 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\WildTangent
    [2010/03/06 09:50:19 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\WildTangentv1001
    [2011/02/13 11:16:24 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/01/17 21:16:29 | 002,949,558 | ---- | M] () -- C:\Alien Carnage - Halloween Harry.zip
    [2009/06/11 08:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2011/01/17 21:14:30 | 001,624,021 | ---- | M] () -- C:\Bio Menace.zip
    [2009/07/14 12:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2011/02/16 15:50:24 | 000,014,196 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/11 08:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/01/17 21:18:55 | 001,020,517 | ---- | M] () -- C:\Dalek Attack.zip
    [2011/01/17 20:50:25 | 001,003,683 | ---- | M] () -- C:\gods.zip
    [2011/02/16 17:29:03 | 2815,586,304 | -HS- | M] () -- C:\hiberfil.sys
    [2010/03/23 00:23:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/01/17 20:51:04 | 001,248,617 | ---- | M] () -- C:\lost-vikings.zip
    [2010/03/23 00:23:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/02/16 17:29:10 | 3754,115,072 | -HS- | M] () -- C:\pagefile.sys
    [2011/01/17 20:56:58 | 001,812,912 | ---- | M] () -- C:\spear-of-destiny.zip
    [2011/02/14 00:20:57 | 000,010,798 | ---- | M] () -- C:\TDSSKiller.2.4.17.0_14.02.2011_00.20.24_log.txt
    [2011/02/14 00:24:45 | 000,201,964 | ---- | M] () -- C:\TDSSKiller.2.4.17.0_14.02.2011_00.22.51_log.txt
    [2011/01/17 20:54:12 | 000,517,299 | ---- | M] () -- C:\the-incredible-machine.zip
    [2011/01/17 20:56:06 | 000,212,870 | ---- | M] () -- C:\tyrian-2000.zip

    < %systemroot%\Fonts\*.com >
    [2009/07/14 15:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 15:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 15:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 15:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/11 08:31:19 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2010/04/24 06:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD9X.DLL
    [2010/04/24 06:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP9X.DLL
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
    [2009/07/14 12:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010/12/19 13:09:54 | 000,001,686 | -HS- | M] () -- C:\Users\a.caveney\AppData\Roaming\Microsoft\LastFlashConfig.wfc

    < %PROGRAMFILES%\*.* >
    [2009/07/14 15:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/02/19 19:28:34 | 000,000,221 | -HS- | M] () -- C:\Users\a.caveney\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/02/14 12:07:03 | 004,267,704 | R--- | M] () -- C:\Users\a.caveney\Desktop\ComboFix.exe
    [2011/02/14 15:19:52 | 000,080,384 | ---- | M] () -- C:\Users\a.caveney\Desktop\MBRCheck.exe
    [2011/02/16 16:32:59 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\a.caveney\Desktop\OTL.exe
    [2011/02/10 11:08:26 | 001,366,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\a.caveney\Desktop\TDSSKiller.exe
    [2011/02/14 00:29:22 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\a.caveney\Desktop\TFC.exe
    [2011/02/14 00:58:49 | 000,296,448 | ---- | M] () -- C:\Users\a.caveney\Desktop\x98pbiv8.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/11 08:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/05/06 19:40:25 | 000,000,402 | -HS- | M] () -- C:\Users\a.caveney\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/03/17 11:53:29 | 000,000,189 | ---- | M] () -- C:\ProgramData\HPWALog.txt
    [2010/11/07 10:21:45 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2010/01/16 19:47:04 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2009/10/31 14:51:32 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2010/01/16 19:46:33 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2009/10/31 14:47:40 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2010/01/16 19:45:58 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2010/01/16 19:46:51 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2009/10/31 14:46:47 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2009/10/31 14:50:53 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2010/01/16 19:47:11 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/11 08:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/05/06 19:40:25 | 000,000,402 | -HS- | M] () -- C:\Users\a.caveney\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/03/17 11:53:29 | 000,000,189 | ---- | M] () -- C:\ProgramData\HPWALog.txt
    [2010/11/07 10:21:45 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2010/01/16 19:47:04 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2009/10/31 14:51:32 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2010/01/16 19:46:33 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2009/10/31 14:47:40 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2010/01/16 19:45:58 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2010/01/16 19:46:51 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2009/10/31 14:46:47 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2009/10/31 14:50:53 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2010/01/16 19:47:11 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2

