Solved BSOD, Rootkit problem. Oops

[buggedBoy]

Looks like I managed to get a rootkit install. I am an *****.

Here's the requested logs:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5379

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/22/2010 9:55:45 PM
mbam-log-2010-12-22 (21-55-45).txt

Scan type: Quick scan
Objects scanned: 144735
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
====================================


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-22 21:59:09
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HTS721080G9SA00 rev.MC4OC10H
Running: m8908ghl.exe; Driver: C:\Users\rdeluca\AppData\Local\Temp\kxldqpow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 156301232 (+255): rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 852761F8
Device \Driver\atapi \Device\Ide\IdePort1 852761F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 852761F8
Device \Driver\VClone \Device\Scsi\VClone1 862C01F8
Device \FileSystem\Ntfs \Ntfs 852781F8
Device \FileSystem\fastfat \Fat 87F0A1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HTS721080G9SA00_________________MC4OC10H#5&796032e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----


DDS (Ver_10-12-12.02) - NTFSx86
Run by rdeluca at 21:40:32.26 on Wed 12/22/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.1209 [GMT -5:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\rdeluca\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://mail.lhup.edu/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [Google Update] "c:\users\rdeluca\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [NACAgentUI] c:\program files\cisco\cisco nac agent\NACAgentUI.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 173.192.164.106 minecraftwiki.net www.minecraftwiki.net

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-22 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-22 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-6 61960]
R2 NACAgent;Cisco NAC Agent;c:\program files\cisco\cisco nac agent\NACAgent.exe [2010-7-9 1053440]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2010-9-6 6076272]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2010-9-6 616816]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-28 4233728]
S3 DBGUBZD;DBGUBZD;c:\users\rdeluca\appdata\local\temp\dbgubzd.exe --> c:\users\rdeluca\appdata\local\temp\DBGUBZD.exe [?]
S3 DXP;DXP;c:\users\rdeluca\appdata\local\temp\dxp.exe --> c:\users\rdeluca\appdata\local\temp\DXP.exe [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-11-23 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-11-23 8456]
S3 KCFEZTAMNFZO;KCFEZTAMNFZO;c:\users\rdeluca\appdata\local\temp\kcfeztamnfzo.exe --> c:\users\rdeluca\appdata\local\temp\KCFEZTAMNFZO.exe [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-5-8 42752]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-9-6 16240]
S3 WAGNZRHIZYK;WAGNZRHIZYK;c:\users\rdeluca\appdata\local\temp\wagnzrhizyk.exe --> c:\users\rdeluca\appdata\local\temp\WAGNZRHIZYK.exe [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-9 1343400]

=============== Created Last 30 ================

2010-12-22 22:41:01 -------- d-----w- c:\users\rdeluca\appdata\roaming\Malwarebytes
2010-12-22 22:40:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-22 22:40:54 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-22 22:40:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-22 22:40:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-22 20:37:05 -------- d-----w- c:\users\rdeluca\appdata\roaming\Avira
2010-12-22 20:35:33 -------- d-----w- c:\progra~2\Avira
2010-12-22 20:18:18 -------- d-----w- C:\adfbca92fe17870c1ff1141b9ba4
2010-12-22 20:18:11 38848 ----a-w- c:\windows\avastSS.scr
2010-12-22 20:18:01 -------- d-----w- c:\progra~2\Alwil Software
2010-12-22 20:05:58 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{0cf4aaf1-f829-4b10-9356-c2e93187afc5}\mpengine.dll
2010-12-21 01:10:49 -------- d-----w- c:\windows\rescache
2010-12-15 02:52:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 02:49:52 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 02:49:52 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 02:49:49 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-15 02:49:47 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-10 18:10:22 -------- d-----w- c:\program files\MSXML 4.0
2010-12-09 18:15:58 539968 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
2010-12-08 21:42:02 -------- d-----w- c:\program files\Motorola
2010-12-08 17:56:39 -------- d-----w- c:\program files\common files\Motorola Shared
2010-12-08 17:54:52 -------- d-----w- C:\android
2010-12-06 06:00:15 -------- d-----w- c:\progra~2\vsosdk
2010-12-06 03:48:44 87608 ----a-w- c:\users\rdeluca\appdata\roaming\inst.exe
2010-12-06 03:48:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-12-06 03:48:44 47360 ----a-w- c:\users\rdeluca\appdata\roaming\pcouffin.sys
2010-12-06 03:48:24 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-12-06 03:48:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-12-06 03:48:24 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-12-06 03:48:24 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-12-06 03:48:24 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-12-06 03:48:23 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-12-06 03:48:23 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-12-06 03:48:18 -------- d-----w- c:\program files\VSO
2010-12-06 03:47:24 -------- d-----w- c:\users\rdeluca\appdata\roaming\DAEMON Tools Lite
2010-12-06 03:47:19 -------- d-----w- c:\progra~2\DAEMON Tools Lite
2010-11-25 01:05:05 737072 ----a-w- c:\progra~2\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2010-11-25 01:04:48 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
2010-11-25 01:04:35 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
2010-11-25 01:04:32 588096 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2010-11-24 04:35:43 2217088 ----a-w- c:\windows\system32\BootMan.exe
2010-11-24 04:35:43 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-11-24 04:35:42 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-11-24 04:35:42 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-11-24 04:35:42 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2010-11-24 04:35:29 -------- d-----w- c:\program files\EASEUS

==================== Find3M ====================

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 20:35:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-19 20:51:33 222080 ----a-w- c:\windows\system32\MpSigStub.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: Hitachi_HTS721080G9SA00 rev.MC4OC10H -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x860CD555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x860d37b0]; MOV EAX, [0x860d382c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82C5B458] -> \Device\Harddisk0\DR0[0x860A31C8]
3 CLASSPNP[0x893B559E] -> ntkrnlpa!IofCallDriver[0x82C5B458] -> [0x85F76918]
5 ACPI[0x8362B3B2] -> ntkrnlpa!IofCallDriver[0x82C5B458] -> \IdeDeviceP0T0L0-0[0x85FA3030]
\Driver\atapi[0x860A67E8] -> IRP_MJ_CREATE -> 0x860CD555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HTS721080G9SA00_________________MC4OC10H#5&796032e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 156301486 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 21:41:24.98 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 3/6/2010 4:29:27 PM
System Uptime: 12/22/2010 6:04:28 PM (3 hours ago)

Motherboard: Dell Inc. | | 0FF093
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 2000/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 72 GiB total, 3.831 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 1.963 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

7-Zip 4.65
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
Bamboo
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Canon Inkjet Printer Driver Add-On Module
Canon Utilities My Printer
CCleaner
Cisco NAC Agent
Conexant HDA D110 MDC V.92 Modem
Connect
ConvertXtoDVD 3.3.2.100
Cosmic Dodgeball V2.0
Defraggler
Dell Driver Download Manager
Dell Touchpad
Digital Line Detect
EASEUS Partition Master 6.5.2 Home Edition
EndItAll 2.0
Fraps
Ghost Master
Google Chrome
Half-Life 2
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
HxD Hex Editor version 1.7.7.0
ImgBurn
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
Java Auto Updater
Java DB 10.4.2.1
Java(TM) 6 Update 22
Java(TM) SE Development Kit 6 Update 18
kuler
League of Legends
Malwarebytes' Anti-Malware
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft IntelliPoint 7.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows Application Compatibility Database
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Motorola Mobile Drivers Installation 4.8.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Server 5.1
MySQL Workbench 5.2 CE
Notepad++
NTRU TCG Software Stack
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenAL
OZ776 SCR Driver V1.1.4.202
PDF-Viewer
PDF Settings CS4
PFPortChecker 1.0.36
Photoshop Camera Raw
PuTTY version 0.60
Puzzle Quest
Recuva
RSDLite
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SigmaTel Audio
Skype™ 4.2
SpeedFan (remove only)
SpinnerDemo
StarCraft II
Steam
Suite Shared Configuration CS4
System Requirements Lab
Team Fortress 2
The Elder Scrolls III: Morrowind
Trillian
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
Update for Outlook 2007 Junk Email Filter (KB2466076)
USB Webcam
VC Runtimes MSI
VirtualCloneDrive
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 1.0.5
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Mobile 5.0 SDK R2 for Smartphone
WinPcap 4.1.1
WinRAR archiver
WinSCP 4.2.7
Wireshark 1.2.6
Xvid 1.2.1 final uninstall

==== Event Viewer Messages From Past Week ========

12/22/2010 9:36:10 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 00-14-D1-4D-3D-39. Network operations on this system may be disrupted as a result.
12/22/2010 6:54:49 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
12/22/2010 6:17:22 PM, Error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 5:58:59 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
12/22/2010 5:52:06 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.25 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
12/22/2010 5:51:47 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/22/2010 5:36:21 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/22/2010 5:34:00 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
12/22/2010 5:31:07 PM, Error: Service Control Manager [7034] - The StarWind AE Service service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 5:28:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/22/2010 5:28:13 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x8cd9aa00, 0x00000002, 0x00000000, 0x836affb6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-30139-01.
12/22/2010 4:11:03 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2010-0840.W&threatid=2147641020 User: Blue-PC\rdeluca Name: Exploit:Java/CVE-2010-0840.W ID: 2147641020 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.2197.0, AS: 1.95.2197.0 Engine Version: 1.1.6402.0
12/22/2010 4:02:40 PM, Error: Service Control Manager [7030] - The OQFQTU service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 4:02:35 PM, Error: Service Control Manager [7034] - The DBGUBZD service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 3:59:23 PM, Error: Service Control Manager [7030] - The DXP service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 3:59:23 PM, Error: Service Control Manager [7030] - The DBGUBZD service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 3:59:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the KCFEZTAMNFZO service to connect.
12/22/2010 3:59:23 PM, Error: Service Control Manager [7000] - The KCFEZTAMNFZO service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/22/2010 3:58:53 PM, Error: Service Control Manager [7030] - The KCFEZTAMNFZO service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 3:58:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WAGNZRHIZYK service to connect.
12/22/2010 3:58:25 PM, Error: Service Control Manager [7000] - The WAGNZRHIZYK service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/22/2010 3:57:53 PM, Error: Service Control Manager [7030] - The WAGNZRHIZYK service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 3:55:55 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/22/2010 3:55:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82e8c050, 0x8b11b774, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-32697-01.
12/22/2010 3:36:12 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
12/22/2010 3:30:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2197.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
12/22/2010 3:20:03 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/22/2010 3:19:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82d042f1, 0x8b113a60, 0x8b113640). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-37830-01.
12/22/2010 3:06:09 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/22/2010 3:01:02 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
12/22/2010 2:56:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82d062f1, 0x8b323a60, 0x8b323640). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-33119-01.
12/22/2010 2:51:26 PM, Error: Service Control Manager [7030] - The WABSLPBF service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 2:48:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SMX service to connect.
12/22/2010 2:48:10 PM, Error: Service Control Manager [7000] - The SMX service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/22/2010 2:47:40 PM, Error: Service Control Manager [7030] - The SMX service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 12:27:31 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 00-17-EE-01-AB-CB. Network operations on this system may be disrupted as a result.
12/22/2010 1:04:02 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{77E81000-7855-4444-8C21-96A75B56820F} because another computer on the network has the same name. The server could not start.
12/22/2010 1:03:19 PM, Error: BridgeMP [14702] - Bridge [Adapter Intel(R) PRO/Wireless 3945ABG Network Connection]: The bridge could not modify the network adapter's packet filter. The network adapter will not function correctly.
12/22/2010 1:03:18 PM, Error: BridgeMP [14702] - Bridge [Adapter Broadcom NetXtreme 57xx Gigabit Controller]: The bridge could not modify the network adapter's packet filter. The network adapter will not function correctly.
12/22/2010 1:02:35 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{D008B58B-B602-4C7C-9BE9-607BF50A12C8} because another computer on the network has the same name. The server could not start.
12/21/2010 9:57:46 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 00-00-00-00-00-00. Network operations on this system may be disrupted as a result.
12/21/2010 11:52:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.
12/20/2010 7:18:13 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.112 with the system having network hardware address 00-25-AE-71-60-5F. Network operations on this system may be disrupted as a result.
12/20/2010 2:05:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12/18/2010 10:13:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
12/15/2010 4:16:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

