TechSpot

Using Firefox or IE if open Google, get redirect to Google.com.br

Inactive
By NutnFunny
Mar 4, 2011
  1. Hey all,
    was hoping to get a some insight as to why when in firefox or IE8, and go to Google.com, I get redirected to Google.com.br Brasil.
    Also noticed when using Craigslist, my city ( according to Craig) changes every time I go to that site.

    System is Running Vista,
    Use satellite connection and linksys router. my other computer, laptop also has this issue.
    However, on laptop if I switch to my Spint wireless modem, no redirect.
    Tried ipgonfig /flush
    Tried Malewarebytes.
    Tried Avast and Trend Micro ( resident on both computers )

    [HJT log removed - Broni]
     
  2. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    Broni, first off thanks for the help.
    I did step one, with Avast, already loaded. No infections.
    Attempted to download TFC, and received a Warning from TrendMicro
    that the site was dangerous. Clicked "Go to site" and got 404 error.

    Cut and pasted the url for TFC, home page and was just a logo, nothing else would load.
     
  4. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Get it from HERE
     
  5. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    found site that allowed TFC,
    Now at step 5.
    DDs By sUBs is an .scr file and is garbage...on my pc
    looked for alternate sites to download,
    same file.
    will not run.
    no .exe
    any options?
     
  6. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  7. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    Here is the TDSS Killer report.

    2011/03/05 10:19:10.0934 5124 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
    2011/03/05 10:19:12.0935 5124

    ================================================================================
    2011/03/05 10:19:12.0935 5124 SystemInfo:
    2011/03/05 10:19:12.0935 5124
    2011/03/05 10:19:12.0936 5124 OS Version: 6.0.6002 ServicePack: 2.0
    2011/03/05 10:19:12.0936 5124 Product type: Workstation
    2011/03/05 10:19:12.0936 5124 ComputerName: ADMIN-PC
    2011/03/05 10:19:12.0936 5124 UserName: admin
    2011/03/05 10:19:12.0936 5124 Windows directory: C:\Windows
    2011/03/05 10:19:12.0936 5124 System windows directory: C:\Windows
    2011/03/05 10:19:12.0936 5124 Running under WOW64
    2011/03/05 10:19:12.0936 5124 Processor architecture: Intel x64
    2011/03/05 10:19:12.0936 5124 Number of processors: 8
    2011/03/05 10:19:12.0936 5124 Page size: 0x1000
    2011/03/05 10:19:12.0936 5124 Boot type: Normal boot
    2011/03/05 10:19:12.0936 5124

    ================================================================================
    2011/03/05 10:19:13.0403 5124 Initialize success
    2011/03/05 10:19:17.0579 4404

    ================================================================================
    2011/03/05 10:19:17.0579 4404 Scan started
    2011/03/05 10:19:17.0579 4404 Mode: Manual;
    2011/03/05 10:19:17.0579 4404

    ================================================================================
    2011/03/05 10:19:18.0809 4404 ACPI (1965aaffab07e3fb03c77f81beba3547)

    C:\Windows\system32\drivers\acpi.sys
    2011/03/05 10:19:18.0875 4404 adp94xx (f14215e37cf124104575073f782111d2)

    C:\Windows\system32\drivers\adp94xx.sys
    2011/03/05 10:19:18.0957 4404 adpahci (7d05a75e3066861a6610f7ee04ff085c)

    C:\Windows\system32\drivers\adpahci.sys
    2011/03/05 10:19:19.0006 4404 adpu160m (820a201fe08a0c345b3bedbc30e1a77c)

    C:\Windows\system32\drivers\adpu160m.sys
    2011/03/05 10:19:19.0049 4404 adpu320 (9b4ab6854559dc168fbb4c24fc52e794)

    C:\Windows\system32\drivers\adpu320.sys
    2011/03/05 10:19:19.0149 4404 AFD (12415ccfd3e7cec55b5184e67b039fe4)

    C:\Windows\system32\drivers\afd.sys
    2011/03/05 10:19:19.0226 4404 agp440 (f6f6793b7f17b550ecfdbd3b229173f7)

    C:\Windows\system32\drivers\agp440.sys
    2011/03/05 10:19:19.0274 4404 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00)

    C:\Windows\system32\drivers\djsvs.sys
    2011/03/05 10:19:19.0315 4404 aliide (9544c2c55541c0c6bfd7b489d0e7d430)

    C:\Windows\system32\drivers\aliide.sys
    2011/03/05 10:19:19.0379 4404 amdide (970fa5059e61e30d25307b99903e991e)

    C:\Windows\system32\drivers\amdide.sys
    2011/03/05 10:19:19.0408 4404 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1)

    C:\Windows\system32\drivers\amdk8.sys
    2011/03/05 10:19:19.0471 4404 arc (ba8417d4765f3988ff921f30f630e303)

    C:\Windows\system32\drivers\arc.sys
    2011/03/05 10:19:19.0499 4404 arcsas (9d41c435619733b34cc16a511e644b11)

    C:\Windows\system32\drivers\arcsas.sys
    2011/03/05 10:19:19.0550 4404 aswFsBlk (f810e3ea3d1f3c3ba26f2f4719bdca4f)

    C:\Windows\system32\drivers\aswFsBlk.sys
    2011/03/05 10:19:19.0622 4404 aswMonFlt (3687fd9cedf56d3b9f18923f4e14f3f9)

    C:\Windows\system32\drivers\aswMonFlt.sys
    2011/03/05 10:19:19.0646 4404 aswRdr (e99e48596b35e5d5240104bcd61b3471)

    C:\Windows\system32\drivers\aswRdr.sys
    2011/03/05 10:19:19.0736 4404 aswSnx (84ad8fb3fd2efa52d8599a0028bbb6fe)

    C:\Windows\system32\drivers\aswSnx.sys
    2011/03/05 10:19:19.0779 4404 aswSP (8cba6cc5dca9e3829f1792bf98f06901)

    C:\Windows\system32\drivers\aswSP.sys
    2011/03/05 10:19:19.0820 4404 aswTdi (184248f2ded7b1641c7f3b30381baa2a)

    C:\Windows\system32\drivers\aswTdi.sys
    2011/03/05 10:19:19.0864 4404 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6)

    C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/03/05 10:19:19.0936 4404 atapi (e68d9b3a3905619732f7fe039466a623)

    C:\Windows\system32\drivers\atapi.sys
    2011/03/05 10:19:20.0094 4404 atikmdag (19b5c61cb09bff2bd69e063ee54b56c3)

    C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/03/05 10:19:20.0213 4404 blbdrive (79feeb40056683f8f61398d81dda65d2)

    C:\Windows\system32\drivers\blbdrive.sys
    2011/03/05 10:19:20.0316 4404 bowser (8b2b19031d0aeade6e1b933df1acba7e)

    C:\Windows\system32\DRIVERS\bowser.sys
    2011/03/05 10:19:20.0375 4404 BrFiltLo (f09eee9edc320b5e1501f749fde686c8)

    C:\Windows\system32\drivers\brfiltlo.sys
    2011/03/05 10:19:20.0420 4404 BrFiltUp (b114d3098e9bdb8bea8b053685831be6)

    C:\Windows\system32\drivers\brfiltup.sys
    2011/03/05 10:19:20.0454 4404 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b)

    C:\Windows\system32\drivers\brserid.sys
    2011/03/05 10:19:20.0488 4404 BrSerWdm (a6eca2151b08a09caceca35c07f05b42)

    C:\Windows\system32\drivers\brserwdm.sys
    2011/03/05 10:19:20.0515 4404 BrUsbMdm (b79968002c277e869cf38bd22cd61524)

    C:\Windows\system32\drivers\brusbmdm.sys
    2011/03/05 10:19:20.0544 4404 BrUsbSer (a87528880231c54e75ea7a44943b38bf)

    C:\Windows\system32\drivers\brusbser.sys
    2011/03/05 10:19:20.0575 4404 BTHMODEM (e0777b34e05f8a82a21856efc900c29f)

    C:\Windows\system32\drivers\bthmodem.sys
    2011/03/05 10:19:20.0616 4404 cdfs (b4d787db8d30793a4d4df9feed18f136)

    C:\Windows\system32\DRIVERS\cdfs.sys
    2011/03/05 10:19:20.0674 4404 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc)

    C:\Windows\system32\DRIVERS\cdrom.sys
    2011/03/05 10:19:20.0717 4404 circlass (02ea568d498bbdd4ba55bf3fce34d456)

    C:\Windows\system32\drivers\circlass.sys
    2011/03/05 10:19:20.0769 4404 CLFS (3dca9a18b204939cfb24bea53e31eb48)

    C:\Windows\system32\CLFS.sys
    2011/03/05 10:19:20.0833 4404 cmdide (e5d5499a1c50a54b5161296b6afe6192)

    C:\Windows\system32\drivers\cmdide.sys
    2011/03/05 10:19:20.0851 4404 Compbatt (7fb8ad01db0eabe60c8a861531a8f431)

    C:\Windows\system32\DRIVERS\compbatt.sys
    2011/03/05 10:19:20.0926 4404 CompFilter64 (553aa50f4d8f80320b59c6566d385a2f)

    C:\Windows\system32\DRIVERS\lvbflt64.sys
    2011/03/05 10:19:20.0947 4404 crcdisk (a8585b6412253803ce8efcbd6d6dc15c)

    C:\Windows\system32\drivers\crcdisk.sys
    2011/03/05 10:19:21.0009 4404 DfsC (36cd31121f228e7e79bae60aa45764c6)

    C:\Windows\system32\Drivers\dfsc.sys
    2011/03/05 10:19:21.0091 4404 disk (b0107e40ecdb5fa692ebf832f295d905)

    C:\Windows\system32\drivers\disk.sys
    2011/03/05 10:19:21.0186 4404 Dot4 (74c02b1717740c3b8039539e23e4b53f)

    C:\Windows\system32\DRIVERS\Dot4.sys
    2011/03/05 10:19:21.0260 4404 Dot4Print (08321d1860235bf42cf2854234337aea)

    C:\Windows\system32\DRIVERS\Dot4Prt.sys
    2011/03/05 10:19:21.0293 4404 dot4usb (4adccf0124f2b6911d3786a5d0e779e5)

    C:\Windows\system32\DRIVERS\dot4usb.sys
    2011/03/05 10:19:21.0362 4404 drmkaud (f1a78a98cfc2ee02144c6bec945447e6)

    C:\Windows\system32\drivers\drmkaud.sys
    2011/03/05 10:19:21.0435 4404 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4)

    C:\Windows\System32\drivers\dxgkrnl.sys
    2011/03/05 10:19:21.0494 4404 e1express (17d40652ef3e55eeae187a89df40965a)

    C:\Windows\system32\DRIVERS\e1e6032e.sys
    2011/03/05 10:19:21.0555 4404 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe)

    C:\Windows\system32\DRIVERS\E1G6032E.sys
    2011/03/05 10:19:21.0646 4404 e1yexpress (b37f6853d6e0c6f5f8efde33e831b5f8)

    C:\Windows\system32\DRIVERS\e1y60x64.sys
    2011/03/05 10:19:21.0736 4404 Ecache (5f94962be5a62db6e447ff6470c4f48a)

    C:\Windows\system32\drivers\ecache.sys
    2011/03/05 10:19:21.0795 4404 elxstor (c4636d6e10469404ab5308d9fd45ed07)

    C:\Windows\system32\drivers\elxstor.sys
    2011/03/05 10:19:21.0853 4404 ErrDev (bc3a58e938bb277e46bf4b3003b01abd)

    C:\Windows\system32\drivers\errdev.sys
    2011/03/05 10:19:21.0939 4404 exfat (486844f47b6636044a42454614ed4523)

    C:\Windows\system32\drivers\exfat.sys
    2011/03/05 10:19:22.0004 4404 fastfat (1a4bee34277784619ddaf0422c0c6e23)

    C:\Windows\system32\drivers\fastfat.sys
    2011/03/05 10:19:22.0052 4404 fdc (81b79b6df71fa1d2c6d688d830616e39)

    C:\Windows\system32\DRIVERS\fdc.sys
    2011/03/05 10:19:22.0085 4404 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59)

    C:\Windows\system32\drivers\fileinfo.sys
    2011/03/05 10:19:22.0118 4404 Filetrace (d421327fd6efccaf884a54c58e1b0d7f)

    C:\Windows\system32\drivers\filetrace.sys
    2011/03/05 10:19:22.0153 4404 flpydisk (230923ea2b80f79b0f88d90f87b87ebd)

    C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/03/05 10:19:22.0203 4404 FltMgr (e3041bc26d6930d61f42aedb79c91720)

    C:\Windows\system32\drivers\fltmgr.sys
    2011/03/05 10:19:22.0281 4404 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703)

    C:\Windows\system32\drivers\Fs_Rec.sys
    2011/03/05 10:19:22.0324 4404 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f)

    C:\Windows\system32\drivers\gagp30kx.sys
    2011/03/05 10:19:22.0380 4404 GEARAspiWDM (e403aacf8c7bb11375122d2464560311)

    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/03/05 10:19:22.0453 4404 HDAudBus (f942c5820205f2fb453243edfec82a3d)

    C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/03/05 10:19:22.0493 4404 HidBatt (68214c82fa6222591873677a72df2a66)

    C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/03/05 10:19:22.0520 4404 HidBth (b4881c84a180e75b8c25dc1d726c375f)

    C:\Windows\system32\drivers\hidbth.sys
    2011/03/05 10:19:22.0559 4404 HidIr (4e77a77e2c986e8f88f996bb3e1ad829)

    C:\Windows\system32\drivers\hidir.sys
    2011/03/05 10:19:22.0625 4404 HidUsb (443bdd2d30bb4f00795c797e2cf99edf)

    C:\Windows\system32\DRIVERS\hidusb.sys
    2011/03/05 10:19:22.0694 4404 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b)

    C:\Windows\system32\drivers\hpcisss.sys
    2011/03/05 10:19:22.0780 4404 HTTP (098f1e4e5c9cb5b0063a959063631610)

    C:\Windows\system32\drivers\HTTP.sys
    2011/03/05 10:19:22.0852 4404 i2omp (da94c854cea5fac549d4e1f6e88349e8)

    C:\Windows\system32\drivers\i2omp.sys
    2011/03/05 10:19:22.0896 4404 i8042prt (cbb597659a2713ce0c9cc20c88c7591f)

    C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/03/05 10:19:22.0981 4404 iaStor (fc28e90f2204d8fd147fa9bfa8a51c01)