    < End of report >
     
  16. stoot64

    stoot64 TS Rookie Topic Starter

    OTL Extras logfile created on: 2/16/2011 4:34:13 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\a.caveney\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 453.49 Gb Total Space | 184.32 Gb Free Space | 40.64% Space Free | Partition Type: NTFS
    Drive D: | 11.98 Gb Total Space | 1.99 Gb Free Space | 16.63% Space Free | Partition Type: NTFS
    Drive E: | 99.02 Mb Total Space | 92.43 Mb Free Space | 93.35% Space Free | Partition Type: FAT32
    Drive F: | 599.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: ACAVENEY | User Name: a.caveney | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation
    "{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
    "{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
    "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 20
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
    "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
    "{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish
    "{50A8D956-ABD1-9DF1-5243-45E10ACA3334}" = ccc-utility
    "{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
    "{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
    "{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian
    "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish
    "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian
    "{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish
    "{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}" = HP Support Assistant
    "{75BF5A99-74C9-FF8E-77B0-1DBA17A109BA}" = ATI Catalyst Install Manager
    "{764DC542-D3D1-49D4-9BA5-8C7DAD18DE8E}" = Oracle VM VirtualBox 3.2.8
    "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
    "{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French
    "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{85EAFAD8-9FDB-4343-82CE-29674C1AC6E1}" = SoftStylus
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
    "{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish
    "{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = The Godfather™ II
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech
    "{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.2 MUI
    "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
    "{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek
    "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
    "{BFE33B3C-0284-461D-97AC-3024281002B1}" = Carmageddon 2
    "{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian
    "{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
    "{D3F9E47A-1393-40B6-8662-2801E4BC752B}" = Scrabble PLUS
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard
    "{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.110
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "7-Zip" = 7-Zip 4.60 beta
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
    "Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "Belarc Advisor" = Belarc Advisor 8.1
    "BitTorrent" = BitTorrent
    "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    "CanonMyPrinter" = Canon Utilities My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "EAX Unified" = EAX Unified
    "GlidewrapZbag" = zeckensack's Glide wrapper (remove only)
    "Guitar Pro 6 (6.0.7 b2 r8924)" = Guitar Pro 6 (6.0.7 b2 r8924)
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "Intelli-studio" = SAMSUNG Intelli-studio
    "InterActual Player" = InterActual Player
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
    "PROHYBRIDR" = 2007 Microsoft Office system
    "StarCraft" = StarCraft
    "Steam App 22600" = Worms Reloaded
    "Steinberg Cubase LE" = Steinberg Cubase LE
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "thriXXX WebLaunch" = thriXXX WebLaunch
    "Update Engine" = Sony Ericsson Update Engine
    "Virgin Mobile" = Virgin Mobile
    "VLC media player" = VLC media player 1.1.2
    "Warcraft III" = Warcraft III
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In
    "Warcraft III" = Warcraft III: All Products

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/10/2011 2:41:21 AM | Computer Name = acaveney | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4961

    Error - 2/10/2011 3:44:30 AM | Computer Name = acaveney | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/10/2011 3:44:30 AM | Computer Name = acaveney | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4898

    Error - 2/10/2011 3:44:30 AM | Computer Name = acaveney | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4898

    Error - 2/10/2011 5:16:17 AM | Computer Name = acaveney | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/10/2011 5:16:17 AM | Computer Name = acaveney | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5024

    Error - 2/10/2011 5:16:17 AM | Computer Name = acaveney | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5024

    Error - 2/10/2011 8:55:39 AM | Computer Name = acaveney | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/10/2011 8:55:39 AM | Computer Name = acaveney | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5007

    Error - 2/10/2011 8:55:39 AM | Computer Name = acaveney | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5007

    [ Hewlett-Packard Events ]
    Error - 7/17/2010 7:26:13 AM | Computer Name = acaveney | Source = Hewlett-Packard | ID = 0
    Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
    Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
    System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 7/17/2010 7:26:14 AM | Computer Name = acaveney | Source = Hewlett-Packard | ID = 0
    Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
    Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
    System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 7/31/2010 7:17:28 AM | Computer Name = acaveney | Source = Hewlett-Packard | ID = 0
    Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
    Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
    System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 7/31/2010 7:17:28 AM | Computer Name = acaveney | Source = Hewlett-Packard | ID = 0
    Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
    Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
    System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 11/13/2010 8:24:42 PM | Computer Name = acaveney | Source = Hewlett-Packard | ID = 0
    Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
    Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
    System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 11/13/2010 8:24:42 PM | Computer Name = acaveney | Source = Hewlett-Packard | ID = 0
    Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
    Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
    System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 1/15/2011 5:07:08 AM | Computer Name = acaveney | Source = Hewlett-Packard | ID = 0
    Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
    Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
    System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    [ Media Center Events ]
    Error - 12/11/2010 10:53:17 PM | Computer Name = acaveney | Source = MCUpdate | ID = 0
    Description = 1:53:16 PM - Error connecting to the internet. 1:53:16 PM - Unable
    to contact server..

    Error - 12/14/2010 2:32:24 AM | Computer Name = acaveney | Source = MCUpdate | ID = 0
    Description = 5:32:24 PM - Error connecting to the internet. 5:32:24 PM - Unable
    to contact server..