==== End Of File ===========================

:-/

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================================================

You're running two AV programs, Microsoft Security Essentials and Avira.
One of them has to go. Your choice.

Now....

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[buggedBoy]

2010/12/22 22:42:08.0981 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/22 22:42:08.0981 ================================================================================
2010/12/22 22:42:08.0981 SystemInfo:
2010/12/22 22:42:08.0981
2010/12/22 22:42:08.0981 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/22 22:42:08.0981 Product type: Workstation
2010/12/22 22:42:08.0981 ComputerName: BLUE-PC
2010/12/22 22:42:08.0986 UserName: rdeluca
2010/12/22 22:42:08.0986 Windows directory: C:\Windows
2010/12/22 22:42:08.0986 System windows directory: C:\Windows
2010/12/22 22:42:08.0986 Processor architecture: Intel x86
2010/12/22 22:42:08.0986 Number of processors: 2
2010/12/22 22:42:08.0986 Page size: 0x1000
2010/12/22 22:42:08.0986 Boot type: Normal boot
2010/12/22 22:42:08.0986 ================================================================================
2010/12/22 22:42:09.0726 Initialize success
2010/12/22 22:42:29.0477 ================================================================================
2010/12/22 22:42:29.0477 Scan started
2010/12/22 22:42:29.0477 Mode: Manual;
2010/12/22 22:42:29.0477 ================================================================================
2010/12/22 22:42:30.0304 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/22 22:42:30.0382 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/22 22:42:30.0413 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/22 22:42:30.0538 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/22 22:42:30.0601 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/22 22:42:30.0632 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/22 22:42:30.0772 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/12/22 22:42:30.0819 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/22 22:42:30.0881 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/22 22:42:31.0006 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/22 22:42:31.0053 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/12/22 22:42:31.0069 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/22 22:42:31.0115 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/22 22:42:31.0147 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/22 22:42:31.0256 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/22 22:42:31.0303 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/22 22:42:31.0334 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/22 22:42:31.0412 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/12/22 22:42:31.0537 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/12/22 22:42:31.0615 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/12/22 22:42:31.0646 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/22 22:42:31.0771 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/22 22:42:31.0802 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/22 22:42:32.0036 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/12/22 22:42:32.0098 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/12/22 22:42:32.0239 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/12/22 22:42:32.0285 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/22 22:42:32.0317 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/22 22:42:32.0348 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/22 22:42:32.0379 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/22 22:42:32.0504 Bridge (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
2010/12/22 22:42:32.0535 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
2010/12/22 22:42:32.0582 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/12/22 22:42:32.0613 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/22 22:42:32.0644 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/22 22:42:32.0738 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/22 22:42:32.0769 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/22 22:42:32.0831 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/22 22:42:32.0894 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/22 22:42:32.0987 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/22 22:42:33.0034 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/12/22 22:42:33.0112 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/22 22:42:33.0128 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/22 22:42:33.0175 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/12/22 22:42:33.0268 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/22 22:42:33.0315 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/22 22:42:33.0377 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/22 22:42:33.0518 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/12/22 22:42:33.0611 dc3d (aac6b0c7ae7d25a03d2b8dbd5185c0b3) C:\Windows\system32\DRIVERS\dc3d.sys
2010/12/22 22:42:33.0674 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/12/22 22:42:33.0752 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/12/22 22:42:33.0814 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/12/22 22:42:33.0908 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/12/22 22:42:33.0970 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/22 22:42:34.0220 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/12/22 22:42:34.0407 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/12/22 22:42:34.0485 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/22 22:42:34.0641 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
2010/12/22 22:42:34.0703 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/22 22:42:34.0781 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
2010/12/22 22:42:34.0937 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/12/22 22:42:34.0984 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/12/22 22:42:35.0015 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/22 22:42:35.0047 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/12/22 22:42:35.0078 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/12/22 22:42:35.0187 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/22 22:42:35.0249 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/12/22 22:42:35.0312 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/12/22 22:42:35.0343 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/22 22:42:35.0405 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/22 22:42:35.0530 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/22 22:42:35.0608 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2010/12/22 22:42:35.0764 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/22 22:42:35.0920 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/12/22 22:42:35.0983 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/22 22:42:36.0107 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/22 22:42:36.0139 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/22 22:42:36.0170 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/22 22:42:36.0232 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/22 22:42:36.0357 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/22 22:42:36.0451 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/12/22 22:42:36.0575 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/12/22 22:42:36.0653 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/12/22 22:42:36.0716 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/22 22:42:36.0794 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/22 22:42:36.0856 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/22 22:42:37.0028 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/22 22:42:37.0075 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/22 22:42:37.0106 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/22 22:42:37.0153 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/22 22:42:37.0277 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/22 22:42:37.0309 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/12/22 22:42:37.0355 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/12/22 22:42:37.0387 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/22 22:42:37.0433 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/22 22:42:37.0574 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/22 22:42:37.0621 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/22 22:42:37.0683 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/22 22:42:37.0808 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/22 22:42:37.0901 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/22 22:42:37.0964 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/22 22:42:38.0089 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/22 22:42:38.0120 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/22 22:42:38.0151 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/22 22:42:38.0198 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/12/22 22:42:38.0307 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/12/22 22:42:38.0354 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/22 22:42:38.0401 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/22 22:42:38.0541 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/12/22 22:42:38.0588 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/22 22:42:38.0666 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\Windows\system32\DRIVERS\motodrv.sys
2010/12/22 22:42:38.0791 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/22 22:42:38.0853 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/22 22:42:38.0884 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/12/22 22:42:38.0993 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/12/22 22:42:39.0056 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/22 22:42:39.0071 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/12/22 22:42:39.0103 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/22 22:42:39.0134 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/12/22 22:42:39.0259 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/22 22:42:39.0305 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/22 22:42:39.0337 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/22 22:42:39.0383 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/22 22:42:39.0415 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/22 22:42:39.0524 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/12/22 22:42:39.0571 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/22 22:42:39.0586 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/22 22:42:39.0649 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/22 22:42:39.0758 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/22 22:42:39.0789 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/12/22 22:42:39.0820 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/12/22 22:42:39.0867 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/22 22:42:39.0929 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/12/22 22:42:40.0054 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/22 22:42:40.0085 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/12/22 22:42:40.0273 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/22 22:42:40.0335 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/12/22 22:42:40.0475 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/22 22:42:40.0522 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/22 22:42:40.0553 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/22 22:42:40.0600 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/22 22:42:40.0631 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/12/22 22:42:40.0741 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/22 22:42:40.0787 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/22 22:42:41.0037 netw5v32 (f0c42e0cdce558d658fa53a222b4ccb1) C:\Windows\system32\DRIVERS\netw5v32.sys
2010/12/22 22:42:41.0302 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/22 22:42:41.0365 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
2010/12/22 22:42:41.0396 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/12/22 22:42:41.0427 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/22 22:42:41.0505 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/12/22 22:42:41.0661 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2010/12/22 22:42:41.0708 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/12/22 22:42:41.0989 nvlddmkm (beb7035b5c4fd07dfd6f640291c540cf) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/12/22 22:42:42.0332 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/22 22:42:42.0379 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/22 22:42:42.0410 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/22 22:42:42.0441 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/22 22:42:42.0503 omci (2d67ddaea9cbcf2cf47b87336563c173) C:\Windows\system32\DRIVERS\omci.sys
2010/12/22 22:42:42.0644 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/12/22 22:42:42.0675 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/12/22 22:42:42.0706 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/12/22 22:42:42.0737 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/12/22 22:42:42.0769 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/22 22:42:42.0800 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/22 22:42:42.0956 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2010/12/22 22:42:43.0003 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/12/22 22:42:43.0049 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/12/22 22:42:43.0221 Point32 (04df0452fbededf9297fd2e5440cb3c9) C:\Windows\system32\DRIVERS\point32k.sys
2010/12/22 22:42:43.0315 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/22 22:42:43.0330 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/12/22 22:42:43.0471 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/22 22:42:43.0549 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/22 22:42:43.0689 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/22 22:42:43.0736 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/22 22:42:43.0767 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/22 22:42:43.0814 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/22 22:42:43.0845 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/22 22:42:43.0970 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/22 22:42:44.0017 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/22 22:42:44.0048 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/22 22:42:44.0079 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/22 22:42:44.0110 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/22 22:42:44.0157 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/12/22 22:42:44.0282 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/22 22:42:44.0313 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/22 22:42:44.0344 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/12/22 22:42:44.0391 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/12/22 22:42:44.0547 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/22 22:42:44.0594 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/12/22 22:42:44.0641 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/22 22:42:44.0672 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/22 22:42:44.0812 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/22 22:42:44.0890 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/22 22:42:44.0921 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/12/22 22:42:44.0937 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/22 22:42:45.0062 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/22 22:42:45.0109 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/22 22:42:45.0124 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/22 22:42:45.0155 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/22 22:42:45.0187 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/12/22 22:42:45.0311 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/22 22:42:45.0343 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/22 22:42:45.0389 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/12/22 22:42:45.0530 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2010/12/22 22:42:45.0577 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/12/22 22:42:45.0686 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/12/22 22:42:45.0686 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/12/22 22:42:45.0686 sptd - detected Locked file (1)
2010/12/22 22:42:45.0811 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/22 22:42:45.0857 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/22 22:42:45.0920 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/12/22 22:42:46.0060 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/12/22 22:42:46.0154 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/12/22 22:42:46.0263 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/22 22:42:46.0388 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/22 22:42:46.0466 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2010/12/22 22:42:46.0591 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/12/22 22:42:46.0637 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/12/22 22:42:46.0684 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/22 22:42:46.0793 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/12/22 22:42:46.0981 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/22 22:42:47.0105 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/22 22:42:47.0168 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/12/22 22:42:47.0199 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/22 22:42:47.0230 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/22 22:42:47.0246 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/22 22:42:47.0402 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/22 22:42:47.0449 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/22 22:42:47.0495 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/22 22:42:47.0527 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/22 22:42:47.0667 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/22 22:42:47.0698 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/22 22:42:47.0745 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/22 22:42:47.0792 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/22 22:42:47.0901 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/22 22:42:47.0948 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/22 22:42:47.0995 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/22 22:42:48.0026 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/22 22:42:48.0151 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/22 22:42:48.0182 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/22 22:42:48.0213 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/22 22:42:48.0275 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
2010/12/22 22:42:48.0322 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
2010/12/22 22:42:48.0431 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/22 22:42:48.0494 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/22 22:42:48.0525 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/12/22 22:42:48.0556 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/22 22:42:48.0681 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/12/22 22:42:48.0712 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/12/22 22:42:48.0728 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/22 22:42:48.0775 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/12/22 22:42:48.0806 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/12/22 22:42:48.0837 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/22 22:42:48.0868 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/12/22 22:42:48.0993 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/22 22:42:49.0055 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/22 22:42:49.0102 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/12/22 22:42:49.0243 wacmoumonitor (026d58e9d7701f6b26b0b499f1705334) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2010/12/22 22:42:49.0274 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2010/12/22 22:42:49.0305 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/22 22:42:49.0367 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
2010/12/22 22:42:49.0508 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/22 22:42:49.0523 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/22 22:42:49.0601 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/12/22 22:42:49.0633 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/22 22:42:49.0789 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/22 22:42:49.0820 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/12/22 22:42:49.0882 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/12/22 22:42:50.0038 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
2010/12/22 22:42:50.0101 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/22 22:42:50.0163 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/22 22:42:50.0210 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/12/22 22:42:50.0241 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/22 22:42:50.0381 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2010/12/22 22:42:50.0459 xusb21 (276842a27953be204a2507096f09b1f3) C:\Windows\system32\DRIVERS\xusb21.sys
2010/12/22 22:42:50.0522 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/22 22:42:50.0522 ================================================================================
2010/12/22 22:42:50.0522 Scan finished
2010/12/22 22:42:50.0522 ================================================================================
2010/12/22 22:42:50.0537 Detected object count: 2
2010/12/22 22:42:56.0200 Locked file(sptd) - User select action: Skip
2010/12/22 22:42:56.0231 \HardDisk0 - will be cured after reboot
2010/12/22 22:42:56.0247 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/22 22:42:59.0242 Deinitialize success