    C:\Windows\system32\drivers\iastor.sys
    2011/03/05 10:19:23.0053 4404 iaStorV (3e3bf3627d886736d0b4e90054f929f6)

    C:\Windows\system32\drivers\iastorv.sys
    2011/03/05 10:19:23.0109 4404 iirsp (8c3951ad2fe886ef76c7b5027c3125d3)

    C:\Windows\system32\drivers\iirsp.sys
    2011/03/05 10:19:23.0175 4404 IntcAzAudAddService (56c5a3afac93cd364dec7fbca616e1c2)

    C:\Windows\system32\drivers\RTKVHD64.sys
    2011/03/05 10:19:23.0227 4404 intelide (df797a12176f11b2d301c5b234bb200e)

    C:\Windows\system32\DRIVERS\intelide.sys
    2011/03/05 10:19:23.0253 4404 intelppm (bfd84af32fa1bad6231c4585cb469630)

    C:\Windows\system32\DRIVERS\intelppm.sys
    2011/03/05 10:19:23.0317 4404 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81)

    C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/03/05 10:19:23.0366 4404 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67)

    C:\Windows\system32\drivers\ipmidrv.sys
    2011/03/05 10:19:23.0398 4404 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be)

    C:\Windows\system32\DRIVERS\ipnat.sys
    2011/03/05 10:19:23.0437 4404 IRENUM (8c42ca155343a2f11d29feca67faa88d)

    C:\Windows\system32\drivers\irenum.sys
    2011/03/05 10:19:23.0476 4404 isapnp (0672bfcedc6fc468a2b0500d81437f4f)

    C:\Windows\system32\drivers\isapnp.sys
    2011/03/05 10:19:23.0544 4404 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520)

    C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/03/05 10:19:23.0576 4404 iteatapi (63c766cdc609ff8206cb447a65abba4a)

    C:\Windows\system32\drivers\iteatapi.sys
    2011/03/05 10:19:23.0622 4404 iteraid (1281fe73b17664631d12f643cbea3f59)

    C:\Windows\system32\drivers\iteraid.sys
    2011/03/05 10:19:23.0650 4404 kbdclass (423696f3ba6472dd17699209b933bc26)

    C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/03/05 10:19:23.0716 4404 kbdhid (dbdf75d51464fbc47d0104ec3d572c05)

    C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/03/05 10:19:23.0784 4404 KSecDD (476e2c1dcea45895994bef11c2a98715)

    C:\Windows\system32\Drivers\ksecdd.sys
    2011/03/05 10:19:23.0841 4404 ksthunk (1d419cf43db29396ecd7113d129d94eb)

    C:\Windows\system32\drivers\ksthunk.sys
    2011/03/05 10:19:23.0947 4404 lltdio (96ece2659b6654c10a0c310ae3a6d02c)

    C:\Windows\system32\DRIVERS\lltdio.sys
    2011/03/05 10:19:23.0995 4404 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b)

    C:\Windows\system32\drivers\lsi_fc.sys
    2011/03/05 10:19:24.0037 4404 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525)

    C:\Windows\system32\drivers\lsi_sas.sys
    2011/03/05 10:19:24.0110 4404 LSI_SCSI (f445ff1daad8a226366bfaf42551226b)

    C:\Windows\system32\drivers\lsi_scsi.sys
    2011/03/05 10:19:24.0148 4404 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e)

    C:\Windows\system32\drivers\luafv.sys
    2011/03/05 10:19:24.0235 4404 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58)

    C:\Windows\system32\DRIVERS\LVPr2M64.sys
    2011/03/05 10:19:24.0281 4404 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58)

    C:\Windows\system32\DRIVERS\LVPr2M64.sys
    2011/03/05 10:19:24.0374 4404 LVRS64 (803085f59ec92b3827cc4d90fcbfd335)

    C:\Windows\system32\DRIVERS\lvrs64.sys
    2011/03/05 10:19:24.0576 4404 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3)

    C:\Windows\system32\DRIVERS\lvuvc64.sys
    2011/03/05 10:19:24.0672 4404 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f)

    C:\Windows\system32\drivers\megasas.sys
    2011/03/05 10:19:24.0715 4404 MegaSR (859bc2436b076c77c159ed694acfe8f8)

    C:\Windows\system32\drivers\megasr.sys
    2011/03/05 10:19:24.0783 4404 Modem (59848d5cc74606f0ee7557983bb73c2e)

    C:\Windows\system32\drivers\modem.sys
    2011/03/05 10:19:24.0831 4404 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5)

    C:\Windows\system32\DRIVERS\monitor.sys
    2011/03/05 10:19:24.0859 4404 mouclass (9367304e5e412b120cf5f4ea14e4e4f1)

    C:\Windows\system32\DRIVERS\mouclass.sys
    2011/03/05 10:19:24.0942 4404 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69)

    C:\Windows\system32\DRIVERS\mouhid.sys
    2011/03/05 10:19:25.0066 4404 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b)

    C:\Windows\system32\drivers\mountmgr.sys
    2011/03/05 10:19:25.0116 4404 mpio (f8276eb8698142884498a528dfea8478)

    C:\Windows\system32\drivers\mpio.sys
    2011/03/05 10:19:25.0193 4404 mpsdrv (c92b9abdb65a5991e00c28f13491dba2)

    C:\Windows\system32\drivers\mpsdrv.sys
    2011/03/05 10:19:25.0238 4404 Mraid35x (3c200630a89ef2c0864d515b7a75802e)

    C:\Windows\system32\drivers\mraid35x.sys
    2011/03/05 10:19:25.0306 4404 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d)

    C:\Windows\system32\drivers\mrxdav.sys
    2011/03/05 10:19:25.0375 4404 mrxsmb (d58d129e26705e83a4deba7177eb7972)

    C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/03/05 10:19:25.0455 4404 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630)

    C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/03/05 10:19:25.0542 4404 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e)

    C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/03/05 10:19:25.0595 4404 msahci (730b784962d22d2c6481eae2370e7c8c)

    C:\Windows\system32\drivers\msahci.sys
    2011/03/05 10:19:25.0640 4404 msdsm (264bbb4aaf312a485f0e44b65a6b7202)

    C:\Windows\system32\drivers\msdsm.sys
    2011/03/05 10:19:25.0705 4404 Msfs (704f59bfc4512d2bb0146aec31b10a7c)

    C:\Windows\system32\drivers\Msfs.sys
    2011/03/05 10:19:25.0770 4404 msisadrv (00ebc952961664780d43dca157e79b27)

    C:\Windows\system32\drivers\msisadrv.sys
    2011/03/05 10:19:25.0815 4404 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8)

    C:\Windows\system32\drivers\MSKSSRV.sys
    2011/03/05 10:19:25.0853 4404 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b)

    C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/03/05 10:19:25.0915 4404 MSPQM (49084a75bae043ae02d5b44d02991bb2)

    C:\Windows\system32\drivers\MSPQM.sys
    2011/03/05 10:19:25.0962 4404 MsRPC (dc6ccf440cdede4293db41c37a5060a5)

    C:\Windows\system32\drivers\MsRPC.sys
    2011/03/05 10:19:26.0030 4404 mssmbios (855796e59df77ea93af46f20155bf55b)

    C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/03/05 10:19:26.0059 4404 MSTEE (86d632d75d05d5b7c7c043fa3564ae86)

    C:\Windows\system32\drivers\MSTEE.sys
    2011/03/05 10:19:26.0105 4404 Mup (0cc49f78d8aca0877d885f149084e543)

    C:\Windows\system32\Drivers\mup.sys
    2011/03/05 10:19:26.0152 4404 NAL (b5a7ded4455d6d694091827dc91fed99)

    C:\Windows\system32\Drivers\iqvw64e.sys
    2011/03/05 10:19:26.0207 4404 NativeWifiP (2007b826c4acd94ae32232b41f0842b9)

    C:\Windows\system32\DRIVERS\nwifi.sys
    2011/03/05 10:19:26.0308 4404 NDIS (65950e07329fcee8e6516b17c8d0abb6)

    C:\Windows\system32\drivers\ndis.sys
    2011/03/05 10:19:26.0353 4404 NdisTapi (64df698a425478e321981431ac171334)

    C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/03/05 10:19:26.0380 4404 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19)

    C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/03/05 10:19:26.0416 4404 NdisWan (f8158771905260982ce724076419ef19)

    C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/03/05 10:19:26.0450 4404 NDProxy (9cb77ed7cb72850253e973a2d6afdf49)

    C:\Windows\system32\drivers\NDProxy.sys
    2011/03/05 10:19:26.0493 4404 NetBIOS (a499294f5029a7862adc115bda7371ce)

    C:\Windows\system32\DRIVERS\netbios.sys
    2011/03/05 10:19:26.0541 4404 netbt (fc2c792ebddc8e28df939d6a92c83d61)

    C:\Windows\system32\DRIVERS\netbt.sys
    2011/03/05 10:19:26.0608 4404 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7)

    C:\Windows\system32\drivers\nfrd960.sys
    2011/03/05 10:19:26.0672 4404 Npfs (b298874f8e0ea93f06ec40aa8d146478)

    C:\Windows\system32\drivers\Npfs.sys
    2011/03/05 10:19:26.0698 4404 nsiproxy (1523af19ee8b030ba682f7a53537eaeb)

    C:\Windows\system32\drivers\nsiproxy.sys
    2011/03/05 10:19:26.0773 4404 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1)

    C:\Windows\system32\drivers\Ntfs.sys
    2011/03/05 10:19:26.0851 4404 Null (dd5d684975352b85b52e3fd5347c20cb)

    C:\Windows\system32\drivers\Null.sys
    2011/03/05 10:19:26.0888 4404 nvraid (2c040b7ada5b06f6facadac8514aa034)

    C:\Windows\system32\drivers\nvraid.sys
    2011/03/05 10:19:26.0930 4404 nvstor (f7ea0fe82842d05eda3efdd376dbfdba)

    C:\Windows\system32\drivers\nvstor.sys
    2011/03/05 10:19:26.0969 4404 nv_agp (19067ca93075ef4823e3938a686f532f)

    C:\Windows\system32\drivers\nv_agp.sys
    2011/03/05 10:19:27.0084 4404 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28)

    C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/03/05 10:19:27.0136 4404 Parport (aecd57f94c887f58919f307c35498ea0)

    C:\Windows\system32\drivers\parport.sys
    2011/03/05 10:19:27.0181 4404 partmgr (f9b5eda4c17a2be7663f064dbf0fe254)

    C:\Windows\system32\drivers\partmgr.sys
    2011/03/05 10:19:27.0224 4404 pci (47ab1e0fc9d0e12bb53ba246e3a0906d)

    C:\Windows\system32\drivers\pci.sys
    2011/03/05 10:19:27.0305 4404 pciide (2657f6c0b78c36d95034be109336e382)

    C:\Windows\system32\drivers\pciide.sys
    2011/03/05 10:19:27.0350 4404 pcmcia (037661f3d7c507c9993b7010ceee6288)

    C:\Windows\system32\drivers\pcmcia.sys
    2011/03/05 10:19:27.0419 4404 PEAUTH (58865916f53592a61549b04941bfd80d)

    C:\Windows\system32\drivers\peauth.sys
    2011/03/05 10:19:27.0565 4404 pnarp (4ff73a83a25d0eead4f5e6c841bb6704)

    C:\Windows\system32\DRIVERS\pnarp.sys
    2011/03/05 10:19:27.0659 4404 PptpMiniport (23386e9952025f5f21c368971e2e7301)

    C:\Windows\system32\DRIVERS\raspptp.sys
    2011/03/05 10:19:27.0700 4404 Processor (5080e59ecee0bc923f14018803aa7a01)

    C:\Windows\system32\drivers\processr.sys
    2011/03/05 10:19:27.0783 4404 PSched (c5ab7f0809392d0da027f4a2a81bfa31)

    C:\Windows\system32\DRIVERS\pacer.sys
    2011/03/05 10:19:27.0835 4404 purendis (9a68a89f10f283a23afee2a1bfe4bffb)

    C:\Windows\system32\DRIVERS\purendis.sys
    2011/03/05 10:19:27.0914 4404 PxHlpa64 (46851bc18322da70f3f2299a1007c479)

    C:\Windows\system32\Drivers\PxHlpa64.sys
    2011/03/05 10:19:27.0976 4404 ql2300 (0b83f4e681062f3839be2ec1d98fd94a)

    C:\Windows\system32\drivers\ql2300.sys
    2011/03/05 10:19:28.0065 4404 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a)

    C:\Windows\system32\drivers\ql40xx.sys
    2011/03/05 10:19:28.0129 4404 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5)

    C:\Windows\system32\drivers\qwavedrv.sys
    2011/03/05 10:19:28.0299 4404 R300 (19b5c61cb09bff2bd69e063ee54b56c3)

    C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/03/05 10:19:28.0377 4404 RasAcd (1013b3b663a56d3ddd784f581c1bd005)

    C:\Windows\system32\DRIVERS\rasacd.sys
    2011/03/05 10:19:28.0410 4404 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c)

    C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/03/05 10:19:28.0483 4404 RasPppoe (4517fbf8b42524afe4ede1de102aae3e)

    C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/03/05 10:19:28.0553 4404 RasSstp (c6a593b51f34c33e5474539544072527)

    C:\Windows\system32\DRIVERS\rassstp.sys
    2011/03/05 10:19:28.0623 4404 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1)

    C:\Windows\system32\DRIVERS\rdbss.sys
    2011/03/05 10:19:28.0677 4404 RDPCDD (603900cc05f6be65ccbf373800af3716)

    C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/03/05 10:19:28.0726 4404 rdpdr (c045d1fb111c28df0d1be8d4bda22c06)

    C:\Windows\system32\drivers\rdpdr.sys
    2011/03/05 10:19:28.0772 4404 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab)

    C:\Windows\system32\drivers\rdpencdd.sys
    2011/03/05 10:19:28.0811 4404 RDPWD (b1d741c87cea8d7282146366cc9c3f81)

    C:\Windows\system32\drivers\RDPWD.sys
    2011/03/05 10:19:28.0917 4404 rspndr (22a9cb08b1a6707c1550c6bf099aae73)

    C:\Windows\system32\DRIVERS\rspndr.sys
    2011/03/05 10:19:28.0986 4404 RTHDMIAzAudService (730c8393dfc90386d5a1ecb24dd6c614)

    C:\Windows\system32\drivers\RtHDMIVX.sys
    2011/03/05 10:19:29.0047 4404 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b)