    Error - 12/14/2010 2:32:33 AM | Computer Name = acaveney | Source = MCUpdate | ID = 0
    Description = 5:32:29 PM - Error connecting to the internet. 5:32:29 PM - Unable
    to contact server..

    Error - 12/20/2010 2:29:40 AM | Computer Name = acaveney | Source = MCUpdate | ID = 0
    Description = 5:29:40 PM - Error connecting to the internet. 5:29:40 PM - Unable
    to contact server..

    Error - 12/20/2010 2:29:46 AM | Computer Name = acaveney | Source = MCUpdate | ID = 0
    Description = 5:29:45 PM - Error connecting to the internet. 5:29:45 PM - Unable
    to contact server..

    Error - 12/25/2010 12:17:58 PM | Computer Name = acaveney | Source = MCUpdate | ID = 0
    Description = 3:17:57 AM - Error connecting to the internet. 3:17:57 AM - Unable
    to contact server..

    Error - 12/25/2010 1:18:06 PM | Computer Name = acaveney | Source = MCUpdate | ID = 0
    Description = 4:18:05 AM - Error connecting to the internet. 4:18:05 AM - Unable
    to contact server..

    Error - 12/25/2010 2:18:14 PM | Computer Name = acaveney | Source = MCUpdate | ID = 0
    Description = 5:18:13 AM - Error connecting to the internet. 5:18:13 AM - Unable
    to contact server..

    Error - 12/25/2010 3:18:22 PM | Computer Name = acaveney | Source = MCUpdate | ID = 0
    Description = 6:18:21 AM - Error connecting to the internet. 6:18:21 AM - Unable
    to contact server..

    Error - 1/5/2011 10:31:39 PM | Computer Name = acaveney | Source = MCUpdate | ID = 0
    Description = 1:31:39 PM - Failed to retrieve Directory (Error: The operation has
    timed out)

    [ System Events ]
    Error - 2/15/2011 11:43:24 PM | Computer Name = acaveney | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 2/15/2011 11:55:59 PM | Computer Name = acaveney | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 2/16/2011 12:30:10 AM | Computer Name = acaveney | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 2/16/2011 12:30:14 AM | Computer Name = acaveney | Source = Service Control Manager | ID = 7000
    Description = The Agere Modem Call Progress Audio service failed to start due to
    the following error: %%2

    Error - 2/16/2011 12:36:31 AM | Computer Name = acaveney | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 2/16/2011 12:48:08 AM | Computer Name = acaveney | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 2/16/2011 12:51:27 AM | Computer Name = acaveney | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 2/16/2011 12:51:28 AM | Computer Name = acaveney | Source = Microsoft-Windows-Kernel-Power | ID = 88
    Description = The system was hibernated due to a critical thermal event. Hibernate
    Time = 2011-02-16T04:51:28.685219500Z ACPI Thermal Zone = ACPI\ThermalZone\THRM

    _HOT = 373K

    Error - 2/16/2011 12:51:30 AM | Computer Name = acaveney | Source = Microsoft-Windows-Kernel-Power | ID = 88
    Description = The system was hibernated due to a critical thermal event. Hibernate
    Time = 2011-02-16T04:51:30.720050200Z ACPI Thermal Zone = ACPI\ThermalZone\THRM

    _HOT = 373K

    Error - 2/16/2011 12:51:32 AM | Computer Name = acaveney | Source = Service Control Manager | ID = 7000
    Description = The Agere Modem Call Progress Audio service failed to start due to
    the following error: %%2


    < End of report >
     
  17. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    You didn't say:


    ==========================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
      IE - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
      FF - prefs.js..browser.search.defaultengine: "Ask.com"
      FF - prefs.js..browser.search.defaultenginename: "Ask.com"
      FF - prefs.js..browser.search.order.1: "Ask.com"
      IE - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15442&l=dis
      [2010/03/10 01:47:21 | 000,002,424 | ---- | M] () -- C:\Users\a.caveney\AppData\Roaming\Mozilla\Firefox\Profiles\swy5a2zf.defaul t\searchplugins\askcom.xml
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O4 - Startup: C:\Users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [1 C:\Users\a.caveney\Documents\*.tmp files -> C:\Users\a.caveney\Documents\*.tmp -> ]
      [2010/10/23 11:03:08 | 000,000,200 | ---- | C] () -- C:\Users\a.caveney\AppData\Roaming\35095.bat
      [2010/07/19 16:14:00 | 000,000,000 | ---- | C] () -- C:\Users\a.caveney\AppData\Local\Vwagezezocoh.bin
      [2011/01/03 21:30:35 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\AVG10
      @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ========================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. stoot64

    stoot64 TS Rookie Topic Starter

    Sorry, it;s running fine. All the problems (mostly concerning firefox) have gone. It is over heating a bit, but I don't think that's a virus.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Good news :)

    I suggest, you start new topic in appropriate forum, when we're done here.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Are you still out there?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...