 

[Broni]

Good job
Killed!

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[buggedBoy]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Latitude D820
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 172):
0x82C07000 \SystemRoot\system32\ntkrnlpa.exe
0x83017000 \SystemRoot\system32\halmacpi.dll
0x80BAB000 \SystemRoot\system32\kdcom.dll
0x8320E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83286000 \SystemRoot\system32\PSHED.dll
0x83297000 \SystemRoot\system32\BOOTVID.dll
0x8329F000 \SystemRoot\system32\CLFS.SYS
0x832E1000 \SystemRoot\system32\CI.dll
0x8338C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83200000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88E02000 \SystemRoot\System32\Drivers\spah.sys
0x88EF5000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x88EFE000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x88F24000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x88F6C000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x88F74000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x88F7F000 \SystemRoot\system32\DRIVERS\pci.sys
0x88FA9000 \SystemRoot\System32\drivers\partmgr.sys
0x88FBA000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x88FC2000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88FCD000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x89030000 \SystemRoot\System32\drivers\volmgrx.sys
0x8907B000 \SystemRoot\system32\DRIVERS\intelide.sys
0x89082000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x89090000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x890BE000 \SystemRoot\System32\drivers\mountmgr.sys
0x890D4000 \SystemRoot\system32\DRIVERS\atapi.sys
0x890DD000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x89100000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x89109000 \SystemRoot\system32\drivers\fltmgr.sys
0x8913D000 \SystemRoot\system32\drivers\fileinfo.sys
0x8922B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8935A000 \SystemRoot\System32\Drivers\msrpc.sys
0x89385000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89398000 \SystemRoot\System32\Drivers\cng.sys
0x89200000 \SystemRoot\System32\drivers\pcw.sys
0x8920E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x89422000 \SystemRoot\system32\drivers\ndis.sys
0x894D9000 \SystemRoot\system32\drivers\NETIO.SYS
0x89517000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x89603000 \SystemRoot\System32\drivers\tcpip.sys
0x8974C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8977D000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x89786000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x897C5000 \SystemRoot\System32\Drivers\spldr.sys
0x897CD000 \SystemRoot\system32\speedfan.sys
0x897CF000 \SystemRoot\System32\drivers\rdyboost.sys
0x8953C000 \SystemRoot\System32\Drivers\mup.sys
0x8954C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x897FC000 \SystemRoot\system32\giveio.sys
0x89554000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x89586000 \SystemRoot\system32\DRIVERS\disk.sys
0x89597000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x89400000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8914E000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x895EE000 \SystemRoot\System32\Drivers\Null.SYS
0x895F5000 \SystemRoot\System32\Drivers\Beep.SYS
0x89217000 \SystemRoot\System32\drivers\vga.sys
0x89171000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x89192000 \SystemRoot\System32\drivers\watchdog.sys
0x89223000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x893F5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8919F000 \SystemRoot\system32\drivers\rdprefmp.sys
0x891A7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x891B2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x891C0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x891D7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8DC0A000 \SystemRoot\system32\drivers\afd.sys
0x8DC64000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DC96000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8DC9D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DCBC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DCCA000 \SystemRoot\system32\DRIVERS\serial.sys
0x8DCE4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8DCF7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DD07000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8DD48000 \SystemRoot\system32\DRIVERS\omci.sys
0x8DD53000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8DD5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8DD67000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x8DD6C000 \SystemRoot\System32\drivers\discache.sys
0x8DD78000 \SystemRoot\system32\drivers\csc.sys
0x8DDDC000 \SystemRoot\System32\Drivers\dfsc.sys
0x891E2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x89000000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88FDD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8DDF4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8DC00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E816000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8E01D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E0D4000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8E10D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F615000 \SystemRoot\system32\DRIVERS\netw5v32.sys
0x8FA28000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8FA64000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FA6F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FABA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FAC9000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x8FAF5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FB0D000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8FB39000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FB46000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FB53000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8FB5D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8FB6A000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x8FB6D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8FB80000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FB87000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8FB99000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FBB1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FBBC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FBDE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E12C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E143000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F600000 \SystemRoot\System32\Drivers\pcouffin.sys
0x8FBF6000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8E15A000 \SystemRoot\system32\DRIVERS\VClone.sys
0x8F60C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E165000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E199000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E1A7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E1EB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8E1F6000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x8E000000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EF5D000 \SystemRoot\system32\drivers\stwrt.sys
0x8EFB2000 \SystemRoot\system32\drivers\portcls.sys
0x8EFE1000 \SystemRoot\system32\drivers\drmk.sys
0x90027000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x90064000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8FE23000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FED7000 \SystemRoot\system32\drivers\modem.sys
0x8FEE4000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FEF1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8FEFC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8FF05000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x82300000 \SystemRoot\System32\win32k.sys
0x8FF16000 \SystemRoot\System32\drivers\Dxapi.sys
0x8FF4A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82560000 \SystemRoot\System32\TSDDD.dll
0x82590000 \SystemRoot\System32\cdd.dll
0x825B0000 \SystemRoot\System32\ATMFD.DLL
0x8FF55000 \SystemRoot\system32\drivers\luafv.sys
0x8FF70000 \SystemRoot\system32\drivers\WudfPf.sys
0x8FF8A000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x8FF93000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x8FFB4000 \SystemRoot\System32\DRIVERS\scfilter.sys
0x8FFC0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x90167000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8FFD0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8FFE0000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x99E23000 \SystemRoot\system32\drivers\HTTP.sys
0x99EA8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x99EC1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x99ED3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x99EF6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x99F31000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99F64000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x99F68000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x99F71000 \SystemRoot\system32\drivers\npf.sys
0x9AC2A000 \SystemRoot\system32\drivers\peauth.sys
0x9ACC1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9ACCB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9ACEC000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9ACF9000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9AD01000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9AD50000 \SystemRoot\System32\DRIVERS\srv.sys
0x9ADA1000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9ADCB000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77780000 \Windows\System32\ntdll.dll
0x47B60000 \Windows\System32\smss.exe
0x779C0000 \Windows\System32\apisetschema.dll
0x00B50000 \Windows\System32\autochk.exe