    C:\Windows\system32\drivers\sbp2port.sys
    2011/03/05 10:19:29.0129 4404 secdrv (3ea8a16169c26afbeb544e0e48421186)

    C:\Windows\system32\drivers\secdrv.sys
    2011/03/05 10:19:29.0180 4404 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222)

    C:\Windows\system32\drivers\serenum.sys
    2011/03/05 10:19:29.0221 4404 Serial (e62fac91ee288db29a9696a9d279929c)

    C:\Windows\system32\drivers\serial.sys
    2011/03/05 10:19:29.0280 4404 sermouse (a842f04833684bceea7336211be478df)

    C:\Windows\system32\drivers\sermouse.sys
    2011/03/05 10:19:29.0359 4404 sffdisk (14d4b4465193a87c127933978e8c4106)

    C:\Windows\system32\drivers\sffdisk.sys
    2011/03/05 10:19:29.0391 4404 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2)

    C:\Windows\system32\drivers\sffp_mmc.sys
    2011/03/05 10:19:29.0422 4404 sffp_sd (35e59ebe4a01a0532ed67975161c7b82)

    C:\Windows\system32\drivers\sffp_sd.sys
    2011/03/05 10:19:29.0443 4404 sfloppy (6b7838c94135768bd455cbdc23e39e5f)

    C:\Windows\system32\drivers\sfloppy.sys
    2011/03/05 10:19:29.0479 4404 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3)

    C:\Windows\system32\drivers\sisraid2.sys
    2011/03/05 10:19:29.0504 4404 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d)

    C:\Windows\system32\drivers\sisraid4.sys
    2011/03/05 10:19:29.0576 4404 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473)

    C:\Windows\system32\DRIVERS\smb.sys
    2011/03/05 10:19:29.0643 4404 spldr (386c3c63f00a7040c7ec5e384217e89d)

    C:\Windows\system32\drivers\spldr.sys
    2011/03/05 10:19:29.0683 4404 srv (8cd33a47ca02c79038b669f31f95bdac)

    C:\Windows\system32\DRIVERS\srv.sys
    2011/03/05 10:19:29.0754 4404 srv2 (1bedf533096c56e70f87e3e3ee02caf5)

    C:\Windows\system32\DRIVERS\srv2.sys
    2011/03/05 10:19:29.0786 4404 srvnet (2b8c340f830c465f514d966f7e6a822f)

    C:\Windows\system32\DRIVERS\srvnet.sys
    2011/03/05 10:19:29.0829 4404 swenum (8a851ca908b8b974f89c50d2e18d4f0c)

    C:\Windows\system32\DRIVERS\swenum.sys
    2011/03/05 10:19:29.0872 4404 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b)

    C:\Windows\system32\drivers\symc8xx.sys
    2011/03/05 10:19:29.0905 4404 Sym_hi (a909667976d3bccd1df813fed517d837)

    C:\Windows\system32\drivers\sym_hi.sys
    2011/03/05 10:19:29.0934 4404 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0)

    C:\Windows\system32\drivers\sym_u3.sys
    2011/03/05 10:19:30.0025 4404 Tcpip (973658a2ea9c06b2976884b9046dfc6c)

    C:\Windows\system32\drivers\tcpip.sys
    2011/03/05 10:19:30.0280 4404 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c)

    C:\Windows\system32\DRIVERS\tcpip.sys
    2011/03/05 10:19:30.0338 4404 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334)

    C:\Windows\system32\drivers\tcpipreg.sys
    2011/03/05 10:19:30.0379 4404 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc)

    C:\Windows\system32\drivers\tdpipe.sys
    2011/03/05 10:19:30.0418 4404 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1)

    C:\Windows\system32\drivers\tdtcp.sys
    2011/03/05 10:19:30.0512 4404 tdx (458919c8c42e398dc4802178d5ffee27)

    C:\Windows\system32\DRIVERS\tdx.sys
    2011/03/05 10:19:30.0595 4404 TermDD (8c19678d22649ec002ef2282eae92f98)

    C:\Windows\system32\DRIVERS\termdd.sys
    2011/03/05 10:19:30.0688 4404 tmlwf (35a6aeb61c7cf21b10cc05bda47339b5)

    C:\Windows\system32\DRIVERS\tmlwf.sys
    2011/03/05 10:19:30.0784 4404 tmpreflt (803ee35df92815ea5d41cee7410c8cc1)

    C:\Windows\system32\DRIVERS\tmpreflt.sys
    2011/03/05 10:19:30.0857 4404 tmtdi (21cc12b7f8b44e91d03ead5b17aaf0b2)

    C:\Windows\system32\DRIVERS\tmtdi.sys
    2011/03/05 10:19:30.0880 4404 tmwfp (a4670e50c15d7bce7226e4b62700df09)

    C:\Windows\system32\DRIVERS\tmwfp.sys
    2011/03/05 10:19:30.0947 4404 tmxpflt (9bd32132a3470cefb3cbea5fa492bd6f)

    C:\Windows\system32\DRIVERS\tmxpflt.sys
    2011/03/05 10:19:31.0004 4404 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8)

    C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/03/05 10:19:31.0062 4404 tunmp (89ec74a9e602d16a75a4170511029b3c)

    C:\Windows\system32\DRIVERS\tunmp.sys
    2011/03/05 10:19:31.0118 4404 tunnel (30a9b3f45ad081bffc3bcaa9c812b609)

    C:\Windows\system32\DRIVERS\tunnel.sys
    2011/03/05 10:19:31.0154 4404 uagp35 (fec266ef401966311744bd0f359f7f56)

    C:\Windows\system32\drivers\uagp35.sys
    2011/03/05 10:19:31.0206 4404 udfs (faf2640a2a76ed03d449e443194c4c34)

    C:\Windows\system32\DRIVERS\udfs.sys
    2011/03/05 10:19:31.0286 4404 uliagpkx (4ec9447ac3ab462647f60e547208ca00)

    C:\Windows\system32\drivers\uliagpkx.sys
    2011/03/05 10:19:31.0323 4404 uliahci (697f0446134cdc8f99e69306184fbbb4)

    C:\Windows\system32\drivers\uliahci.sys
    2011/03/05 10:19:31.0378 4404 UlSata (31707f09846056651ea2c37858f5ddb0)

    C:\Windows\system32\drivers\ulsata.sys
    2011/03/05 10:19:31.0427 4404 ulsata2 (85e5e43ed5b48c8376281bab519271b7)

    C:\Windows\system32\drivers\ulsata2.sys
    2011/03/05 10:19:31.0485 4404 umbus (46e9a994c4fed537dd951f60b86ad3f4)

    C:\Windows\system32\DRIVERS\umbus.sys
    2011/03/05 10:19:31.0576 4404 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73)

    C:\Windows\system32\Drivers\usbaapl64.sys
    2011/03/05 10:19:31.0650 4404 usbaudio (c6ba890de6e41857fbe84175519cae7d)

    C:\Windows\system32\drivers\usbaudio.sys
    2011/03/05 10:19:31.0735 4404 usbccgp (07e3498fc60834219d2356293da0fecc)

    C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/03/05 10:19:31.0774 4404 usbcir (9247f7e0b65852c1f6631480984d6ed2)

    C:\Windows\system32\drivers\usbcir.sys
    2011/03/05 10:19:31.0838 4404 usbehci (827e44de934a736ea31e91d353eb126f)

    C:\Windows\system32\DRIVERS\usbehci.sys
    2011/03/05 10:19:31.0900 4404 usbhub (bb35cd80a2ececfadc73569b3d70c7d1)

    C:\Windows\system32\DRIVERS\usbhub.sys
    2011/03/05 10:19:31.0954 4404 usbohci (eba14ef0c07cec233f1529c698d0d154)

    C:\Windows\system32\drivers\usbohci.sys
    2011/03/05 10:19:32.0011 4404 usbprint (28b693b6d31e7b9332c1bdcefef228c1)

    C:\Windows\system32\DRIVERS\usbprint.sys
    2011/03/05 10:19:32.0025 4404 usbscan (ea0bf666868964fbe8cb10e50c97b9f1)

    C:\Windows\system32\DRIVERS\usbscan.sys
    2011/03/05 10:19:32.0062 4404 USBSTOR (b854c1558fca0c269a38663e8b59b581)

    C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/03/05 10:19:32.0114 4404 usbuhci (b2872cbf9f47316abd0e0c74a1aba507)

    C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/03/05 10:19:32.0179 4404 usbvideo (fc33099877790d51b0927b7039059855)

    C:\Windows\system32\Drivers\usbvideo.sys
    2011/03/05 10:19:32.0286 4404 vga (916b94bcf1e09873fff2d5fb11767bbc)

    C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/03/05 10:19:32.0334 4404 VgaSave (b83ab16b51feda65dd81b8c59d114d63)

    C:\Windows\System32\drivers\vga.sys
    2011/03/05 10:19:32.0363 4404 viaide (8294b6c3fdb6c33f24e150de647ecdaa)

    C:\Windows\system32\drivers\viaide.sys
    2011/03/05 10:19:32.0393 4404 volmgr (2b7e885ed951519a12c450d24535dfca)

    C:\Windows\system32\drivers\volmgr.sys
    2011/03/05 10:19:32.0458 4404 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877)

    C:\Windows\system32\drivers\volmgrx.sys
    2011/03/05 10:19:32.0551 4404 volsnap (5280aada24ab36b01a84a6424c475c8d)

    C:\Windows\system32\drivers\volsnap.sys
    2011/03/05 10:19:32.0670 4404 vsapint (b01ce1f5a44126892240d179a6dbd43f)

    C:\Windows\system32\DRIVERS\vsapint.sys
    2011/03/05 10:19:32.0722 4404 vsmraid (a68f455ed2673835209318dd61bfbb0e)

    C:\Windows\system32\drivers\vsmraid.sys
    2011/03/05 10:19:32.0779 4404 WacomPen (fef8fe5923fead2cee4dfabfce3393a7)

    C:\Windows\system32\drivers\wacompen.sys
    2011/03/05 10:19:32.0843 4404 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd)

    C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/05 10:19:32.0881 4404 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd)

    C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/05 10:19:32.0918 4404 Wd (0c17a0816f65b89e362e682ad5e7266e)

    C:\Windows\system32\drivers\wd.sys
    2011/03/05 10:19:32.0959 4404 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df)

    C:\Windows\system32\drivers\Wdf01000.sys
    2011/03/05 10:19:33.0105 4404 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5)

    C:\Windows\system32\drivers\wmiacpi.sys
    2011/03/05 10:19:33.0180 4404 WpdUsb (5e2401b3fc1089c90e081291357371a9)

    C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/03/05 10:19:33.0224 4404 ws2ifsl (8a900348370e359b6bff6a550e4649e1)

    C:\Windows\system32\drivers\ws2ifsl.sys
    2011/03/05 10:19:33.0272 4404 WUDFRd (501a65252617b495c0f1832f908d54d8)

    C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/03/05 10:19:33.0364 4404

    ================================================================================
    2011/03/05 10:19:33.0364 4404 Scan finished
    2011/03/05 10:19:33.0364 4404

    ================================================================================
     
  8. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Please, make sure to disable "word wrap" in Notepad.
    Re-run TDSSKiller and post new log.
     
  9. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    Here is TDSS Killer, disabled wordwrap