Processes (total 74):
0 System Idle Process
4 System
248 C:\Windows\System32\smss.exe
396 csrss.exe
456 C:\Windows\System32\wininit.exe
472 csrss.exe
520 C:\Windows\System32\services.exe
528 C:\Windows\System32\lsass.exe
536 C:\Windows\System32\lsm.exe
584 C:\Windows\System32\winlogon.exe
692 C:\Windows\System32\svchost.exe
772 C:\Windows\System32\svchost.exe
852 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
932 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1340 C:\Program Files\Tablet\Pen\Pen_TouchService.exe
1368 C:\Windows\System32\wisptis.exe
1472 WUDFHost.exe
1572 C:\Windows\System32\svchost.exe
1640 C:\Windows\System32\wlanext.exe
1648 C:\Windows\System32\conhost.exe
1728 C:\Windows\System32\spoolsv.exe
1764 C:\Windows\System32\svchost.exe
1792 C:\Windows\System32\svchost.exe
1912 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1336 C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
1652 C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
264 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
408 C:\Windows\System32\stacsv.exe
2068 C:\Windows\System32\svchost.exe
2160 C:\Program Files\Tablet\Pen\Pen_Tablet.exe
2212 C:\Windows\System32\drivers\XAudio.exe
2364 WmiPrvSE.exe
2904 C:\Windows\System32\svchost.exe
3324 C:\Windows\System32\wisptis.exe
3344 C:\Windows\System32\taskhost.exe
3408 C:\Windows\System32\dwm.exe
3452 C:\Windows\explorer.exe
3484 C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
3652 C:\Windows\System32\rundll32.exe
3660 C:\Windows\System32\rundll32.exe
3672 C:\Windows\System32\rundll32.exe
3684 C:\Program Files\DellTPad\Apoint.exe
3704 C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
3712 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3724 C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
3752 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3780 C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
3800 C:\Program Files\DellTPad\ApMsgFwd.exe
3828 C:\Program Files\Microsoft Security Essentials\msseces.exe
3856 C:\Program Files\Tablet\Pen\Pen_Tablet.exe
3912 C:\Program Files\Digital Line Detect\DLG.exe
2428 C:\Program Files\DellTPad\ApntEx.exe
2892 C:\Program Files\DellTPad\hidfind.exe
2880 C:\Windows\System32\conhost.exe
1088 C:\Windows\System32\SearchIndexer.exe
3244 C:\Program Files\Windows Media Player\wmpnetwk.exe
2172 C:\Users\rdeluca\AppData\Local\Google\Chrome\Application\chrome.exe
3016 C:\Users\rdeluca\AppData\Local\Google\Chrome\Application\chrome.exe
600 C:\Users\rdeluca\AppData\Local\Google\Chrome\Application\chrome.exe
2624 C:\Users\rdeluca\AppData\Local\Google\Chrome\Application\chrome.exe
3224 C:\Users\rdeluca\AppData\Local\Google\Chrome\Application\chrome.exe
1524 C:\Users\rdeluca\AppData\Local\Google\Chrome\Application\chrome.exe
2760 C:\Users\rdeluca\AppData\Local\Google\Chrome\Application\chrome.exe
3040 C:\Windows\System32\audiodg.exe
3304 C:\Program Files\Notepad++\notepad++.exe
3924 C:\Users\rdeluca\AppData\Local\Google\Chrome\Application\chrome.exe
3584 C:\Windows\System32\SearchProtocolHost.exe
1860 C:\Windows\System32\SearchFilterHost.exe
708 C:\Users\rdeluca\Desktop\MBRCheck.exe
1444 C:\Windows\System32\conhost.exe
3580 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`84700000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`04700000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS721080G9SA00, Rev: MC4OC10H

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

ComboFix 10-12-22.01 - rdeluca 12/22/2010 23:11:46.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.1226 [GMT -5:00]
Running from: c:\users\rdeluca\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\users\rdeluca\AppData\Roaming\inst.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\XSxS

.
((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2010-12-23 04:19 . 2010-12-23 04:19 -------- d-----w- c:\users\rdeluca\AppData\Local\temp
2010-12-22 22:41 . 2010-12-22 22:41 -------- d-----w- c:\users\rdeluca\AppData\Roaming\Malwarebytes
2010-12-22 22:40 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-22 22:40 . 2010-12-22 22:40 -------- d-----w- c:\programdata\Malwarebytes
2010-12-22 22:40 . 2010-12-22 22:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-22 22:40 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-22 20:18 . 2010-12-22 20:18 -------- d-----w- C:\adfbca92fe17870c1ff1141b9ba4
2010-12-22 20:18 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-22 20:18 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-22 20:18 . 2010-12-22 20:18 -------- d-----w- c:\programdata\Alwil Software
2010-12-22 20:18 . 2010-12-22 20:18 -------- d-----w- c:\program files\Alwil Software
2010-12-22 20:05 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CF4AAF1-F829-4B10-9356-C2E93187AFC5}\mpengine.dll
2010-12-21 17:14 . 2010-12-21 17:14 -------- d-----w- c:\users\rdeluca\AppData\Roaming\dvdcss
2010-12-21 01:10 . 2010-12-21 01:12 -------- d-----w- c:\windows\rescache
2010-12-15 02:52 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 02:49 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 02:49 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 02:49 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-15 02:49 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-10 18:10 . 2010-12-10 18:10 -------- d-----w- c:\program files\MSXML 4.0
2010-12-09 18:15 . 2010-12-09 18:15 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-08 21:42 . 2010-12-08 21:42 -------- d-----w- c:\program files\Motorola
2010-12-08 17:56 . 2010-12-08 17:56 -------- d-----w- c:\program files\Common Files\Motorola Shared
2010-12-08 17:54 . 2010-12-09 02:11 -------- d-----w- C:\android
2010-12-06 06:00 . 2010-12-06 06:00 -------- d-----w- c:\programdata\vsosdk
2010-12-06 04:11 . 2010-12-06 04:11 -------- d-----w- c:\users\rdeluca\AppData\Roaming\ImgBurn
2010-12-06 03:48 . 2010-12-06 03:48 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-12-06 03:48 . 2010-12-06 03:48 47360 ----a-w- c:\users\rdeluca\AppData\Roaming\pcouffin.sys
2010-12-06 03:48 . 2010-12-21 18:19 -------- d-----w- c:\users\rdeluca\AppData\Roaming\Vso
2010-12-06 03:48 . 2007-03-19 01:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-12-06 03:48 . 2006-09-29 17:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-12-06 03:48 . 2006-09-29 17:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-12-06 03:48 . 2006-09-29 17:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-12-06 03:48 . 2002-12-10 07:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-12-06 03:48 . 2006-05-20 21:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-12-06 03:48 . 2006-05-12 00:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-12-06 03:48 . 2010-12-06 03:48 -------- d-----w- c:\program files\VSO
2010-12-06 03:47 . 2010-12-06 03:47 -------- d-----w- c:\users\rdeluca\AppData\Roaming\DAEMON Tools Lite
2010-12-06 03:47 . 2010-12-06 03:47 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-12-01 03:03 . 2010-12-01 03:03 -------- d-----w- c:\program files\Recuva
2010-11-25 01:05 . 2010-11-25 01:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-11-25 01:04 . 2010-11-25 01:04 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-11-25 01:04 . 2010-11-25 01:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-11-25 01:04 . 2010-11-25 01:04 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-24 04:35 . 2010-10-28 17:23 2217088 ----a-w- c:\windows\system32\BootMan.exe
2010-11-24 04:35 . 2010-07-15 13:44 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-11-24 04:35 . 2010-07-15 13:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-11-24 04:35 . 2010-07-15 13:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-11-24 04:35 . 2010-07-15 13:44 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2010-11-24 04:35 . 2010-11-24 04:35 -------- d-----w- c:\program files\EASEUS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 04:33 . 2010-08-31 16:37 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-02 20:35 . 2010-11-02 20:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 20:51 . 2010-03-06 21:35 222080 ----a-w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\rdeluca\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-22 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-11-17 86016]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-07-09 487680]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-3-6 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 11:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-08-30 01:58 1242448 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

R3 DBGUBZD;DBGUBZD;c:\users\rdeluca\AppData\Local\Temp\DBGUBZD.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-10 22384]
R3 DXP;DXP;c:\users\rdeluca\AppData\Local\Temp\DXP.exe [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 KCFEZTAMNFZO;KCFEZTAMNFZO;c:\users\rdeluca\AppData\Local\Temp\KCFEZTAMNFZO.exe [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 42752]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-05-19 16240]
R3 WAGNZRHIZYK;WAGNZRHIZYK;c:\users\rdeluca\AppData\Local\Temp\WAGNZRHIZYK.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-09 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-07 691696]
S2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [2010-07-09 1053440]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-07-13 6076272]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-07-13 616816]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-29 4233728]

.
Contents of the 'Scheduled Tasks' folder

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1441931260-54369168-2957783495-1001Core.job
- c:\users\rdeluca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 20:15]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1441931260-54369168-2957783495-1001UA.job
- c:\users\rdeluca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 20:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.lhup.edu/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-22 23:21:41
ComboFix-quarantined-files.txt 2010-12-23 04:21

Pre-Run: 3,783,008,256 bytes free
Post-Run: 3,691,540,480 bytes free

- - End Of File - - D85181D071C5AB377673E5B7DF9E67AA

 

[Broni]

Previously, I said:

You're running two AV programs, Microsoft Security Essentials and Avira.
One of them has to go. Your choice.

Please, do it now and post fresh Combofix log.

 

[buggedBoy]

Uhh? I did uninstall Avira before I ran those but I made sure it was completely gone (it was) and ran combofix again
----------------========================-------------------------------------------------------


ComboFix 10-12-22.03 - rdeluca 12/22/2010 23:53:26.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.972 [GMT -5:00]
Running from: c:\users\rdeluca\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2010-12-23 05:00 . 2010-12-23 05:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-23 05:00 . 2010-12-23 05:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-12-23 04:21 . 2010-12-23 05:00 -------- d-----w- c:\users\rdeluca\AppData\Local\temp
2010-12-22 22:41 . 2010-12-22 22:41 -------- d-----w- c:\users\rdeluca\AppData\Roaming\Malwarebytes
2010-12-22 22:40 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-22 22:40 . 2010-12-22 22:40 -------- d-----w- c:\programdata\Malwarebytes
2010-12-22 22:40 . 2010-12-22 22:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-22 22:40 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-22 20:18 . 2010-12-22 20:18 -------- d-----w- C:\adfbca92fe17870c1ff1141b9ba4
2010-12-22 20:18 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-22 20:18 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-22 20:18 . 2010-12-22 20:18 -------- d-----w- c:\programdata\Alwil Software
2010-12-22 20:18 . 2010-12-22 20:18 -------- d-----w- c:\program files\Alwil Software
2010-12-22 20:05 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CF4AAF1-F829-4B10-9356-C2E93187AFC5}\mpengine.dll
2010-12-21 17:14 . 2010-12-21 17:14 -------- d-----w- c:\users\rdeluca\AppData\Roaming\dvdcss
2010-12-21 01:10 . 2010-12-21 01:12 -------- d-----w- c:\windows\rescache
2010-12-15 02:52 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 02:49 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 02:49 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 02:49 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-15 02:49 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-10 18:10 . 2010-12-10 18:10 -------- d-----w- c:\program files\MSXML 4.0
2010-12-09 18:15 . 2010-12-09 18:15 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-08 21:42 . 2010-12-08 21:42 -------- d-----w- c:\program files\Motorola
2010-12-08 17:56 . 2010-12-08 17:56 -------- d-----w- c:\program files\Common Files\Motorola Shared
2010-12-08 17:54 . 2010-12-09 02:11 -------- d-----w- C:\android
2010-12-06 06:00 . 2010-12-06 06:00 -------- d-----w- c:\programdata\vsosdk
2010-12-06 04:11 . 2010-12-06 04:11 -------- d-----w- c:\users\rdeluca\AppData\Roaming\ImgBurn
2010-12-06 03:48 . 2010-12-06 03:48 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-12-06 03:48 . 2010-12-06 03:48 47360 ----a-w- c:\users\rdeluca\AppData\Roaming\pcouffin.sys
2010-12-06 03:48 . 2010-12-21 18:19 -------- d-----w- c:\users\rdeluca\AppData\Roaming\Vso
2010-12-06 03:48 . 2007-03-19 01:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-12-06 03:48 . 2006-09-29 17:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-12-06 03:48 . 2006-09-29 17:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-12-06 03:48 . 2006-09-29 17:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-12-06 03:48 . 2002-12-10 07:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-12-06 03:48 . 2006-05-20 21:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-12-06 03:48 . 2006-05-12 00:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-12-06 03:48 . 2010-12-06 03:48 -------- d-----w- c:\program files\VSO
2010-12-06 03:47 . 2010-12-06 03:47 -------- d-----w- c:\users\rdeluca\AppData\Roaming\DAEMON Tools Lite
2010-12-06 03:47 . 2010-12-06 03:47 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-12-01 03:03 . 2010-12-01 03:03 -------- d-----w- c:\program files\Recuva
2010-11-25 01:05 . 2010-11-25 01:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-11-25 01:04 . 2010-11-25 01:04 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-11-25 01:04 . 2010-11-25 01:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-11-25 01:04 . 2010-11-25 01:04 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-24 04:35 . 2010-10-28 17:23 2217088 ----a-w- c:\windows\system32\BootMan.exe
2010-11-24 04:35 . 2010-07-15 13:44 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-11-24 04:35 . 2010-07-15 13:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-11-24 04:35 . 2010-07-15 13:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-11-24 04:35 . 2010-07-15 13:44 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2010-11-24 04:35 . 2010-11-24 04:35 -------- d-----w- c:\program files\EASEUS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 04:33 . 2010-08-31 16:37 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-02 20:35 . 2010-11-02 20:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 20:51 . 2010-03-06 21:35 222080 ----a-w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\rdeluca\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-22 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-11-17 86016]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-07-09 487680]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-3-6 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 11:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-08-30 01:58 1242448 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

R3 DBGUBZD;DBGUBZD;c:\users\rdeluca\AppData\Local\Temp\DBGUBZD.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-10 22384]
R3 DXP;DXP;c:\users\rdeluca\AppData\Local\Temp\DXP.exe [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 KCFEZTAMNFZO;KCFEZTAMNFZO;c:\users\rdeluca\AppData\Local\Temp\KCFEZTAMNFZO.exe [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 42752]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-05-19 16240]
R3 WAGNZRHIZYK;WAGNZRHIZYK;c:\users\rdeluca\AppData\Local\Temp\WAGNZRHIZYK.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-09 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-07 691696]
S2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [2010-07-09 1053440]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-07-13 6076272]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-07-13 616816]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-29 4233728]

.
Contents of the 'Scheduled Tasks' folder

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1441931260-54369168-2957783495-1001Core.job
- c:\users\rdeluca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 20:15]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1441931260-54369168-2957783495-1001UA.job
- c:\users\rdeluca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 20:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.lhup.edu/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-23 00:02:04
ComboFix-quarantined-files.txt 2010-12-23 05:02
ComboFix2.txt 2010-12-23 04:21

Pre-Run: 3,719,507,968 bytes free
Post-Run: 3,673,636,864 bytes free

- - End Of File - - 16297ED8774C09D61F1E85EF6CB9C50A

 

[buggedBoy]

So am I clean then?

 

[Broni]

I didn't get any email notification about your reply.
Hold on for a sec...

 

[Broni]

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\avastSS.scr
c:\windows\system32\aswBoot.exe


Folder::
c:\programdata\Alwil Software
c:\program files\Alwil Software


Driver::
DBGUBZD
DXP
KCFEZTAMNFZO
WAGNZRHIZYK

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[buggedBoy]

ComboFix 10-12-23.02 - rdeluca 12/23/2010 18:31:08.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.1225 [GMT -5:00]
Running from: c:\users\rdeluca\Desktop\ComboFix.exe
Command switches used :: c:\users\rdeluca\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\avastSS.scr"
"c:\windows\system32\aswBoot.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Alwil Software
c:\program files\Alwil Software\Avast5\1033\aswClnTg.htm
c:\program files\Alwil Software\Avast5\1033\aswClnTg.txt
c:\program files\Alwil Software\Avast5\1033\aswInfTg.htm
c:\program files\Alwil Software\Avast5\1033\aswInfTg.txt
c:\program files\Alwil Software\Avast5\1033\Avast5_1033.chm
c:\program files\Alwil Software\Avast5\1033\Base.dll
c:\program files\Alwil Software\Avast5\1033\Boot.dll
c:\program files\Alwil Software\Avast5\1033\uiLangRes.dll
c:\program files\Alwil Software\Avast5\Aavm4h.dll
c:\program files\Alwil Software\Avast5\AavmRpch.dll
c:\program files\Alwil Software\Avast5\AhResBhv.dll
c:\program files\Alwil Software\Avast5\AhResMai.dll
c:\program files\Alwil Software\Avast5\ahResMes.dll
c:\program files\Alwil Software\Avast5\AhResNS.dll
c:\program files\Alwil Software\Avast5\ahResP2P.dll
c:\program files\Alwil Software\Avast5\AhResStd.dll
c:\program files\Alwil Software\Avast5\AhResWS.dll
c:\program files\Alwil Software\Avast5\ashBase.dll
c:\program files\Alwil Software\Avast5\ashMaiSv.dll
c:\program files\Alwil Software\Avast5\ashOutXt.dll
c:\program files\Alwil Software\Avast5\ashQuick.exe
c:\program files\Alwil Software\Avast5\ashServ.dll
c:\program files\Alwil Software\Avast5\ashShell.dll
c:\program files\Alwil Software\Avast5\ashTask.dll
c:\program files\Alwil Software\Avast5\ashTaskEx.dll
c:\program files\Alwil Software\Avast5\ashUpd.exe
c:\program files\Alwil Software\Avast5\ashWebSv.dll
c:\program files\Alwil Software\Avast5\ashWsFtr.dll
c:\program files\Alwil Software\Avast5\aswAux.dll
c:\program files\Alwil Software\Avast5\aswChLic.exe
c:\program files\Alwil Software\Avast5\aswCmnBS.dll
c:\program files\Alwil Software\Avast5\aswCmnIS.dll
c:\program files\Alwil Software\Avast5\aswCmnOS.dll
c:\program files\Alwil Software\Avast5\aswData.dll
c:\program files\Alwil Software\Avast5\aswDld.dll
c:\program files\Alwil Software\Avast5\aswEngLdr.dll
c:\program files\Alwil Software\Avast5\aswIdle.dll
c:\program files\Alwil Software\Avast5\aswLog.dll
c:\program files\Alwil Software\Avast5\aswMonDS.sys
c:\program files\Alwil Software\Avast5\aswMonVD.dll
c:\program files\Alwil Software\Avast5\aswProperty.dll
c:\program files\Alwil Software\Avast5\aswRegSvr.exe
c:\program files\Alwil Software\Avast5\aswRegSvr64.exe
c:\program files\Alwil Software\Avast5\aswRunDll.exe
c:\program files\Alwil Software\Avast5\aswSqLt.dll
c:\program files\Alwil Software\Avast5\aswUtil.dll
c:\program files\Alwil Software\Avast5\avastSS.dll
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\program files\Alwil Software\Avast5\AvSSHook.dll
c:\program files\Alwil Software\Avast5\CommonRes.dll
c:\program files\Alwil Software\Avast5\flash\amcharts_key.txt
c:\program files\Alwil Software\Avast5\flash\amline.swf
c:\program files\Alwil Software\Avast5\flash\ammap\ammap.swf
c:\program files\Alwil Software\Avast5\flash\ammap\ammap_key.txt
c:\program files\Alwil Software\Avast5\flash\ammap\ammap_settings_summary.xml
c:\program files\Alwil Software\Avast5\flash\ammap\ammap_settings_tracert.xml
c:\program files\Alwil Software\Avast5\flash\ammap\empty_map.xml
c:\program files\Alwil Software\Avast5\flash\ammap\icons\arrow.swf
c:\program files\Alwil Software\Avast5\flash\ammap\icons\bubble.swf
c:\program files\Alwil Software\Avast5\flash\ammap\icons\cross.swf
c:\program files\Alwil Software\Avast5\flash\ammap\icons\flag.swf
c:\program files\Alwil Software\Avast5\flash\ammap\icons\pin.swf
c:\program files\Alwil Software\Avast5\flash\ammap\icons\zoom_out.swf
c:\program files\Alwil Software\Avast5\flash\ammap\maps\world.swf
c:\program files\Alwil Software\Avast5\sched.exe
c:\program files\Alwil Software\Avast5\Setup\ais_core-21d.vpx
c:\program files\Alwil Software\Avast5\Setup\ais_dll_eng-21f.vpx
c:\program files\Alwil Software\Avast5\Setup\ais_res-15f.vpx
c:\program files\Alwil Software\Avast5\Setup\avast.setup
c:\program files\Alwil Software\Avast5\Setup\INF\Aavmker4.sys
c:\program files\Alwil Software\Avast5\Setup\INF\aswFsBlk.sys
c:\program files\Alwil Software\Avast5\Setup\INF\aswMon.sys
c:\program files\Alwil Software\Avast5\Setup\INF\aswMon2.sys
c:\program files\Alwil Software\Avast5\Setup\INF\aswMonFlt.sys
c:\program files\Alwil Software\Avast5\Setup\INF\AswRdr.sys
c:\program files\Alwil Software\Avast5\Setup\INF\aswSP.sys
c:\program files\Alwil Software\Avast5\Setup\INF\AswTdi.sys
c:\program files\Alwil Software\Avast5\Setup\jrog-a7.vpx
c:\program files\Alwil Software\Avast5\Setup\jrog2-bc.vpx
c:\program files\Alwil Software\Avast5\Setup\part-jrog-a7.vpx
c:\program files\Alwil Software\Avast5\Setup\part-jrog2-bc.vpx
c:\program files\Alwil Software\Avast5\Setup\part-prg_ais-2a5.vpx
c:\program files\Alwil Software\Avast5\Setup\part-setup_ais-2a5.vpx
c:\program files\Alwil Software\Avast5\Setup\part-vps_win32-10120300.vpx
c:\program files\Alwil Software\Avast5\Setup\prod-ais.vpx
c:\program files\Alwil Software\Avast5\Setup\servers.def
c:\program files\Alwil Software\Avast5\Setup\servers.def.vpx
c:\program files\Alwil Software\Avast5\Setup\setif_ais-2a5.vpx
c:\program files\Alwil Software\Avast5\Setup\setiface.dll
c:\program files\Alwil Software\Avast5\Setup\setiface.ovr
c:\program files\Alwil Software\Avast5\Setup\setup.ini
c:\program files\Alwil Software\Avast5\Setup\setup.ovr
c:\program files\Alwil Software\Avast5\Setup\setup_ais-2a5.vpx
c:\program files\Alwil Software\Avast5\Setup\vps_32-362.vpx
c:\program files\Alwil Software\Avast5\Setup\vps_win32-376.vpx
c:\program files\Alwil Software\Avast5\Setup\winsys-3.vpx
c:\program files\Alwil Software\Avast5\vcredist_x86_sp1.exe
c:\program files\Alwil Software\Avast5\VisthAux.exe
c:\programdata\Alwil Software
c:\programdata\Alwil Software\Avast5\avast5.ini
c:\programdata\Alwil Software\Avast5\HtmlData\Blocked.htm
c:\programdata\Alwil Software\Avast5\HtmlData\image001.png
c:\programdata\Alwil Software\Avast5\sounds\1033\pup_detected.wav
c:\programdata\Alwil Software\Avast5\sounds\1033\scan_completed.wav
c:\programdata\Alwil Software\Avast5\sounds\1033\suspicious_detected.wav
c:\programdata\Alwil Software\Avast5\sounds\1033\threat_detected.wav
c:\programdata\Alwil Software\Avast5\sounds\1033\virus_db_updated.wav
c:\programdata\Alwil Software\Avast5\sounds\1033\welcome.wav
c:\programdata\Alwil Software\Avast5\sounds\fw_question.wav
c:\programdata\Alwil Software\Avast5\sounds\scan_completed.wav
c:\programdata\Alwil Software\Avast5\sounds\threat_detected.wav
c:\programdata\Alwil Software\Avast5\sounds\virus_db_updated.wav
c:\windows\avastSS.scr
c:\windows\system32\aswBoot.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_DBGUBZD
-------\Service_DXP
-------\Service_KCFEZTAMNFZO
-------\Service_WAGNZRHIZYK