    2011/03/05 11:10:35.0226 0880 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
    2011/03/05 11:10:36.0677 0880 ================================================================================
    2011/03/05 11:10:36.0677 0880 SystemInfo:
    2011/03/05 11:10:36.0677 0880
    2011/03/05 11:10:36.0678 0880 OS Version: 6.0.6002 ServicePack: 2.0
    2011/03/05 11:10:36.0678 0880 Product type: Workstation
    2011/03/05 11:10:36.0678 0880 ComputerName: ADMIN-PC
    2011/03/05 11:10:36.0678 0880 UserName: admin
    2011/03/05 11:10:36.0678 0880 Windows directory: C:\Windows
    2011/03/05 11:10:36.0678 0880 System windows directory: C:\Windows
    2011/03/05 11:10:36.0678 0880 Running under WOW64
    2011/03/05 11:10:36.0678 0880 Processor architecture: Intel x64
    2011/03/05 11:10:36.0678 0880 Number of processors: 8
    2011/03/05 11:10:36.0678 0880 Page size: 0x1000
    2011/03/05 11:10:36.0678 0880 Boot type: Normal boot
    2011/03/05 11:10:36.0678 0880 ================================================================================
    2011/03/05 11:10:36.0991 0880 Initialize success
    2011/03/05 11:10:49.0009 5936 ================================================================================
    2011/03/05 11:10:49.0009 5936 Scan started
    2011/03/05 11:10:49.0009 5936 Mode: Manual;
    2011/03/05 11:10:49.0009 5936 ================================================================================
    2011/03/05 11:10:49.0981 5936 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
    2011/03/05 11:10:50.0047 5936 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
    2011/03/05 11:10:50.0103 5936 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
    2011/03/05 11:10:50.0143 5936 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
    2011/03/05 11:10:50.0178 5936 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
    2011/03/05 11:10:50.0295 5936 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
    2011/03/05 11:10:50.0346 5936 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
    2011/03/05 11:10:50.0378 5936 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
    2011/03/05 11:10:50.0410 5936 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
    2011/03/05 11:10:50.0466 5936 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
    2011/03/05 11:10:50.0487 5936 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
    2011/03/05 11:10:50.0542 5936 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
    2011/03/05 11:10:50.0586 5936 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
    2011/03/05 11:10:50.0637 5936 aswFsBlk (f810e3ea3d1f3c3ba26f2f4719bdca4f) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/03/05 11:10:50.0701 5936 aswMonFlt (3687fd9cedf56d3b9f18923f4e14f3f9) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/03/05 11:10:50.0717 5936 aswRdr (e99e48596b35e5d5240104bcd61b3471) C:\Windows\system32\drivers\aswRdr.sys
    2011/03/05 11:10:50.0799 5936 aswSnx (84ad8fb3fd2efa52d8599a0028bbb6fe) C:\Windows\system32\drivers\aswSnx.sys
    2011/03/05 11:10:50.0825 5936 aswSP (8cba6cc5dca9e3829f1792bf98f06901) C:\Windows\system32\drivers\aswSP.sys
    2011/03/05 11:10:50.0899 5936 aswTdi (184248f2ded7b1641c7f3b30381baa2a) C:\Windows\system32\drivers\aswTdi.sys
    2011/03/05 11:10:50.0959 5936 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/03/05 11:10:51.0023 5936 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
    2011/03/05 11:10:51.0199 5936 atikmdag (19b5c61cb09bff2bd69e063ee54b56c3) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/03/05 11:10:51.0292 5936 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
    2011/03/05 11:10:51.0345 5936 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
    2011/03/05 11:10:51.0395 5936 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
    2011/03/05 11:10:51.0424 5936 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
    2011/03/05 11:10:51.0450 5936 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
    2011/03/05 11:10:51.0467 5936 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
    2011/03/05 11:10:51.0486 5936 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
    2011/03/05 11:10:51.0507 5936 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
    2011/03/05 11:10:51.0529 5936 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
    2011/03/05 11:10:51.0562 5936 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/03/05 11:10:51.0611 5936 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/03/05 11:10:51.0646 5936 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
    2011/03/05 11:10:51.0699 5936 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
    2011/03/05 11:10:51.0737 5936 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
    2011/03/05 11:10:51.0760 5936 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/03/05 11:10:51.0830 5936 CompFilter64 (553aa50f4d8f80320b59c6566d385a2f) C:\Windows\system32\DRIVERS\lvbflt64.sys
    2011/03/05 11:10:51.0847 5936 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
    2011/03/05 11:10:51.0905 5936 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
    2011/03/05 11:10:51.0970 5936 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
    2011/03/05 11:10:52.0057 5936 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
    2011/03/05 11:10:52.0114 5936 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    2011/03/05 11:10:52.0130 5936 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
    2011/03/05 11:10:52.0200 5936 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
    2011/03/05 11:10:52.0274 5936 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/03/05 11:10:52.0332 5936 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
    2011/03/05 11:10:52.0375 5936 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
    2011/03/05 11:10:52.0450 5936 e1yexpress (b37f6853d6e0c6f5f8efde33e831b5f8) C:\Windows\system32\DRIVERS\e1y60x64.sys
    2011/03/05 11:10:52.0507 5936 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
    2011/03/05 11:10:52.0549 5936 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
    2011/03/05 11:10:52.0590 5936 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
    2011/03/05 11:10:52.0643 5936 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
    2011/03/05 11:10:52.0692 5936 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
    2011/03/05 11:10:52.0714 5936 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
    2011/03/05 11:10:52.0747 5936 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
    2011/03/05 11:10:52.0772 5936 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
    2011/03/05 11:10:52.0807 5936 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/03/05 11:10:52.0858 5936 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
    2011/03/05 11:10:52.0935 5936 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/03/05 11:10:52.0970 5936 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
    2011/03/05 11:10:53.0017 5936 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/03/05 11:10:53.0092 5936 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/03/05 11:10:53.0122 5936 HidBatt (68214c82fa6222591873677a72df2a66) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/03/05 11:10:53.0148 5936 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
    2011/03/05 11:10:53.0180 5936 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
    2011/03/05 11:10:53.0245 5936 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/03/05 11:10:53.0315 5936 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
    2011/03/05 11:10:53.0393 5936 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
    2011/03/05 11:10:53.0431 5936 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
    2011/03/05 11:10:53.0467 5936 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/03/05 11:10:53.0552 5936 iaStor (fc28e90f2204d8fd147fa9bfa8a51c01) C:\Windows\system32\drivers\iastor.sys
    2011/03/05 11:10:53.0582 5936 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
    2011/03/05 11:10:53.0613 5936 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
    2011/03/05 11:10:53.0682 5936 IntcAzAudAddService (56c5a3afac93cd364dec7fbca616e1c2) C:\Windows\system32\drivers\RTKVHD64.sys
    2011/03/05 11:10:53.0714 5936 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\DRIVERS\intelide.sys
    2011/03/05 11:10:53.0732 5936 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/03/05 11:10:53.0796 5936 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/03/05 11:10:53.0845 5936 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
    2011/03/05 11:10:53.0869 5936 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/03/05 11:10:53.0900 5936 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
    2011/03/05 11:10:53.0939 5936 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
    2011/03/05 11:10:53.0999 5936 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/03/05 11:10:54.0030 5936 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
    2011/03/05 11:10:54.0076 5936 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
    2011/03/05 11:10:54.0104 5936 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/03/05 11:10:54.0162 5936 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/03/05 11:10:54.0231 5936 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
    2011/03/05 11:10:54.0261 5936 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
    2011/03/05 11:10:54.0384 5936 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/03/05 11:10:54.0433 5936 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
    2011/03/05 11:10:54.0457 5936 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
    2011/03/05 11:10:54.0497 5936 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/03/05 11:10:54.0527 5936 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
    2011/03/05 11:10:54.0597 5936 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
    2011/03/05 11:10:54.0627 5936 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
    2011/03/05 11:10:54.0703 5936 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
    2011/03/05 11:10:54.0844 5936 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
    2011/03/05 11:10:54.0917 5936 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
    2011/03/05 11:10:54.0953 5936 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
    2011/03/05 11:10:54.0987 5936 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
    2011/03/05 11:10:55.0019 5936 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
    2011/03/05 11:10:55.0037 5936 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/03/05 11:10:55.0054 5936 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/03/05 11:10:55.0070 5936 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
    2011/03/05 11:10:55.0104 5936 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
    2011/03/05 11:10:55.0139 5936 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
    2011/03/05 11:10:55.0167 5936 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
    2011/03/05 11:10:55.0219 5936 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
    2011/03/05 11:10:55.0271 5936 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/03/05 11:10:55.0334 5936 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/03/05 11:10:55.0388 5936 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/03/05 11:10:55.0416 5936 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
    2011/03/05 11:10:55.0444 5936 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
    2011/03/05 11:10:55.0492 5936 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
    2011/03/05 11:10:55.0507 5936 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
    2011/03/05 11:10:55.0544 5936 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/03/05 11:10:55.0573 5936 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/03/05 11:10:55.0628 5936 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
    2011/03/05 11:10:55.0666 5936 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
    2011/03/05 11:10:55.0709 5936 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/03/05 11:10:55.0738 5936 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
    2011/03/05 11:10:55.0767 5936 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
    2011/03/05 11:10:55.0815 5936 NAL (b5a7ded4455d6d694091827dc91fed99) C:\Windows\system32\Drivers\iqvw64e.sys
    2011/03/05 11:10:55.0862 5936 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/03/05 11:10:55.0930 5936 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
    2011/03/05 11:10:56.0005 5936 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/03/05 11:10:56.0042 5936 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/03/05 11:10:56.0079 5936 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/03/05 11:10:56.0096 5936 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
    2011/03/05 11:10:56.0130 5936 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
    2011/03/05 11:10:56.0179 5936 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
    2011/03/05 11:10:56.0228 5936 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
    2011/03/05 11:10:56.0317 5936 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
    2011/03/05 11:10:56.0343 5936 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
    2011/03/05 11:10:56.0422 5936 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
    2011/03/05 11:10:56.0446 5936 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
    2011/03/05 11:10:56.0484 5936 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
    2011/03/05 11:10:56.0509 5936 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
    2011/03/05 11:10:56.0557 5936 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
    2011/03/05 11:10:56.0663 5936 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/03/05 11:10:56.0716 5936 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
    2011/03/05 11:10:56.0761 5936 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
    2011/03/05 11:10:56.0786 5936 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
    2011/03/05 11:10:56.0834 5936 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
    2011/03/05 11:10:56.0871 5936 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
    2011/03/05 11:10:56.0916 5936 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
    2011/03/05 11:10:57.0011 5936 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) C:\Windows\system32\DRIVERS\pnarp.sys
    2011/03/05 11:10:57.0097 5936 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/03/05 11:10:57.0121 5936 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
    2011/03/05 11:10:57.0195 5936 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
    2011/03/05 11:10:57.0247 5936 purendis (9a68a89f10f283a23afee2a1bfe4bffb) C:\Windows\system32\DRIVERS\purendis.sys
    2011/03/05 11:10:57.0318 5936 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
    2011/03/05 11:10:57.0382 5936 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
    2011/03/05 11:10:57.0419 5936 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
    2011/03/05 11:10:57.0458 5936 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
    2011/03/05 11:10:57.0632 5936 R300 (19b5c61cb09bff2bd69e063ee54b56c3) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/03/05 11:10:57.0689 5936 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/03/05 11:10:57.0714 5936 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/03/05 11:10:57.0770 5936 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/03/05 11:10:57.0832 5936 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/03/05 11:10:57.0885 5936 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/03/05 11:10:57.0898 5936 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/03/05 11:10:57.0937 5936 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
    2011/03/05 11:10:57.0949 5936 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
    2011/03/05 11:10:57.0982 5936 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
    2011/03/05 11:10:58.0037 5936 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/03/05 11:10:58.0090 5936 RTHDMIAzAudService (730c8393dfc90386d5a1ecb24dd6c614) C:\Windows\system32\drivers\RtHDMIVX.sys
    2011/03/05 11:10:58.0125 5936 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
    2011/03/05 11:10:58.0183 5936 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/03/05 11:10:58.0218 5936 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
    2011/03/05 11:10:58.0241 5936 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
    2011/03/05 11:10:58.0268 5936 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
    2011/03/05 11:10:58.0339 5936 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
    2011/03/05 11:10:58.0354 5936 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/03/05 11:10:58.0367 5936 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
    2011/03/05 11:10:58.0380 5936 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
    2011/03/05 11:10:58.0408 5936 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
    2011/03/05 11:10:58.0433 5936 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
    2011/03/05 11:10:58.0496 5936 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
    2011/03/05 11:10:58.0555 5936 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
    2011/03/05 11:10:58.0596 5936 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
    2011/03/05 11:10:58.0650 5936 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
    2011/03/05 11:10:58.0665 5936 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/03/05 11:10:58.0700 5936 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
    2011/03/05 11:10:58.0735 5936 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
    2011/03/05 11:10:58.0760 5936 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
    2011/03/05 11:10:58.0780 5936 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
    2011/03/05 11:10:58.0863 5936 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
    2011/03/05 11:10:58.0939 5936 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/03/05 11:10:59.0000 5936 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
    2011/03/05 11:10:59.0033 5936 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
    2011/03/05 11:10:59.0055 5936 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
    2011/03/05 11:10:59.0108 5936 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
    2011/03/05 11:10:59.0174 5936 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
    2011/03/05 11:10:59.0259 5936 tmlwf (35a6aeb61c7cf21b10cc05bda47339b5) C:\Windows\system32\DRIVERS\tmlwf.sys
    2011/03/05 11:10:59.0338 5936 tmpreflt (803ee35df92815ea5d41cee7410c8cc1) C:\Windows\system32\DRIVERS\tmpreflt.sys
    2011/03/05 11:10:59.0428 5936 tmtdi (21cc12b7f8b44e91d03ead5b17aaf0b2) C:\Windows\system32\DRIVERS\tmtdi.sys
    2011/03/05 11:10:59.0460 5936 tmwfp (a4670e50c15d7bce7226e4b62700df09) C:\Windows\system32\DRIVERS\tmwfp.sys
    2011/03/05 11:10:59.0509 5936 tmxpflt (9bd32132a3470cefb3cbea5fa492bd6f) C:\Windows\system32\DRIVERS\tmxpflt.sys
    2011/03/05 11:10:59.0549 5936 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/03/05 11:10:59.0599 5936 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/03/05 11:10:59.0647 5936 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/03/05 11:10:59.0683 5936 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
    2011/03/05 11:10:59.0727 5936 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
    2011/03/05 11:10:59.0765 5936 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
    2011/03/05 11:10:59.0802 5936 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
    2011/03/05 11:10:59.0824 5936 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
    2011/03/05 11:10:59.0848 5936 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
    2011/03/05 11:10:59.0881 5936 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
    2011/03/05 11:10:59.0963 5936 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys
    2011/03/05 11:11:00.0029 5936 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
    2011/03/05 11:11:00.0097 5936 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/03/05 11:11:00.0137 5936 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
    2011/03/05 11:11:00.0184 5936 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/03/05 11:11:00.0238 5936 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/03/05 11:11:00.0275 5936 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
    2011/03/05 11:11:00.0348 5936 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/03/05 11:11:00.0429 5936 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/03/05 11:11:00.0443 5936 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/03/05 11:11:00.0502 5936 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/03/05 11:11:00.0567 5936 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
    2011/03/05 11:11:00.0616 5936 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/03/05 11:11:00.0663 5936 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
    2011/03/05 11:11:00.0684 5936 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
    2011/03/05 11:11:00.0739 5936 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
    2011/03/05 11:11:00.0797 5936 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
    2011/03/05 11:11:00.0872 5936 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
    2011/03/05 11:11:00.0961 5936 vsapint (b01ce1f5a44126892240d179a6dbd43f) C:\Windows\system32\DRIVERS\vsapint.sys
    2011/03/05 11:11:00.0993 5936 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
    2011/03/05 11:11:01.0100 5936 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
    2011/03/05 11:11:01.0181 5936 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/05 11:11:01.0210 5936 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/05 11:11:01.0247 5936 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
    2011/03/05 11:11:01.0281 5936 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
    2011/03/05 11:11:01.0409 5936 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
    2011/03/05 11:11:01.0493 5936 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/03/05 11:11:01.0528 5936 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/03/05 11:11:01.0568 5936 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/03/05 11:11:01.0618 5936 ================================================================================
    2011/03/05 11:11:01.0618 5936 Scan finished
    2011/03/05 11:11:01.0618 5936 ================================================================================
     
  10. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    Here is MalwareBytes, and GMER stated "Nothing changed" ...no report.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5958

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    3/4/2011 8:32:26 PM
    mbam-log-2011-03-04 (20-32-26).txt

    Scan type: Quick scan
    Objects scanned: 159092
    Time elapsed: 4 minute(s), 45 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  11. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
     
  12. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    MbrCheck file:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Studio XPS 435MT
    Logical Drives Mask: 0x000001fc