((((((((((((((((((((((((( Files Created from 2010-11-24 to 2010-12-24 )))))))))))))))))))))))))))))))
.

2010-12-23 23:38 . 2010-12-24 00:24 -------- d-----w- c:\users\rdeluca\AppData\Local\temp
2010-12-23 23:38 . 2010-12-23 23:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-23 23:38 . 2010-12-23 23:38 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-12-23 23:15 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A67EC15F-F53A-4A70-B3E0-CD11C9079571}\mpengine.dll
2010-12-22 22:41 . 2010-12-22 22:41 -------- d-----w- c:\users\rdeluca\AppData\Roaming\Malwarebytes
2010-12-22 22:40 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-22 22:40 . 2010-12-22 22:40 -------- d-----w- c:\programdata\Malwarebytes
2010-12-22 22:40 . 2010-12-22 22:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-22 22:40 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-22 20:18 . 2010-12-22 20:18 -------- d-----w- C:\adfbca92fe17870c1ff1141b9ba4
2010-12-21 17:14 . 2010-12-21 17:14 -------- d-----w- c:\users\rdeluca\AppData\Roaming\dvdcss
2010-12-21 01:10 . 2010-12-21 01:12 -------- d-----w- c:\windows\rescache
2010-12-15 02:52 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 02:49 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 02:49 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 02:49 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-15 02:49 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-10 18:10 . 2010-12-10 18:10 -------- d-----w- c:\program files\MSXML 4.0
2010-12-09 18:15 . 2010-12-09 18:15 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-08 21:42 . 2010-12-08 21:42 -------- d-----w- c:\program files\Motorola
2010-12-08 17:56 . 2010-12-08 17:56 -------- d-----w- c:\program files\Common Files\Motorola Shared
2010-12-08 17:54 . 2010-12-09 02:11 -------- d-----w- C:\android
2010-12-06 06:00 . 2010-12-06 06:00 -------- d-----w- c:\programdata\vsosdk
2010-12-06 04:11 . 2010-12-06 04:11 -------- d-----w- c:\users\rdeluca\AppData\Roaming\ImgBurn
2010-12-06 03:48 . 2010-12-06 03:48 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-12-06 03:48 . 2010-12-06 03:48 47360 ----a-w- c:\users\rdeluca\AppData\Roaming\pcouffin.sys
2010-12-06 03:48 . 2010-12-21 18:19 -------- d-----w- c:\users\rdeluca\AppData\Roaming\Vso
2010-12-06 03:48 . 2007-03-19 01:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-12-06 03:48 . 2006-09-29 17:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-12-06 03:48 . 2006-09-29 17:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-12-06 03:48 . 2006-09-29 17:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-12-06 03:48 . 2002-12-10 07:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-12-06 03:48 . 2006-05-20 21:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-12-06 03:48 . 2006-05-12 00:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-12-06 03:48 . 2010-12-06 03:48 -------- d-----w- c:\program files\VSO
2010-12-06 03:47 . 2010-12-06 03:47 -------- d-----w- c:\users\rdeluca\AppData\Roaming\DAEMON Tools Lite
2010-12-06 03:47 . 2010-12-06 03:47 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-12-01 03:03 . 2010-12-01 03:03 -------- d-----w- c:\program files\Recuva
2010-11-25 01:05 . 2010-11-25 01:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-11-25 01:04 . 2010-11-25 01:04 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-11-25 01:04 . 2010-11-25 01:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-11-25 01:04 . 2010-11-25 01:04 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-24 04:35 . 2010-10-28 17:23 2217088 ----a-w- c:\windows\system32\BootMan.exe
2010-11-24 04:35 . 2010-07-15 13:44 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-11-24 04:35 . 2010-07-15 13:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-11-24 04:35 . 2010-07-15 13:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-11-24 04:35 . 2010-07-15 13:44 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2010-11-24 04:35 . 2010-11-24 04:35 -------- d-----w- c:\program files\EASEUS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 04:33 . 2010-08-31 16:37 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-02 20:35 . 2010-11-02 20:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 20:51 . 2010-03-06 21:35 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\rdeluca\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-22 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-11-17 86016]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-07-09 487680]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-3-6 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 11:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-08-30 01:58 1242448 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-10 22384]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 42752]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-05-19 16240]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-09 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-07 691696]
S2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [2010-07-09 1053440]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-07-13 6076272]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-07-13 616816]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-29 4233728]

.
Contents of the 'Scheduled Tasks' folder

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1441931260-54369168-2957783495-1001Core.job
- c:\users\rdeluca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 20:15]

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1441931260-54369168-2957783495-1001UA.job
- c:\users\rdeluca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 20:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.lhup.edu/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1476)
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Tablet\Pen\Pen_TouchUser.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Tablet\Pen\Pen_TabletUser.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2010-12-23 19:27:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-24 00:27
ComboFix2.txt 2010-12-23 05:02
ComboFix3.txt 2010-12-23 04:21

Pre-Run: 3,519,475,712 bytes free
Post-Run: 3,345,727,488 bytes free

- - End Of File - - A8DFC897398F1DC674DDAD0A46AF91A6

 

[Broni]

Good job

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[buggedBoy]

This thing is way too long so I'm splitting it up...


OTL logfile created on: 12/23/2010 7:35:55 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\rdeluca\Desktop\OTL
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 72.46 Gb Total Space | 3.18 Gb Free Space | 4.38% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.96 Gb Free Space | 98.14% Space Free | Partition Type: NTFS

Computer Name: BLUE-PC | User Name: rdeluca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/23 19:34:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\rdeluca\Desktop\OTL\OTL.exe
PRC - [2010/12/08 18:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\rdeluca\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/09/15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/07/13 13:26:12 | 004,302,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2010/07/13 13:26:10 | 006,076,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2010/07/13 13:26:10 | 002,533,232 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2010/07/13 13:26:10 | 000,616,816 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
PRC - [2010/07/09 13:58:10 | 000,487,680 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2010/07/09 13:55:32 | 001,053,440 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:14:46 | 000,334,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/07/02 13:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 16:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 14:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/09/08 15:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe


========== Modules (SafeList) ==========

MOD - [2010/12/23 19:34:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\rdeluca\Desktop\OTL\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/15 12:37:07 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2010/09/06 13:48:38 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/13 13:26:10 | 006,076,272 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2010/07/13 13:26:10 | 000,616,816 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010/07/09 13:55:32 | 001,053,440 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/09 14:17:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/06 17:22:53 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007/11/08 22:50:10 | 001,552,384 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/11/07 07:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\rdeluca\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/05/19 13:52:36 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010/03/25 20:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/03/06 21:36:47 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/17 17:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/11 16:23:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009/11/10 16:05:06 | 000,022,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/09/25 11:53:42 | 000,020,480 | ---- | M] (Dell Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\omci.sys -- (omci)
DRV - [2009/09/21 15:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/08/21 00:52:10 | 000,066,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2009/08/09 16:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 17:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 17:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/05/28 22:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/05/08 11:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)
DRV - [2007/11/17 03:03:00 | 007,630,336 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/13 14:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/25 18:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/10/18 10:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 10:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/18 10:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.lhup.edu/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 CC E2 4A 45 4D CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/04/05 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\Mozilla\Extensions
[2010/04/05 10:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rdeluca\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

O1 HOSTS File: ([2010/12/23 19:24:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.75.198 68.87.64.150
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)