    Kernel Drivers (total 162):
    0x03248000 \SystemRoot\system32\ntoskrnl.exe
    0x03202000 \SystemRoot\system32\hal.dll
    0x00607000 \SystemRoot\system32\kdcom.dll
    0x00611000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x0064C000 \SystemRoot\system32\PSHED.dll
    0x00660000 \SystemRoot\system32\CLFS.SYS
    0x006BD000 \SystemRoot\system32\CI.dll
    0x0080E000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E8000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x008F6000 \SystemRoot\system32\drivers\acpi.sys
    0x0094C000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00955000 \SystemRoot\system32\drivers\msisadrv.sys
    0x0095F000 \SystemRoot\system32\drivers\pci.sys
    0x0098F000 \SystemRoot\System32\drivers\partmgr.sys
    0x009A4000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x009A8000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x009B4000 \SystemRoot\system32\drivers\volmgr.sys
    0x0076F000 \SystemRoot\System32\drivers\volmgrx.sys
    0x009C8000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x009D0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x009E0000 \SystemRoot\system32\drivers\pciide.sys
    0x009E7000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00800000 \SystemRoot\system32\drivers\atapi.sys
    0x007D5000 \SystemRoot\system32\drivers\ataport.SYS
    0x00A05000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00A4C000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00A60000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x00A6C000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00C0A000 \SystemRoot\system32\drivers\ndis.sys
    0x00AF3000 \SystemRoot\system32\drivers\msrpc.sys
    0x00B43000 \SystemRoot\system32\drivers\NETIO.SYS
    0x00E01000 \SystemRoot\System32\drivers\tcpip.sys
    0x00F77000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01002000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01182000 \SystemRoot\system32\drivers\volsnap.sys
    0x011C6000 \SystemRoot\System32\Drivers\spldr.sys
    0x011CE000 \SystemRoot\System32\Drivers\mup.sys
    0x00FA3000 \SystemRoot\System32\drivers\ecache.sys
    0x011E0000 \SystemRoot\system32\drivers\disk.sys
    0x00FCF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x011F4000 \SystemRoot\system32\drivers\crcdisk.sys
    0x00DEF000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x00C00000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x00B9C000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x02C0B000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x03241000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03324000 \SystemRoot\System32\drivers\watchdog.sys
    0x02803000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x028F0000 \SystemRoot\system32\DRIVERS\e1y60x64.sys
    0x02940000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x0294C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x02992000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x029A3000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x029B5000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x029C5000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x029E1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x03334000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x0336D000 \SystemRoot\system32\DRIVERS\storport.sys
    0x029EE000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x033CA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x033ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x00BAF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x00BE0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x0340D000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x0342B000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x03443000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03456000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x03464000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x03470000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x03472000 \SystemRoot\system32\DRIVERS\ks.sys
    0x034A6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x034B1000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x034C1000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x03509000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x0351D000 \SystemRoot\system32\drivers\RtHDMIVX.sys
    0x03549000 \SystemRoot\system32\drivers\portcls.sys
    0x03584000 \SystemRoot\system32\drivers\drmk.sys
    0x035A7000 \SystemRoot\system32\drivers\ksthunk.sys
    0x03E0F000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x0400B000 \SystemRoot\System32\Drivers\aswSnx.SYS
    0x0408B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x04095000 \SystemRoot\System32\Drivers\Null.SYS
    0x040A9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x040B1000 \SystemRoot\System32\drivers\vga.sys
    0x040BF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x040E4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x040ED000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x040F6000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x04101000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x04112000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x0411B000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x04138000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x04148000 \SystemRoot\system32\DRIVERS\smb.sys
    0x04163000 \SystemRoot\system32\drivers\afd.sys
    0x041CE000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x03F8B000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x041D8000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x035AD000 \SystemRoot\system32\DRIVERS\tmlwf.sys
    0x03FCF000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x03FDE000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x035E2000 \SystemRoot\system32\DRIVERS\tmtdi.sys
    0x04200000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x0424D000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x04259000 \SystemRoot\System32\Drivers\dfsc.sys
    0x04276000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x042C1000 \SystemRoot\system32\DRIVERS\lvbflt64.sys
    0x042C6000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x042C8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x042E4000 \SystemRoot\system32\drivers\usbaudio.sys
    0x042FD000 \SystemRoot\system32\DRIVERS\lvrs64.sys
    0x04400000 \SystemRoot\system32\DRIVERS\lvuvc64.sys
    0x0434F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x047F7000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x04367000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x04379000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x04389000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x04394000 \SystemRoot\system32\DRIVERS\dot4usb.sys
    0x043A4000 \SystemRoot\system32\DRIVERS\Dot4.sys
    0x043CC000 \SystemRoot\system32\DRIVERS\HidBatt.sys
    0x043D7000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
    0x043E1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x043EC000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x03E00000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x03400000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x043F7000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x000F0000 \SystemRoot\System32\win32k.sys
    0x00DCD000 \SystemRoot\System32\drivers\Dxapi.sys
    0x00DD9000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x004B0000 \SystemRoot\System32\TSDDD.dll
    0x006E0000 \SystemRoot\System32\cdd.dll
    0x05E07000 \SystemRoot\system32\drivers\luafv.sys
    0x05E29000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x05E63000 \SystemRoot\system32\DRIVERS\tmpreflt.sys
    0x06208000 \SystemRoot\system32\DRIVERS\vsapint.sys
    0x05E72000 \SystemRoot\system32\DRIVERS\tmxpflt.sys
    0x063F0000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x05ED1000 \SystemRoot\system32\drivers\spsys.sys
    0x05F6B000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x05F7F000 \SystemRoot\system32\DRIVERS\pnarp.sys
    0x05F8B000 \SystemRoot\system32\DRIVERS\purendis.sys
    0x05F97000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x0700B000 \SystemRoot\system32\drivers\HTTP.sys
    0x070AE000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x070D7000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x070F5000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x0710F000 \SystemRoot\system32\drivers\mrxdav.sys
    0x07136000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0715F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x071A8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x071C7000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x07202000 \SystemRoot\System32\DRIVERS\srv.sys
    0x07296000 \SystemRoot\system32\drivers\peauth.sys
    0x0734C000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x07381000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0738C000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x07A05000 \SystemRoot\system32\DRIVERS\tmwfp.sys
    0x07BC4000 \SystemRoot\SysWOW64\WinFLdrv.sys
    0x07BCD000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x0739C000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
    0x07BED000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys
    0x073B2000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x76D60000 \Windows\System32\ntdll.dll

    Processes (total 74):
    0 System Idle Process
    4 System
    508 C:\Windows\System32\smss.exe
    588 csrss.exe
    644 C:\Windows\System32\wininit.exe
    664 csrss.exe
    700 C:\Windows\System32\services.exe
    712 C:\Windows\System32\lsass.exe
    724 C:\Windows\System32\lsm.exe
    828 C:\Windows\System32\winlogon.exe
    916 C:\Windows\System32\svchost.exe
    1016 C:\Windows\System32\svchost.exe
    428 C:\Windows\System32\atiesrxx.exe
    560 C:\Windows\System32\svchost.exe
    688 C:\Windows\System32\svchost.exe
    668 C:\Windows\System32\svchost.exe
    1104 C:\Windows\System32\audiodg.exe
    1160 C:\Windows\System32\SLsvc.exe
    1212 C:\Windows\System32\svchost.exe
    1232 C:\Windows\System32\atieclxx.exe
    1312 C:\Program Files\Dell\DellDock\DockLogin.exe
    1460 C:\Windows\System32\svchost.exe
    1568 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1692 C:\Windows\System32\dwm.exe
    1724 C:\Windows\explorer.exe
    1848 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    2108 C:\Windows\System32\spoolsv.exe
    2140 C:\Windows\System32\svchost.exe
    2216 C:\Windows\System32\taskeng.exe
    2808 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    2848 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    3036 C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
    2356 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2704 C:\Windows\SysWOW64\svchost.exe
    1668 C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    3080 C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    3096 C:\Windows\System32\svchost.exe
    3132 LVPrS64H.exe
    3144 C:\Windows\System32\svchost.exe
    3156 C:\Windows\SysWOW64\PnkBstrA.exe
    3248 C:\Windows\System32\svchost.exe
    3268 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    3336 C:\Windows\System32\svchost.exe
    3448 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    3544 C:\Windows\System32\svchost.exe
    3588 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    3604 C:\Windows\System32\SearchIndexer.exe
    3668 WUDFHost.exe
    3712 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    3876 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2280 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3508 C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    2980 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    3664 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3708 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    3812 C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    3972 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    4272 C:\Windows\SysWOW64\java.exe
    4296 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    5096 C:\Windows\System32\mobsync.exe
    1832 C:\Windows\System32\svchost.exe
    2584 C:\Program Files\iPod\bin\iPodService.exe
    4212 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    3980 C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
    204 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5740 C:\Windows\System32\wuauclt.exe
    5940 C:\Program Files\Windows Media Player\wmpnscfg.exe
    5372 C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6002.18005_none_0f2f8746d13ee87f\ieuser.exe
    5868 ProToolbarComm.exe
    2596 C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
    5004 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    4936 C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
    2940 C:\Program Files (x86)\HP\Smart Web Printing\hpswp_clipbook.exe
    4780 C:\Users\admin\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c4700000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`04700000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD6400AAKS-75A7B2, Rev: 01.03B01

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
     
  13. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    ComboFix.txt 1of 2

    ComboFix 11-03-05.01 - admin 03/05/2011 16:36:41.1.8 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8182.5968 [GMT -6:00]
    Running from: c:\users\admin\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Trend Micro Internet Security Pro *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Trend Micro Internet Security Pro *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\version.txt
    c:\users\admin\AppData\Roaming\.#
    c:\users\admin\AppData\Roaming\.#\MBX@1050@2A1F50.###
    c:\users\admin\AppData\Roaming\.#\MBX@1050@2A1F60.###
    c:\users\admin\AppData\Roaming\.#\MBX@1050@2A1F70.###
    c:\users\admin\AppData\Roaming\.#\MBX@1F4@3241F50.###
    c:\users\admin\AppData\Roaming\.#\MBX@1F4@3241F60.###
    c:\users\admin\AppData\Roaming\.#\MBX@1F4@3241F70.###
    c:\users\admin\AppData\Roaming\.#\MBX@A60@231F50.###
    c:\users\admin\AppData\Roaming\.#\MBX@A60@231F60.###
    c:\users\admin\AppData\Roaming\.#\MBX@A60@231F70.###
    c:\users\admin\g2mdlhlpx.exe
    c:\windows\Downloaded Program Files\Install.inf
    c:\windows\system32\service
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-05 to 2011-03-05 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-05 22:34 . 2011-03-05 22:35 -------- d-----w- C:\32788R22FWJFW
    2011-03-05 15:54 . 2011-03-05 15:54 -------- d-----w- c:\windows\SysWow64\wbem\Logs
    2011-03-05 01:53 . 2011-03-05 01:54 -------- d-----w- c:\program files (x86)\FileBulldog Toolbar
    2011-03-05 01:53 . 2011-03-05 01:53 -------- d-----w- c:\program files (x86)\Temp File Cleaner
    2011-03-04 21:33 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{64085234-D7AC-4F4E-9D03-52AB13065D9F}\mpengine.dll
    2011-03-03 05:22 . 2011-03-03 05:22 -------- d-----w- c:\program files (x86)\ESET
    2011-03-01 13:33 . 2011-03-01 13:33 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2011-03-01 04:52 . 2011-02-23 14:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-02-24 02:50 . 2011-02-24 02:50 -------- d-----w- c:\program files\iPod
    2011-02-24 02:50 . 2011-02-24 02:50 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2011-02-24 02:50 . 2011-02-24 02:50 -------- d-----w- c:\program files\iTunes
    2011-02-24 02:42 . 2011-02-24 02:42 -------- d-----w- c:\program files\Bonjour
    2011-02-24 02:42 . 2011-02-24 02:42 -------- d-----w- c:\program files (x86)\Bonjour
    2011-02-21 23:42 . 2011-02-21 23:42 -------- d-----w- c:\users\admin\AppData\Local\Yahoo!
    2011-02-10 03:36 . 2011-01-20 16:46 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-02-10 03:35 . 2010-10-15 14:02 4699024 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-02-10 03:35 . 2010-10-15 13:43 1168512 ----a-w- c:\windows\SysWow64\ntdll.dll
    2011-02-10 03:35 . 2010-10-15 13:43 1585168 ----a-w- c:\windows\system32\ntdll.dll
    2011-02-10 03:35 . 2011-01-08 09:03 48128 ----a-w- c:\windows\system32\atmlib.dll
    2011-02-10 03:35 . 2011-01-08 08:47 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2011-02-10 03:35 . 2011-01-08 06:45 367104 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-10 03:35 . 2011-01-08 06:28 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-23 15:04 . 2010-07-10 19:29 40648 ----a-w- c:\windows\avastSS.scr
    2011-02-23 15:04 . 2010-05-15 15:06 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-02-23 15:04 . 2011-01-22 16:22 238968 ----a-w- c:\windows\system32\aswBoot.exe
    2011-02-23 14:57 . 2010-05-15 15:06 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-02-23 14:55 . 2010-05-15 15:06 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-02-23 14:55 . 2010-05-15 15:06 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-02-23 14:55 . 2010-05-15 15:06 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-02-23 14:54 . 2010-05-15 15:06 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-02-02 23:11 . 2010-08-22 18:32 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-23 00:51 . 2011-01-23 00:51 53248 ----a-r- c:\users\admin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2010-12-28 16:08 . 2011-01-12 09:34 466944 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-28 15:55 . 2011-01-12 09:34 413696 ----a-w- c:\windows\SysWow64\odbc32.dll
    2010-12-21 00:09 . 2009-05-18 03:30 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-21 00:08 . 2009-10-03 22:58 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-14 16:15 . 2011-01-12 09:34 1251840 ----a-w- c:\windows\system32\sdclt.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
    "Steam"="c:\program files (x86)\steam\steam.exe" [2010-11-18 1242448]
    "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
    "Logitech Vid"="c:\program files (x86)\Logitech\Vid\vid.exe" [2010-05-11 6061400]
    "Logitech Vid HD"="c:\program files (x86)\Logitech\Vid\vid.exe" [2010-05-11 6061400]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
    "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
    Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2009-08-29 49152]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-11-14 53488]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-08-20 200720]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2008-12-22 88576]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 202752]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 64344]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
    S2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-08 197976]
    S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2010-07-30 42576]
    S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-08-20 339984]
    S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x]
    S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2010-11-10 24032]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2008-09-28 316544]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-11-10 341856]
    S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-11-10 4162784]
    S3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2010-08-20 595960]
    S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-08-20 917768]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-05 c:\windows\Tasks\SDMsgUpdate (SD).job
    - c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2011-01-19 17:29]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 15:04 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-12-22 6931488]
    "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1023416]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
     
  14. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    Combofix.txt 2 of 2

    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.bing.com/?pc=Z045&form=ZGAPHP
    mLocal Page = %SystemRoot%\system32\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\caulprq5.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z045&form=ZGAADF&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Zemanta: firefox@zemanta.com - %profile%\extensions\firefox@zemanta.com
    FF - Ext: KGen: kgen@elitwork.com - %profile%\extensions\kgen@elitwork.com
    FF - Ext: TACO 3.0 with Abine: optout@dubfire.net - %profile%\extensions\optout@dubfire.net
    FF - Ext: SeoQuake Plugin - Seolinx: seoquake-plugin-seolinx@seoquake.com - %profile%\extensions\seoquake-plugin-seolinx@seoquake.com
    FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
    FF - Ext: SEOpen: {ff6bdc07-eed6-4815-ad95-d7938b673ab5} - %profile%\extensions\{ff6bdc07-eed6-4815-ad95-d7938b673ab5}
    FF - Ext: Trend Micro Toolbar: {22181a4d-af90-4ca3-a569-faed9118d6bc} - c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-Ncr - (no file)
    Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
    HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
    AddRemove-FolderLock6 - c:\program files\Folder Lock\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3792922179-2174670505-3486552871-1000\Software\SecuROM\License information*]
    "datasecu"=hex:5d,7a,11,54,95,f3,ed,78,68,27,50,c9,80,1c,b0,4d,56,c3,a4,bc,f8,
    4e,78,92,67,65,1d,08,5f,90,a3,cc,14,61,cb,39,d7,d1,3f,7d,5e,f3,93,38,05,c3,\
    "rkeysecu"=hex:44,08,c1,7a,cf,c3,bf,2d,ef,f6,ad,12,77,f9,0e,ed
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\SysWOW64\java.exe
    c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\program files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files (x86)\Common Files\Steam\SteamService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-05 16:56:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-05 22:56
    .
    Pre-Run: 373,639,553,024 bytes free
    Post-Run: 373,448,671,232 bytes free
    .
    - - End Of File - - 68EADD2F1C2CD2240B46A2323967F23D
     
  15. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    RKill.com

    This is result:

    Virus Download Blocked
    Download of the virus has been blocked in accordance with company policy. Please contact your system administrator if you believe this is in error.

    File name: download.bleepingcomputer.com

    Rkill.scr and Rkill.exe

    This is result:

    Website blocked by Trend Micro Internet Security Pro
    Opening this website may put your security at risk

    --------------------------------------------------------------------------------

    The website you wanted to see might transmit malicious software to your computer, or has done that before to someone else. It may also show signs of involvement in online scams or fraud.
    Address: http://download.bleepingcomputer.com/grinler/rkill.scr
    Rating: Dangerous

    What you can do:
    Try visiting another site to find the information you want.
    Notify Trend Micro to review this page if you consider it safe.
    If you still want to see this blocked page:
    1. Open the Trend Micro Internet Security Pro console.
    2. Click Internet & Email Controls
    3. Click the Settings... button under Protection Against Web Threats.
    4. Click the Approved websites link in the next window that opens.
    5. Copy and paste the address of the blocked website into the list.
    Note: If you still want to visit this site despite the risk, click here to open it.

    --------------------------------------------------------------------------------


    Copyright © 1995-2009 Trend Micro
     
  16. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Disregard. False alarm.

    You're running two AV programs, Avast and Trend.
    One of them has to go.
    Your choice.

    How is redirection?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  17. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    OTL.txt 1 of 2

    OTL logfile created on: 3/5/2011 5:47:20 PM - Run 1
    OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\admin\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 74.00% Memory free
    16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.10 Gb Total Space | 347.85 Gb Free Space | 59.86% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 7.72 Gb Free Space | 51.46% Space Free | Partition Type: NTFS

    Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/05 17:45:39 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    PRC - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/07/13 20:13:44 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2010/05/07 18:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2010/01/04 18:07:06 | 000,083,280 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
    PRC - [2009/03/09 04:19:11 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\java.exe
    PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2008/11/13 13:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    PRC - [2008/09/23 20:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/05 17:45:39 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    MOD - [2011/02/23 09:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
    MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2010/11/08 10:52:56 | 000,836,504 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
    SRV:64bit: - [2010/08/19 20:53:50 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
    SRV:64bit: - [2010/08/19 20:53:50 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
    SRV:64bit: - [2010/08/19 20:53:49 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
    SRV:64bit: - [2010/05/07 18:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV:64bit: - [2009/11/24 21:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2008/12/22 01:37:34 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2008/09/23 20:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/03/03 18:46:32 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/07/13 20:13:44 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2008/11/13 13:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/02/23 08:55:05 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2010/11/09 20:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech HD Pro Webcam C910(UVC)
    DRV:64bit: - [2010/11/09 20:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2010/11/09 20:42:34 | 000,024,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvbflt64.sys -- (CompFilter64)
    DRV:64bit: - [2010/08/19 20:53:54 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmwfp.sys -- (tmwfp)
    DRV:64bit: - [2010/08/19 20:53:54 | 000,200,720 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmlwf.sys -- (tmlwf)
    DRV:64bit: - [2010/08/19 20:53:54 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmtdi.sys -- (tmtdi)
    DRV:64bit: - [2010/07/30 11:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys -- (tmxpflt)
    DRV:64bit: - [2010/07/30 11:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys -- (tmpreflt)
    DRV:64bit: - [2010/07/30 11:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vsapint.sys -- (vsapint)
    DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2009/11/24 21:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
    DRV:64bit: - [2009/11/24 21:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/12/22 01:37:14 | 000,185,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
    DRV:64bit: - [2008/12/12 18:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)
    DRV:64bit: - [2008/12/12 18:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)
    DRV:64bit: - [2008/09/28 06:46:48 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel(R)
    DRV:64bit: - [2008/09/28 02:22:14 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
    DRV:64bit: - [2008/05/23 14:54:38 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)
    DRV:64bit: - [2008/01/20 20:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
    DRV:64bit: - [2007/11/14 01:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2006/09/18 15:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z045&form=ZGAPHP
    IE - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/USCON/1
    IE - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
    IE - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial"
    FF - prefs.js..extensions.enabledItems: kgen@elitwork.com:0.7
    FF - prefs.js..extensions.enabledItems: {ff6bdc07-eed6-4815-ad95-d7938b673ab5}:1.1
    FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.8
    FF - prefs.js..extensions.enabledItems: seoquake-plugin-seolinx@seoquake.com:1.0.2
    FF - prefs.js..extensions.enabledItems: optout@dubfire.net:3.20
    FF - prefs.js..extensions.enabledItems: {22181a4d-af90-4ca3-a569-faed9118d6bc}:1.6.0.1126
    FF - prefs.js..extensions.enabledItems: firefox@zemanta.com:0.8
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z045&form=ZGAADF&q="


    FF - HKLM\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2010/08/19 21:09:01 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/02 18:51:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/02 18:51:16 | 000,000,000 | ---D | M]

    [2009/05/17 19:30:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions
    [2011/03/05 12:00:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\caulprq5.default\extensions
    [2010/05/08 21:51:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\caulprq5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/11/17 19:38:11 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\caulprq5.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
    [2010/11/17 19:38:08 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\caulprq5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2010/10/19 21:50:47 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\caulprq5.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
    [2010/01/29 19:13:28 | 000,000,000 | ---D | M] (SEOpen) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\caulprq5.default\extensions\{ff6bdc07-eed6-4815-ad95-d7938b673ab5}
    [2009/08/09 20:48:41 | 000,000,000 | ---D | M] (Acunetix Web Scanner (Free Edition)) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\caulprq5.default\extensions\acunetixwebscanner@attila.gerendi
    [2010/11/17 19:38:12 | 000,000,000 | ---D | M] (Zemanta) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\caulprq5.default\extensions\firefox@zemanta.com
    [2009/12/16 14:41:07 | 000,000,000 | ---D | M] ("KGen") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\caulprq5.default\extensions\kgen@elitwork.com
    [2010/10/19 21:50:55 | 000,000,000 | ---D | M] (TACO 3.0 with Abine) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\caulprq5.default\extensions\optout@dubfire.net
    [2009/06/16 18:18:21 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\caulprq5.default\extensions\seoquake-plugin-seolinx@seoquake.com
    [2011/03/04 19:53:59 | 000,001,919 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\caulprq5.default\searchplugins\bing-zugo.xml
    [2011/01/18 17:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/01/18 17:41:40 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/08/19 21:09:01 | 000,000,000 | ---D | M] (Trend Micro Toolbar) -- C:\PROGRAM FILES\TREND MICRO\TRENDSECURE\TISPROTOOLBAR\FIREFOXEXTENSION

    O1 HOSTS File: ([2011/03/02 22:02:45 | 000,000,734 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
    O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
    O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Skytel] File not found
    O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
    O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid\vid.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000..\Run: [Logitech Vid HD] C:\Program Files (x86)\Logitech\Vid\vid.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} http://192.168.1.253/SysCamInst.cab (AudioClient Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 76.239.149.89 75.7.64.62 192.168.1.1
    O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ipp - No CLSID value found
    O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\admin\Pictures\101MSDCF\DSC00820.JPG
    O24 - Desktop BackupWallPaper: C:\Users\admin\Pictures\101MSDCF\DSC00820.JPG
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/04/30 11:20:29 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/05 17:45:32 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    [2011/03/05 16:48:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/03/05 16:35:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/03/05 16:35:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/03/05 16:35:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/03/05 16:35:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/03/05 16:35:11 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/05 16:34:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/03/05 16:34:52 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/03/04 19:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileBulldog Toolbar
    [2011/03/04 19:53:38 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp File Cleaner
    [2011/03/04 19:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Temp File Cleaner
    [2011/03/03 18:40:11 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\backups
    [2011/03/03 18:04:40 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HijackThis.exe
    [2011/03/02 23:22:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2011/03/02 10:45:38 | 001,374,808 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\admin\Desktop\TDSSKiller.exe
    [2011/03/01 07:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2011/02/28 22:52:25 | 000,505,176 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2011/02/23 20:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/02/23 20:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/02/23 20:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/02/23 20:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    [2011/02/23 20:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2011/02/23 20:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2011/02/23 20:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/02/23 20:42:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2011/02/23 20:12:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
    [2011/02/23 20:11:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
    [2011/02/22 08:24:48 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Milestone Yelp
    [2011/02/21 17:44:03 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus
    [2011/02/21 17:42:07 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Yahoo!
    [2011/02/13 15:48:06 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\NDA
    [3 C:\Users\admin\Desktop\*.tmp files -> C:\Users\admin\Desktop\*.tmp -> ]
    [2 C:\Users\admin\Documents\*.tmp files -> C:\Users\admin\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/03/05 17:51:54 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
    [2011/03/05 17:50:07 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
    [2011/03/05 17:45:39 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    [2011/03/05 16:51:45 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/03/05 16:51:45 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/03/05 16:51:45 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/03/05 16:45:07 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (SD).job
    [2011/03/05 16:45:02 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/03/05 16:45:02 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/03/05 16:44:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/03/05 16:15:16 | 004,281,003 | R--- | M] () -- C:\Users\admin\Desktop\ComboFix.exe
    [2011/03/05 16:13:26 | 000,080,384 | ---- | M] () -- C:\Users\admin\Desktop\MBRCheck.exe
    [2011/03/05 10:32:49 | 000,296,448 | ---- | M] () -- C:\Users\admin\Desktop\gmer.exe
    [2011/03/04 20:08:29 | 000,000,974 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/03/04 20:08:29 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/04 20:00:38 | 000,965,021 | ---- | M] () -- C:\Users\admin\Desktop\TFC.jpg
    [2011/03/04 19:55:13 | 000,000,926 | ---- | M] () -- C:\Users\admin\Desktop\Temp File Cleaner.lnk
    [2011/03/04 17:34:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2011/03/03 00:19:59 | 001,374,808 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\admin\Desktop\TDSSKiller.exe
    [2011/03/02 23:47:25 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HijackThis.exe
    [2011/03/02 22:02:45 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/03/02 20:41:33 | 000,018,682 | ---- | M] () -- C:\Users\admin\Desktop\IEbookmark.htm
    [2011/03/02 20:36:48 | 000,121,663 | ---- | M] () -- C:\Users\admin\Desktop\FFbookmarks.html
    [2011/03/02 18:10:45 | 000,002,880 | ---- | M] () -- C:\Users\admin\AppData\Roaming\wklnhst.dat
    [2011/03/02 17:03:39 | 000,036,363 | ---- | M] () -- C:\Users\admin\Desktop\****-you.jpg
    [2011/03/02 09:08:58 | 000,001,750 | -H-- | M] () -- C:\Users\admin\Documents\Default.rdp
    [2011/03/01 15:04:40 | 000,151,742 | ---- | M] () -- C:\Users\admin\Desktop\MMAcodeofconduct.pdf
    [2011/02/26 19:33:01 | 000,031,744 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/02/26 18:36:22 | 000,398,192 | ---- | M] () -- C:\Users\admin\Desktop\attachments_2011_02_22.zip
    [2011/02/23 20:50:43 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/02/23 20:47:31 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/02/23 20:16:59 | 000,372,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/02/23 11:49:44 | 000,005,775 | ---- | M] () -- C:\Users\admin\Desktop\GoogSouthern404.csv
    [2011/02/23 09:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/02/23 09:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2011/02/23 09:04:07 | 000,238,968 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2011/02/23 08:57:04 | 000,280,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2011/02/23 08:57:01 | 000,505,176 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2011/02/23 08:55:53 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2011/02/23 08:55:13 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2011/02/23 08:55:05 | 000,064,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2011/02/23 08:54:58 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2011/02/22 22:14:43 | 000,220,971 | ---- | M] () -- C:\Users\admin\Desktop\scan0016.pdf
    [2011/02/21 17:36:18 | 012,572,782 | ---- | M] () -- C:\Users\admin\Desktop\Texas Steel.zip
    [2011/02/21 13:55:13 | 000,372,833 | ---- | M] () -- C:\Users\admin\Desktop\elec-E-3.pdf
    [2011/02/21 13:55:06 | 000,200,552 | ---- | M] () -- C:\Users\admin\Desktop\elec-E-2-NEW.pdf
    [2011/02/21 13:54:55 | 000,658,572 | ---- | M] () -- C:\Users\admin\Desktop\elec-E-4.pdf
    [2011/02/18 15:42:34 | 000,104,380 | ---- | M] () -- C:\Users\admin\Desktop\Dealers Job TSC.pdf
    [2011/02/16 17:00:31 | 002,866,795 | ---- | M] () -- C:\Users\admin\Desktop\attachments_2011_02_16.zip
    [2011/02/08 18:13:32 | 005,621,314 | ---- | M] () -- C:\Users\admin\Desktop\SAS02082011.zip
    [3 C:\Users\admin\Desktop\*.tmp files -> C:\Users\admin\Desktop\*.tmp -> ]
    [2 C:\Users\admin\Documents\*.tmp files -> C:\Users\admin\Documents\*.tmp -> ]