========== Files/Folders - Created Within 30 Days ==========

[2010/12/23 19:35:25 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\Desktop\OTL
[2010/12/23 19:27:39 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\AppData\Local\temp
[2010/12/23 19:26:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/23 18:38:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/12/23 18:26:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/22 23:08:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/22 23:08:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/22 23:08:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/22 23:08:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/22 23:06:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/22 22:55:09 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\Documents\BotScrapyard
[2010/12/22 22:41:42 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\rdeluca\Desktop\TDSSKiller.exe
[2010/12/22 22:41:42 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\Desktop\tdsskiller
[2010/12/22 17:41:01 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\AppData\Roaming\Malwarebytes
[2010/12/22 17:40:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/22 17:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/22 17:40:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/22 17:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/22 15:53:07 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\Desktop\rktkitrevlear
[2010/12/22 15:18:18 | 000,000,000 | ---D | C] -- C:\adfbca92fe17870c1ff1141b9ba4
[2010/12/21 12:14:08 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\AppData\Roaming\dvdcss
[2010/12/20 20:10:49 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2010/12/10 13:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/12/09 01:16:25 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\Documents\LongPaper
[2010/12/08 16:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2010/12/08 12:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2010/12/08 12:54:52 | 000,000,000 | ---D | C] -- C:\android
[2010/12/06 01:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2010/12/06 00:06:05 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\Documents\ConvertXtoDVD
[2010/12/05 23:11:40 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\AppData\Roaming\ImgBurn
[2010/12/05 22:48:44 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\rdeluca\AppData\Roaming\pcouffin.sys
[2010/12/05 22:48:44 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\Documents\PcSetup
[2010/12/05 22:48:43 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\AppData\Roaming\Vso
[2010/12/05 22:48:23 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2010/12/05 22:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
[2010/12/05 22:47:24 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\AppData\Roaming\DAEMON Tools Lite
[2010/12/05 22:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/11/30 22:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2010/11/30 21:05:51 | 000,000,000 | ---D | C] -- C:\Users\rdeluca\Documents\improv
[2010/11/23 23:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2010/11/23 23:33:48 | 010,398,264 | ---- | C] (EASEUS ) -- C:\Users\rdeluca\Desktop\EPMSetup.exe
[1 C:\Users\rdeluca\Documents\*.tmp files -> C:\Users\rdeluca\Documents\*.tmp -> ]
[1 C:\Users\rdeluca\Documents\*.tmp files -> C:\Users\rdeluca\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/23 19:35:21 | 000,028,029 | ---- | M] () -- C:\Users\rdeluca\AppData\Roaming\nvModes.001
[2010/12/23 19:24:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/23 19:20:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1441931260-54369168-2957783495-1001UA.job
[2010/12/23 18:47:23 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/23 18:47:23 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/23 18:44:12 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/23 18:44:12 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/23 18:39:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/23 18:39:35 | 1609,134,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/23 18:26:33 | 003,997,850 | R--- | M] () -- C:\Users\rdeluca\Desktop\ComboFix.exe
[2010/12/22 23:03:43 | 000,780,283 | ---- | M] () -- C:\Users\rdeluca\Desktop\rkill.com
[2010/12/22 22:56:39 | 000,080,384 | ---- | M] () -- C:\Users\rdeluca\Desktop\MBRCheck.exe
[2010/12/22 22:40:57 | 000,000,069 | ---- | M] () -- C:\Users\rdeluca\Desktop\BSOD, Rootkit problem. Oops - TechSpot OpenBoards.url
[2010/12/22 22:40:36 | 001,232,020 | ---- | M] () -- C:\Users\rdeluca\Desktop\tdsskiller.zip
[2010/12/22 17:39:03 | 000,000,068 | ---- | M] () -- C:\Users\rdeluca\Desktop\UPDATED 8-step Viruses-Spyware-Malware Preliminary Removal Instructions - TechSpot OpenBoards.url
[2010/12/22 17:25:29 | 000,016,520 | ---- | M] () -- C:\Users\rdeluca\Documents\Cover Letter.docx
[2010/12/22 17:05:37 | 000,296,448 | ---- | M] () -- C:\Users\rdeluca\Desktop\m8908ghl.exe
[2010/12/22 16:08:45 | 124,545,842 | ---- | M] () -- C:\Windows\System32\IK
[2010/12/22 16:04:27 | 000,028,029 | ---- | M] () -- C:\Users\rdeluca\AppData\Roaming\nvModes.dat
[2010/12/22 16:04:26 | 049,479,680 | ---- | M] () -- C:\Windows\System32\PPTIJFB
[2010/12/22 15:20:03 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1441931260-54369168-2957783495-1001Core.job
[2010/12/22 13:59:38 | 000,015,725 | ---- | M] () -- C:\Users\rdeluca\Documents\RDelucaResume.docx
[2010/12/21 13:19:37 | 000,000,671 | ---- | M] () -- C:\Users\rdeluca\AppData\Roaming\vso_ts_preview.xml
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\rdeluca\Desktop\TDSSKiller.exe
[2010/12/15 16:17:39 | 000,019,573 | ---- | M] () -- C:\Users\rdeluca\Documents\RichardDeLucaParallelProgrammingFinal.xlsx
[2010/12/15 16:16:00 | 002,371,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/15 03:09:11 | 000,028,869 | ---- | M] () -- C:\Users\rdeluca\Documents\RichardDeLucaPPFinal.zip
[2010/12/15 03:07:41 | 000,014,087 | ---- | M] () -- C:\Users\rdeluca\Documents\RichardDeLucaParallelProgrammingFinal.ods
[2010/12/15 03:06:30 | 000,000,600 | ---- | M] () -- C:\Users\rdeluca\AppData\Roaming\winscp.rnd
[2010/12/15 02:24:10 | 000,000,600 | ---- | M] () -- C:\Users\rdeluca\PUTTY.RND
[2010/12/14 23:00:08 | 000,003,798 | ---- | M] () -- C:\Users\rdeluca\Desktop\matMux.tgz
[2010/12/14 15:54:00 | 000,000,670 | ---- | M] () -- C:\Users\rdeluca\Desktop\readability.html
[2010/12/09 01:16:07 | 000,019,534 | ---- | M] () -- C:\Users\rdeluca\Documents\DigitalDistribution.docx
[2010/12/08 16:46:30 | 000,002,597 | ---- | M] () -- C:\Users\rdeluca\Desktop\RSD Lite.lnk
[2010/12/07 23:18:37 | 000,031,716 | ---- | M] () -- C:\Users\rdeluca\Desktop\augmentation_completion.pdf
[2010/12/07 18:43:30 | 000,041,823 | ---- | M] () -- C:\Users\rdeluca\Desktop\are-you-wizard.jpg
[2010/12/07 18:29:48 | 000,012,142 | ---- | M] () -- C:\Users\rdeluca\Documents\Sum.docx
[2010/12/07 17:00:32 | 000,015,326 | ---- | M] () -- C:\Users\rdeluca\Documents\Richard De Luca Critical Thinking Assig 3.docx
[2010/12/05 22:48:44 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\rdeluca\AppData\Roaming\pcouffin.sys
[2010/12/05 22:48:44 | 000,007,887 | ---- | M] () -- C:\Users\rdeluca\AppData\Roaming\pcouffin.cat
[2010/12/05 22:48:44 | 000,001,144 | ---- | M] () -- C:\Users\rdeluca\AppData\Roaming\pcouffin.inf
[2010/12/05 22:48:37 | 000,001,114 | ---- | M] () -- C:\Users\rdeluca\Desktop\ConvertXtoDvd 3.lnk
[2010/12/05 20:56:40 | 000,001,304 | ---- | M] () -- C:\Users\rdeluca\Desktop\Notepad.lnk
[2010/11/30 23:26:12 | 004,709,291 | ---- | M] () -- C:\Users\rdeluca\Documents\DangerouslyImprov MiniPosters.psd
[2010/11/30 23:25:46 | 000,246,376 | ---- | M] () -- C:\Users\rdeluca\Documents\Dangerously Improv Sign.psd
[2010/11/27 16:36:54 | 000,007,608 | ---- | M] () -- C:\Users\rdeluca\AppData\Local\resmon.resmoncfg
[2010/11/25 21:14:20 | 000,015,260 | ---- | M] () -- C:\Users\rdeluca\Documents\RDelucaResume2010.docx
[2010/11/25 21:12:00 | 000,023,304 | ---- | M] () -- C:\Users\rdeluca\Documents\R_DeLuca_Software_Engineer.docx
[2010/11/25 21:09:11 | 000,051,200 | ---- | M] () -- C:\Users\rdeluca\Documents\R_DeLuca_Software_Engineer.doc
[2010/11/24 20:10:15 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/11/24 00:49:04 | 000,001,224 | -H-- | M] () -- C:\Windows\EPMBatch.ept
[1 C:\Users\rdeluca\Documents\*.tmp files -> C:\Users\rdeluca\Documents\*.tmp -> ]
[1 C:\Users\rdeluca\Documents\*.tmp files -> C:\Users\rdeluca\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/22 23:08:06 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/22 23:08:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/22 23:08:06 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/22 23:08:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/22 23:08:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/22 23:03:46 | 000,780,283 | ---- | C] () -- C:\Users\rdeluca\Desktop\rkill.com
[2010/12/22 22:57:05 | 003,997,850 | R--- | C] () -- C:\Users\rdeluca\Desktop\ComboFix.exe
[2010/12/22 22:56:44 | 000,080,384 | ---- | C] () -- C:\Users\rdeluca\Desktop\MBRCheck.exe
[2010/12/22 22:40:57 | 000,000,069 | ---- | C] () -- C:\Users\rdeluca\Desktop\BSOD, Rootkit problem. Oops - TechSpot OpenBoards.url
[2010/12/22 22:40:38 | 001,232,020 | ---- | C] () -- C:\Users\rdeluca\Desktop\tdsskiller.zip
[2010/12/22 17:39:03 | 000,000,068 | ---- | C] () -- C:\Users\rdeluca\Desktop\UPDATED 8-step Viruses-Spyware-Malware Preliminary Removal Instructions - TechSpot OpenBoards.url
[2010/12/22 17:25:45 | 000,296,448 | ---- | C] () -- C:\Users\rdeluca\Desktop\m8908ghl.exe
[2010/12/22 16:02:51 | 049,479,680 | ---- | C] () -- C:\Windows\System32\PPTIJFB
[2010/12/22 16:02:04 | 124,545,842 | ---- | C] () -- C:\Windows\System32\IK
[2010/12/21 23:47:02 | 000,016,520 | ---- | C] () -- C:\Users\rdeluca\Documents\Cover Letter.docx
[2010/12/15 03:09:10 | 000,028,869 | ---- | C] () -- C:\Users\rdeluca\Documents\RichardDeLucaPPFinal.zip
[2010/12/15 03:07:38 | 000,014,087 | ---- | C] () -- C:\Users\rdeluca\Documents\RichardDeLucaParallelProgrammingFinal.ods
[2010/12/15 03:07:24 | 000,019,573 | ---- | C] () -- C:\Users\rdeluca\Documents\RichardDeLucaParallelProgrammingFinal.xlsx
[2010/12/14 23:00:03 | 000,003,798 | ---- | C] () -- C:\Users\rdeluca\Desktop\matMux.tgz
[2010/12/14 15:54:00 | 000,000,670 | ---- | C] () -- C:\Users\rdeluca\Desktop\readability.html
[2010/12/08 16:46:30 | 000,002,597 | ---- | C] () -- C:\Users\rdeluca\Desktop\RSD Lite.lnk
[2010/12/07 23:18:17 | 000,031,716 | ---- | C] () -- C:\Users\rdeluca\Desktop\augmentation_completion.pdf
[2010/12/07 18:43:30 | 000,041,823 | ---- | C] () -- C:\Users\rdeluca\Desktop\are-you-wizard.jpg
[2010/12/07 16:59:30 | 000,015,326 | ---- | C] () -- C:\Users\rdeluca\Documents\Richard De Luca Critical Thinking Assig 3.docx
[2010/12/05 22:50:27 | 000,000,671 | ---- | C] () -- C:\Users\rdeluca\AppData\Roaming\vso_ts_preview.xml
[2010/12/05 22:49:57 | 000,000,034 | ---- | C] () -- C:\Users\rdeluca\AppData\Roaming\pcouffin.log
[2010/12/05 22:48:44 | 000,007,887 | ---- | C] () -- C:\Users\rdeluca\AppData\Roaming\pcouffin.cat
[2010/12/05 22:48:44 | 000,001,144 | ---- | C] () -- C:\Users\rdeluca\AppData\Roaming\pcouffin.inf
[2010/12/05 22:48:37 | 000,001,114 | ---- | C] () -- C:\Users\rdeluca\Desktop\ConvertXtoDvd 3.lnk
[2010/12/05 22:12:05 | 000,019,534 | ---- | C] () -- C:\Users\rdeluca\Documents\DigitalDistribution.docx
[2010/12/05 20:56:40 | 000,001,304 | ---- | C] () -- C:\Users\rdeluca\Desktop\Notepad.lnk
[2010/11/25 21:14:27 | 000,015,725 | ---- | C] () -- C:\Users\rdeluca\Documents\RDelucaResume.docx
[2010/11/25 21:14:20 | 000,015,260 | ---- | C] () -- C:\Users\rdeluca\Documents\RDelucaResume2010.docx
[2010/11/25 21:11:57 | 000,023,304 | ---- | C] () -- C:\Users\rdeluca\Documents\R_DeLuca_Software_Engineer.docx
[2010/11/24 20:09:28 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/11/23 23:46:17 | 000,001,224 | -H-- | C] () -- C:\Windows\EPMBatch.ept
[2010/11/23 23:35:43 | 002,217,088 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010/11/23 23:35:43 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010/11/23 23:35:42 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010/11/23 23:35:42 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010/11/23 23:35:42 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/09/19 21:41:19 | 000,004,608 | ---- | C] () -- C:\Users\rdeluca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/19 19:21:04 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/09/19 19:21:02 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/07/02 18:49:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/06/03 18:41:31 | 000,007,608 | ---- | C] () -- C:\Users\rdeluca\AppData\Local\resmon.resmoncfg
[2010/03/29 20:13:57 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010/03/07 19:31:35 | 000,000,600 | ---- | C] () -- C:\Users\rdeluca\AppData\Local\PUTTY.RND
[2010/03/06 21:36:47 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/03/06 21:25:51 | 000,028,029 | ---- | C] () -- C:\Users\rdeluca\AppData\Roaming\nvModes.001
[2010/03/06 21:21:49 | 000,028,029 | ---- | C] () -- C:\Users\rdeluca\AppData\Roaming\nvModes.dat
[2010/03/06 16:59:35 | 000,000,600 | ---- | C] () -- C:\Users\rdeluca\AppData\Roaming\winscp.rnd
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/11/12 16:09:37 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\.minecraft
[2010/04/18 19:07:56 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\CiscoCAA
[2010/12/05 22:47:24 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\DAEMON Tools Lite
[2010/03/06 21:45:21 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\DAEMON Tools Pro
[2010/12/05 23:11:40 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\ImgBurn
[2010/06/10 21:41:43 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\LolClient
[2010/10/10 20:15:59 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\maario
[2010/03/07 22:10:44 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\Mael
[2010/07/24 17:19:10 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\MotioninJoy
[2010/10/03 23:14:58 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\MySQL
[2010/03/06 21:54:29 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\Notepad++
[2010/04/22 09:45:24 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\OpenOffice.org
[2010/03/08 23:51:50 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\SystemRequirementsLab
[2010/04/05 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\Thunderbird
[2010/08/09 20:16:05 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\Trillian
[