    [
     
  18. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    OTL.txt 2 of 2

    color=#E56717]========== Files Created - No Company Name ==========[/color]

    [2011/03/05 16:35:44 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/03/05 16:35:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/03/05 16:35:44 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/03/05 16:35:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/03/05 16:35:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/03/05 16:15:14 | 004,281,003 | R--- | C] () -- C:\Users\admin\Desktop\ComboFix.exe
    [2011/03/05 16:13:23 | 000,080,384 | ---- | C] () -- C:\Users\admin\Desktop\MBRCheck.exe
    [2011/03/04 20:08:29 | 000,000,974 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/03/04 20:00:36 | 000,965,021 | ---- | C] () -- C:\Users\admin\Desktop\TFC.jpg
    [2011/03/04 19:53:40 | 000,000,926 | ---- | C] () -- C:\Users\admin\Desktop\Temp File Cleaner.lnk
    [2011/03/02 20:41:33 | 000,018,682 | ---- | C] () -- C:\Users\admin\Desktop\IEbookmark.htm
    [2011/03/02 20:36:47 | 000,121,663 | ---- | C] () -- C:\Users\admin\Desktop\FFbookmarks.html
    [2011/03/02 17:03:38 | 000,036,363 | ---- | C] () -- C:\Users\admin\Desktop\****-you.jpg
    [2011/03/01 15:04:38 | 000,151,742 | ---- | C] () -- C:\Users\admin\Desktop\MMAcodeofconduct.pdf
    [2011/02/23 20:50:43 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/02/23 20:47:31 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/02/23 20:08:19 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
    [2011/02/23 20:08:19 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
    [2011/02/23 20:08:19 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
    [2011/02/23 20:08:19 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
    [2011/02/23 20:08:19 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
    [2011/02/23 20:08:19 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
    [2011/02/23 11:49:44 | 000,005,775 | ---- | C] () -- C:\Users\admin\Desktop\GoogSouthern404.csv
    [2011/02/22 22:14:43 | 000,220,971 | ---- | C] () -- C:\Users\admin\Desktop\scan0016.pdf
    [2011/02/22 22:01:25 | 000,398,192 | ---- | C] () -- C:\Users\admin\Desktop\attachments_2011_02_22.zip
    [2011/02/21 17:36:18 | 012,572,782 | ---- | C] () -- C:\Users\admin\Desktop\Texas Steel.zip
    [2011/02/21 13:55:13 | 000,372,833 | ---- | C] () -- C:\Users\admin\Desktop\elec-E-3.pdf
    [2011/02/21 13:55:06 | 000,200,552 | ---- | C] () -- C:\Users\admin\Desktop\elec-E-2-NEW.pdf
    [2011/02/21 13:54:55 | 000,658,572 | ---- | C] () -- C:\Users\admin\Desktop\elec-E-4.pdf
    [2011/02/18 15:45:52 | 000,104,380 | ---- | C] () -- C:\Users\admin\Desktop\Dealers Job TSC.pdf
    [2011/02/16 17:00:12 | 002,866,795 | ---- | C] () -- C:\Users\admin\Desktop\attachments_2011_02_16.zip
    [2011/02/08 18:24:20 | 005,621,314 | ---- | C] () -- C:\Users\admin\Desktop\SAS02082011.zip
    [2011/01/18 17:42:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/11/09 20:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
    [2010/11/09 20:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2010/11/09 20:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
    [2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2010/08/19 20:27:10 | 000,000,680 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
    [2010/07/13 20:13:45 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2010/07/13 20:13:44 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
    [2010/07/13 20:13:44 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2010/02/20 19:26:32 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys
    [2010/02/20 19:26:31 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\WinFLsrv.exe
    [2009/12/28 17:48:48 | 000,023,888 | ---- | C] () -- C:\Users\admin\AppData\Roaming\UserTile.png
    [2009/08/09 20:47:53 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
    [2009/08/07 15:41:00 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/08/07 15:40:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2009/08/07 15:40:11 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/08 07:37:36 | 000,002,880 | ---- | C] () -- C:\Users\admin\AppData\Roaming\wklnhst.dat
    [2009/05/26 19:40:44 | 000,144,503 | ---- | C] () -- C:\Windows\hpwins16.dat
    [2009/05/26 19:39:47 | 000,001,162 | ---- | C] () -- C:\Windows\hpwmdl16.dat
    [2009/05/19 22:56:34 | 000,031,744 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/05/18 20:59:34 | 000,011,321 | ---- | C] () -- C:\Windows\hpwscr16.dat
    [2009/05/17 17:36:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009/04/15 04:25:10 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2009/04/15 03:56:58 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
    [2009/04/15 00:43:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
    [2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
    [2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
    [2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
    [2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
    [2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
    [2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
    [2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
    [2008/04/28 10:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
    [2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

    ========== LOP Check ==========

    [2011/03/05 12:13:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Abine
    [2010/04/30 11:28:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Autodesk
    [2010/09/22 07:57:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/01/29 19:38:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Facebook
    [2010/06/22 20:19:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FileZilla
    [2011/01/22 18:51:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Leadertech
    [2009/12/28 17:48:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PeerNetworking
    [2010/12/18 10:18:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SmartDraw
    [2009/06/08 07:37:38 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Template
    [2011/03/05 16:44:00 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/03/05 16:45:07 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (SD).job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/12/27 15:13:54 | 000,025,084 | ---- | M] () -- C:\aaw7boot.log
    [2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2011/03/05 16:57:00 | 000,018,692 | ---- | M] () -- C:\ComboFix.txt
    [2009/04/15 04:30:07 | 000,004,884 | RH-- | M] () -- C:\dell.sdr
    [2010/05/05 21:06:21 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2011/03/05 16:44:51 | 304,361,470 | -HS- | M] () -- C:\pagefile.sys
    [2011/03/05 11:20:49 | 000,000,461 | ---- | M] () -- C:\Sys_LogWin.log
    [2011/03/03 00:20:53 | 000,061,448 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_03.03.2011_00.20.21_log.txt
    [2011/03/05 10:23:54 | 000,061,448 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_05.03.2011_10.19.10_log.txt
    [2011/03/05 11:14:14 | 000,061,448 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_05.03.2011_11.10.35_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 09:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 09:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 09:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/12/19 19:33:23 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 15:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/02/23 09:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2008/12/04 20:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 21:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
    [2010/12/31 18:48:38 | 000,000,010 | ---- | M] () -- C:\Program Files (x86)\eula.txt
    [2010/12/31 18:04:56 | 000,000,003 | ---- | M] () -- C:\Program Files (x86)\option.txt

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/12/19 19:54:21 | 000,000,286 | -HS- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2009/05/16 17:53:58 | 037,452,296 | ---- | M] (Lavasoft ) -- C:\Users\admin\Desktop\Ad-AwareAE.exe
    [2011/03/05 16:15:16 | 004,281,003 | R--- | M] () -- C:\Users\admin\Desktop\ComboFix.exe
    [2011/03/05 10:32:49 | 000,296,448 | ---- | M] () -- C:\Users\admin\Desktop\gmer.exe
    [2011/03/02 23:47:25 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HijackThis.exe
    [2011/03/05 16:13:26 | 000,080,384 | ---- | M] () -- C:\Users\admin\Desktop\MBRCheck.exe
    [2011/03/05 17:45:39 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    [2009/03/30 21:35:58 | 011,748,680 | ---- | M] (ParetoLogic ) -- C:\Users\admin\Desktop\Pareto_AV_Setup_RW.exe
    [2011/03/03 00:19:59 | 001,374,808 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\admin\Desktop\TDSSKiller.exe
    [3 C:\Users\admin\Desktop\*.tmp files -> C:\Users\admin\Desktop\*.tmp -> ]

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2009/12/19 19:53:28 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2009/12/19 19:52:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2009/12/19 19:52:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2009/12/19 19:52:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2009/12/19 19:52:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
    [2009/12/19 19:52:57 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/05/17 12:48:10 | 000,000,402 | -HS- | M] () -- C:\Users\admin\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2009/05/26 20:00:59 | 000,002,253 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2010/10/28 21:01:32 | 000,000,175 | ---- | M] () -- C:\ProgramData\OutlookFail.20101028.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
  19. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    Extras.txt

    OTL Extras logfile created on: 3/5/2011 5:47:20 PM - Run 1
    OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\admin\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 74.00% Memory free
    16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.10 Gb Total Space | 347.85 Gb Free Space | 59.86% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 7.72 Gb Free Space | 51.46% Space Free | Partition Type: NTFS

    Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html[@ = ChromeHTML] -- Reg Error: Key error. File not found
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
    InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = E7 B7 1C 01 17 81 CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07B9C01A-8BF3-4CA5-9296-7685FB256B2B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{1466890B-D586-4FEB-B107-795A3D55DAB4}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{23F18369-9E39-480B-B5A2-E98E8D93D5E9}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{2668768C-A2E7-4D8F-95EC-B24B2CD10872}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{2CECE461-D4AC-4294-A4D6-A72102113053}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{328721AC-D5A6-47CD-87BA-29200DA17AD2}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
    "{3F38AF81-53F7-44E5-938E-D2234D89B4B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{4BEF696C-0EFB-4DFB-B32E-6D7D99AB117D}" = rport=445 | protocol=6 | dir=out | app=system |
    "{5646BBB2-F1AA-49F6-8140-13FF6EDBC040}" = rport=139 | protocol=6 | dir=out | app=system |
    "{68DE9A3C-2516-4D3A-870C-D70ABE03B19D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6E66EE39-4701-4D42-B5F0-BE0D8E73886A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{70663EB1-95AF-476D-B8D3-32EDBB028B9E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{706800A3-23CE-4BDE-B4D5-0DE8413E9521}" = lport=445 | protocol=6 | dir=in | app=system |
    "{7A3A6941-2DD7-491A-BDDB-B6E651936E25}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{7EF87F07-BF66-43DB-91B7-A50754BF7BA7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{873118DD-4955-4833-ABDB-00B1A73F87BD}" = rport=137 | protocol=17 | dir=out | app=system |
    "{A1D1E1C9-9E92-4FC0-A10E-ECEF9A4A2286}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{A5406906-EE4F-471A-9ACF-082B24EBA6F5}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{AE5F8E7B-B0F9-4F8B-8C7C-D62AF2700292}" = rport=138 | protocol=17 | dir=out | app=system |
    "{B40FF7F6-2D26-44CA-9729-E919ABF7BAB7}" = lport=138 | protocol=17 | dir=in | app=system |
    "{BF860103-05F3-427F-B219-7ACC3EAD88C8}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
    "{CCA90FAF-30DB-475A-9BD2-66954631E3F3}" = lport=139 | protocol=6 | dir=in | app=system |
    "{DC6F4D4B-58AF-441B-991D-3822FA112D7A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E7B30008-2F1F-4F1B-AF07-FDC520246FB4}" = lport=137 | protocol=17 | dir=in | app=system |
    "{F2565DD3-23A9-4047-955A-276B38EC407E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00D0D406-4EFD-4609-869B-C8A65D16E52D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
    "{00DCB52A-8B97-4C16-831D-7382AF9CD998}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{060646A2-63F0-47D3-A8D1-E44C14BE2FB9}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid\vid.exe |
    "{0D520CA3-9513-47C3-9003-3B2451008620}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
    "{19A56569-3BC0-4E1D-B079-EA3622609BE3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{1A54C5E2-2792-4D74-A79E-CDD98471BE29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1DE51EB6-70C8-4B3C-8799-4E12CAAC23E8}" = protocol=6 | dir=out | app=system |
    "{26CDE221-50FF-4A3D-9EE0-73AB9492A203}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
    "{2E5C4A64-BA47-4536-AF22-6DFF46A4E231}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
    "{3D53D076-22C7-4F9F-837B-6860B037C1E2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
    "{4686005F-FDAB-44EF-A041-8F0CFA7E1E1F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{47237236-404D-4113-872B-C2B5CD093BDC}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{474450F2-DFDF-448D-9A6C-940D8F450889}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{4B9F83FE-8CEF-41E0-96AE-764B29B032EB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{515CC7A4-74F0-4937-9958-866120D29B88}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{52EDFBCD-9CFA-456A-B2BF-C781B54FC063}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
    "{53233CA6-8925-49FB-B5BC-AA4FC9E774F8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{5778C25E-FDDC-44F7-878B-DA5AB3B5EC4E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{5A7AF37C-A6AE-4BA2-B6CC-1AF680B15330}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5C5DFBCC-70FA-4580-AB12-5D32FA77AE83}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{5CF94077-5083-47A7-A6CA-3A1A84E0FEF7}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
    "{602E3E7E-D422-4D3A-8DBB-F918F5EA8AF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{62504D33-831F-43F0-89EA-49BFBEC0A822}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{656E1A13-6BFC-4D3E-80F3-599F9D639E5B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
    "{6908BF11-457E-4927-8D92-309C0BFE196E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{729FE6CF-7206-485A-BD90-AE67D62B2633}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
    "{76D07652-E026-40FB-B958-913AA4EAF57E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{82199598-FEDF-47AA-BC56-9CEFF7A9F355}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid\vid.exe |
    "{8BAD2A98-ABCE-4E52-8169-C5B5567FF32B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{8DDC5B84-E9C6-4E16-872C-214E19DD0850}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8F29CC46-E80D-4BBF-8ACA-D5C62B66803B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{9503FEA3-F5A0-43BC-9374-551507091F67}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
    "{A04F0DDD-CC2C-4684-992F-D4C9282B9459}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
    "{A3BD83B3-C62B-4FA2-BBEC-EE3FE2523B5F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{A46FAF53-BF02-4DB4-A257-7A0443DF270F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{A9CAA702-09B2-4BCD-9236-7551F9DE949E}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
    "{B24028AA-A90D-4777-828A-106D9B262DFF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B80D3D73-4F68-456F-ACD9-F31CC63CCB53}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{B9A8C668-0409-4F59-9B4C-110CB3404434}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{BEE40CB7-0FE3-4601-8707-C35B31522CBA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{C21C50CA-CC9E-49F0-A47A-F10A35113016}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{C4EA4C4F-E934-41D8-948D-618F487F2A6C}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
    "{C87E57FA-59A7-4435-9B4A-54ACE174BCCC}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{C9018C40-064C-4FC1-87CA-25994B3B2B7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
    "{CAEEA073-5E30-4A87-86B7-F3C3B1077535}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{CD7881F6-4955-47BC-90D0-EDBD3ED3E5E2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{D19F0058-EFD6-4501-B734-AC9C654F50D4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
    "{D38DC1FD-55CF-48DF-A381-0ADB7899F409}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D6C54353-8EF4-4343-89EE-190F96EBD890}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{DD40655F-861B-4210-9266-E77DEED9E6C9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{E1A80BF3-FEE8-4873-B168-B1C573E61B95}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E3F7C8BE-7016-4745-B3C9-9136CBC8CFB5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{EE8CF32C-C01A-47F1-B27A-EE8E03D0F319}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
    "{F0726179-D9A1-4DDE-B38E-9982EF12827C}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
    "{F2AA7318-8373-4C4C-B2E6-10B8EC9E2E96}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
    "{F7888035-ECB4-4084-ABF6-44A86EF1A155}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
    "{FAF05BBC-7B6F-4E91-A6CE-FC3EEFF55EA8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{FC72E517-8574-4E57-9619-87D848545E6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{FFF1C600-570F-4B2E-AF08-3A97957E958D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
    "TCP Query User{2E2EC22E-23D8-4476-8F18-E3978DE3121E}E:\netcam\easyconfig.exe" = protocol=6 | dir=in | app=e:\netcam\easyconfig.exe |
    "TCP Query User{8CF7A426-243E-43AE-AD71-DE6F5F8B836D}E:\software\ipeditv3.exe" = protocol=6 | dir=in | app=e:\software\ipeditv3.exe |
    "TCP Query User{A0D2CB86-06A0-4F3D-9304-5803A85F4878}C:\program files (x86)\eidos\battlestations pacific\bsp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\eidos\battlestations pacific\bsp.exe |
    "TCP Query User{D26594E8-E8B1-4EB4-8E4D-FE4C320D6739}C:\users\admin\appdata\local\temp\lmi4f6f.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\lmi4f6f.tmp\lmi_rescue.exe |
    "TCP Query User{EDD961B8-7CE7-4D56-B67D-1FDF32601492}C:\program files (x86)\logitech\vid\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid\vid.exe |
    "TCP Query User{FB332097-4C36-4419-B403-5752E1DBCDCD}C:\program files (x86)\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe |
    "UDP Query User{1469BF72-4E64-4B8F-9E1F-50AED226F513}E:\netcam\easyconfig.exe" = protocol=17 | dir=in | app=e:\netcam\easyconfig.exe |
    "UDP Query User{1D5A90A7-2751-4FC7-84B1-D1DA182A2CFD}C:\program files (x86)\eidos\battlestations pacific\bsp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\eidos\battlestations pacific\bsp.exe |
    "UDP Query User{62E21AF6-7A80-4042-AA5E-7369B6DC170D}C:\program files (x86)\logitech\vid\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid\vid.exe |
    "UDP Query User{979932EF-B5A9-483B-B847-CD27E79E5634}C:\program files (x86)\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe |
    "UDP Query User{B60EC93C-EB11-40AC-8748-05FFE4554D08}E:\software\ipeditv3.exe" = protocol=17 | dir=in | app=e:\software\ipeditv3.exe |
    "UDP Query User{CBDDFE0A-9C0C-44B2-811F-73AA70DD779C}C:\users\admin\appdata\local\temp\lmi4f6f.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\lmi4f6f.tmp\lmi_rescue.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5783F2D7-9028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2011
    "{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security Pro
    "{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
    "{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security Pro
    "{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
    "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
    "{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
    "{EA0F68A4-CC52-D061-C239-CC54377E9B79}" = ccc-utility64
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "{F793385C-5F01-4b46-B974-15A81FB86FF1}" = HP Officejet J3600 Series
    "CCleaner" = CCleaner
    "DWG TrueView 2011" = DWG TrueView 2011
    "HP Imaging Device Functions" = HP Imaging Device Functions 8.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
    "HPExtendedCapabilities" = HP Customer Participation Program 8.0
    "HPOCR" = HP OCR Software 8.0
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "PROSetDX" = Intel(R) Network Connections 13.1.33.0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
    "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0527E89C-E8B9-745F-8B7A-96530A214E54}" = Catalyst Control Center Localization Japanese
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{06A82E70-97F4-3BA9-65DB-692632659387}" = Catalyst Control Center InstallProxy
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0DF30031-F15F-FD36-D9F8-EBC23B901894}" = Catalyst Control Center Graphics Light
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
    "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
    "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
    "{19CD69C4-CF39-FCFC-3C36-02A6AEC62C42}" = CCC Help Spanish
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{22D643F2-0DAA-4DB4-0B3F-C5B0B6F5AEC8}" = Catalyst Control Center Localization Polish
    "{241FFFDE-06A1-BA33-1980-FC06F2F43ACD}" = CCC Help Turkish
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
    "{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
    "{2E35857A-0A45-D90C-7F9F-2C6EED18DF11}" = CCC Help French
    "{2F179735-F134-7E5F-9494-E2C5C39F0FBE}" = CCC Help Portuguese
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{306CD8FB-C567-F39C-8A3C-752AFE392023}" = CCC Help Korean
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3921564E-11A7-27AC-8D6F-D5FCA33DD083}" = Skins
    "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
    "{3E9016D4-5AD8-3A77-5A75-8C89C68992CD}" = Catalyst Control Center Graphics Previews Vista
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{4011B00E-26BE-7867-3D2C-BA85CF737C8B}" = Catalyst Control Center Localization Korean
    "{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
    "{43DF6A05-B79C-0AA4-EF59-843EFE398E3D}" = Catalyst Control Center Localization French
    "{463E450F-401B-37D8-CD6C-8782D755AB86}" = Catalyst Control Center Localization Chinese Standard
    "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
    "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{4D04C9A1-F28C-4F6F-9D66-81BB000693D9}" = BPDSoftware_Ini
    "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
    "{51114DCF-C263-88F0-937D-A80930617A8B}" = CCC Help Chinese Standard
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5C883FB3-9F17-C9F6-3D74-D2C2DAC3FA0D}" = Catalyst Control Center Localization Chinese Traditional
    "{60B3718D-B81B-FBFE-C6F8-88BAF5934C17}" = Catalyst Control Center Localization German
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69724AEA-DC5F-BF91-A2B3-9B97422173BC}" = ccc-core-static
    "{6A08D9B3-5E90-CDEA-3796-1E5C7AAD7F7D}" = Catalyst Control Center Localization Italian
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{6F60CD17-EE34-4f77-83B7-F8ADBDC31D46}" = ProductContext
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
    "{7456BBA3-642F-4E59-9F89-7639977D7C39}" = Cozi
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{8123165F-1AED-4B2A-9C70-BB42A777C97C}" = CCC Help Hungarian
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{8841C16B-EACC-82C0-18BC-7767CC9E740D}" = Catalyst Control Center Localization Spanish
    "{88FBDCF4-8ACF-46e6-9C33-231FBA6378D8}" = J3600
    "{892B4819-7E37-9C59-3A8C-7AE8A8261A7D}" = Catalyst Control Center Localization Portuguese
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8B0527BE-427B-459B-93B1-D30ED8CB4F93}" = Network Camera Recorder
    "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
    "{8CE4CB34-8187-42A1-B597-517760BEE8EC}" = BPD_Scan
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
    "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{9131B5A5-DCA5-8F8A-5799-14F7B0C0E97D}" = Catalyst Control Center Localization Hungarian
    "{925E788B-7624-F7BD-E331-2039774A2688}" = CCC Help Thai
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
    "{960DD947-B41A-2503-4079-E1EA314A4962}" = CCC Help Japanese
    "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A2BDAD24-875E-FDCA-1512-52F76435F5EE}" = CCC Help Italian
    "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
    "{A3E66D20-B986-0D55-7000-9A9427F51C54}" = Catalyst Control Center Localization Thai
    "{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B88A3C98-CB4D-E3C2-DE49-EDAF1DC55CC1}" = CCC Help English
    "{B9C73F69-63B7-552D-72D8-3C22B6B1A3E7}" = Catalyst Control Center Graphics Full New
    "{BBAB6D5D-1DD4-4D46-B5D9-121DCAB17DEC}" = Battlestations: Pacific
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
    "{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
    "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
    "{C716522C-3731-4667-8579-40B098294500}" = Toolbox
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE44ABFE-FAF9-3C62-1D27-C8B64C3DD321}" = CCC Help Polish
    "{CFC1C90B-E9A4-F656-BCA2-2A71ECCBD8F5}" = Catalyst Control Center Graphics Full Existing
    "{D27F8BF7-61A4-4F0D-A190-9E2CE8C0773B}" = 3600_Help
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D62C1FAE-4092-A40C-CB31-4372494808CC}" = CCC Help German
    "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
    "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{DEB7A862-71A2-C615-F620-5944F7FE8172}" = Catalyst Control Center Localization Turkish
    "{E01A8BFE-96AB-FEA3-4A3B-EEF9849D1E24}" = Catalyst Control Center Graphics Previews Common
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
    "{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
    "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
    "{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F569596C-049F-BF15-E0A9-B7605D9B181E}" = Catalyst Control Center Core Implementation
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{F7D39F49-4D13-FEAB-CAB5-E508336F074B}" = CCC Help Chinese Traditional
    "{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "avast" = avast! Free Antivirus
    "Brothers in Arms - Hell's Highway" = Brothers in Arms: Hell's Highway
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Dell Video Chat" = Dell Video Chat
    "ESET Online Scanner" = ESET Online Scanner v3
    "FileBulldog Toolbar" = FileBulldog Toolbar
    "FileZilla Client" = FileZilla Client 3.2.4.1
    "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
    "Linksys EasyLink Advisor" = Linksys EasyLink Advisor
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.6.14)" = Mozilla Firefox (3.6.14)
    "PunkBusterSvc" = PunkBuster Services
    "SmartDraw VP" = SmartDraw VP
    "STANDARDR" = Microsoft Office Standard 2007
    "Steam App 10180" = Call of Duty: Modern Warfare 2
    "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
    "Steam App 42700" = Call of Duty: Black Ops
    "Steam App 42710" = Call of Duty: Black Ops - Multiplayer
    "Steam App 500" = Left 4 Dead
    "Steam App 550" = Left 4 Dead 2
    "Temp File Cleaner" = Temp File Cleaner
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/28/2011 10:28:39 AM | Computer Name = admin-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/28/2011 4:16:24 PM | Computer Name = admin-PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 1.9.2.3989 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: d94 Start Time: 01cbd7842bedc0de Termination Time: 5

    Error - 2/28/2011 4:17:50 PM | Computer Name = admin-PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 1.9.2.3989 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 838 Start Time: 01cbd78460be90fe Termination Time: 16

    Error - 3/1/2011 12:45:32 AM | Computer Name = admin-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 3/1/2011 12:55:43 AM | Computer Name = admin-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 3/2/2011 11:12:11 AM | Computer Name = admin-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 3/2/2011 11:07:36 PM | Computer Name = admin-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 3/3/2011 12:06:42 AM | Computer Name = admin-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 3/3/2011 12:32:31 AM | Computer Name = admin-PC | Source = EventSystem | ID = 4609
    Description =

    Error - 3/3/2011 12:33:21 AM | Computer Name = admin-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 3/5/2011 11:54:59 AM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 3/5/2011 11:54:59 AM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 3/5/2011 5:40:48 PM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 3/5/2011 6:34:59 PM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 3/5/2011 6:34:59 PM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 3/5/2011 6:36:41 PM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 3/5/2011 6:39:14 PM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 3/5/2011 6:43:10 PM | Computer Name = admin-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 3/5/2011 6:43:49 PM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 3/5/2011 6:46:38 PM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >
     
  20. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    Broni,
    Redirect to google.com.br
    still there...
     
  21. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Which browser is affected?

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      [2011/03/04 19:53:59 | 000,001,919 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\caulprq5.default\se archplugins\bing-zugo.xml
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O4:64bit: - HKLM..\Run: [Skytel] File not found
      O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
      O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
      O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [3 C:\Users\admin\Desktop\*.tmp files -> C:\Users\admin\Desktop\*.tmp -> ]
      [2 C:\Users\admin\Documents\*.tmp files -> C:\Users\admin\Documents\*.tmp -> ]
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  22. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    Browser affected most is Firefox, but if in IE and go to Google, the redirect occurs also.
    Completed the Java install/unistall old.
    Will remove Trend when you tell me ok to do so.

    OLT file:

    All processes killed
    ========== OTL ==========
    File C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\caulprq5.default\se archplugins\bing-zugo.xml not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Skytel not found.
    File move failed. C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
    File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    File/Folder C:\Users\admin\Desktop\*.tmp not found.
    File/Folder C:\Users\admin\Documents\*.tmp not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: admin
    ->Temp folder emptied: 1275446 bytes
    ->Temporary Internet Files folder emptied: 8410900 bytes
    ->Java cache emptied: 1957 bytes
    ->FireFox cache emptied: 42127003 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 635 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 65943 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 136398 bytes

    Total Files Cleaned = 50.00 mb


    [EMPTYFLASH]

    User: admin
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.2 log created on 03052011_190804

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
    File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
    C:\Users\admin\AppData\Local\Temp\TMFBE_5856\.inuse moved successfully.
    C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q8TGHBTC\crosspixel-dest[1].htm moved successfully.
    C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q8TGHBTC\sh33[1].htm moved successfully.
    C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q8TGHBTC\signin[1].htm moved successfully.
    C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13B8TZQM\topic162031-2[1].htm moved successfully.
    C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  23. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    Safe Check

    Results of screen317's Security Check version 0.99.7
    Windows Vista (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Temp File Cleaner
    Java(TM) 6 Update 24
    Java(TM) 6 Update 3
    Out of date Java installed!
    Adobe Flash Player 10.0.22.87
    Adobe Reader 9
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.14)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Alwil Software Avast5 AvastSvc.exe
    Trend Micro TrendSecure TISProToolbar ProToolbarUpdate.exe
    Trend Micro Internet Security TMAS_OE TMAS_OEMon.exe
    Trend Micro TrendSecure TISProToolbar PlatformDependent\ProToolbarComm.exe
    Trend Micro TrendSecure TSCFPlatformCOMSvr.exe
    ``````````End of Log````````````
     
  24. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Uninstall Java(TM) 6 Update 3 .

    Update Firefox to the latest 3.6.15 version.

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    You can uninstall Trend at any time.
     
  25. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    well... still on my pc.
    Unreal.
    who created this. I'd like to meet him/her and F*^*^* them up REAL bad.

    Looks like i have to wipe my drives.
    thanks
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.