 

[buggedBoy]

2010/12/22 15:04:43 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\uTorrent
[2010/12/21 13:19:38 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\Vso
[2010/03/22 11:02:44 | 000,000,000 | ---D | M] -- C:\Users\rdeluca\AppData\Roaming\Wireshark
[2009/07/13 23:53:46 | 000,013,122 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========





========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/03/06 18:53:10 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/12/23 19:27:38 | 000,019,517 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/12/23 18:39:35 | 1609,134,080 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/12/23 18:39:36 | 2145,513,472 | -HS- | M] () -- C:\pagefile.sys
[2010/12/22 23:29:29 | 000,000,361 | ---- | M] () -- C:\rkill.log
[2010/12/22 22:42:59 | 000,067,676 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_22.12.2010_22.42.08_log.txt
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2010/07/10 21:59:31 | 000,004,134 | ---- | M] () -- C:\WirelessDiagLog.csv

< %systemroot%\Fonts\*.com >
[2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 20:15:05 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP3.DLL
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 20:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/06 20:38:28 | 000,000,221 | -HS- | M] () -- C:\Users\rdeluca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/12/23 18:26:33 | 003,997,850 | R--- | M] () -- C:\Users\rdeluca\Desktop\ComboFix.exe
[2010/04/18 23:02:17 | 001,460,010 | ---- | M] (DOSBox Team) -- C:\Users\rdeluca\Desktop\DOSBox0.73-win32-installer.exe
[2010/11/14 10:41:24 | 010,398,264 | ---- | M] (EASEUS ) -- C:\Users\rdeluca\Desktop\EPMSetup.exe
[2010/12/22 17:05:37 | 000,296,448 | ---- | M] () -- C:\Users\rdeluca\Desktop\m8908ghl.exe
[2010/12/22 22:56:39 | 000,080,384 | ---- | M] () -- C:\Users\rdeluca\Desktop\MBRCheck.exe
[2010/09/21 23:45:20 | 000,232,501 | ---- | M] () -- C:\Users\rdeluca\Desktop\Minecraft .exe
[2009/10/05 18:12:00 | 000,342,016 | ---- | M] () -- C:\Users\rdeluca\Desktop\NUSD_13Beta.exe
[2010/03/07 19:23:03 | 000,421,888 | ---- | M] () -- C:\Users\rdeluca\Desktop\putty.exe
[2003/05/21 21:29:00 | 000,195,781 | ---- | M] () -- C:\Users\rdeluca\Desktop\smallftpd.exe
[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\rdeluca\Desktop\TDSSKiller.exe
[2010/03/07 19:28:36 | 000,271,312 | ---- | M] (RealVNC Ltd.) -- C:\Users\rdeluca\Desktop\vncviewer.exe
[2010/05/30 16:10:09 | 000,136,329 | ---- | M] (Team USB Loader GX) -- C:\Users\rdeluca\Desktop\Wiiload_1.1_Installer.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/28 01:37:00 | 000,000,402 | -HS- | M] () -- C:\Users\rdeluca\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/11/24 20:10:15 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >
[2003/06/13 16:23:06 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AppLoc.exe

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >



OTL Extras logfile created on: 12/23/2010 7:35:55 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\rdeluca\Desktop\OTL
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 72.46 Gb Total Space | 3.18 Gb Free Space | 4.38% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.96 Gb Free Space | 98.14% Space Free | Partition Type: NTFS

Computer Name: BLUE-PC | User Name: rdeluca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BA8864E-AE9C-42AA-8F34-D76B7EE68817}" = MySQL Workbench 5.2 CE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{31A49E0E-1989-4E2F-9085-D90A732193F4}" = MySQL Server 5.1
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F470FED-77A1-4545-BF6E-AF687FF0B42D}" = RSDLite
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel(R) PROSet/Wireless WiFi Software
"{74D2638F-E20C-4EC0-97AA-6B6ECACA5D5C}" = Motorola Mobile Drivers Installation 4.8.0
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.2.100
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6FC0292-2F77-4907-BF0E-61B23F5E10BD}" = Cisco NAC Agent
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C3234E43-10BF-470E-BD2B-2E36EA29D11C}" = League of Legends
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Audacity_is1" = Audacity 1.2.6
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Defraggler" = Defraggler
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.5.2 Home Edition
"EndItAll_is1" = EndItAll 2.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"ImgBurn" = ImgBurn
"InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Pen Tablet Driver" = Bamboo
"PFPortChecker" = PFPortChecker 1.0.36
"ProInst" = Intel PROSet Wireless
"PuTTY_is1" = PuTTY version 0.60
"Puzzle Quest1.01" = Puzzle Quest
"Recuva" = Recuva
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 220" = Half-Life 2
"Steam App 22320" = The Elder Scrolls III: Morrowind
"Steam App 440" = Team Fortress 2
"Steam App 6200" = Ghost Master
"Trillian" = Trillian
"USBWebcam" = USB Webcam
"VirtualCloneDrive" = VirtualCloneDrive
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.5
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.7
"Wireshark" = Wireshark 1.2.6
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Cosmic Dodgeball V2.0" = Cosmic Dodgeball V2.0
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"SpinnerDemo" = SpinnerDemo

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/22/2010 5:12:40 PM | Computer Name = Blue-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/22/2010 5:12:40 PM | Computer Name = Blue-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/22/2010 5:16:16 PM | Computer Name = Blue-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/22/2010 5:43:13 PM | Computer Name = Blue-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/22/2010 6:12:50 PM | Computer Name = Blue-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/22/2010 7:39:32 PM | Computer Name = Blue-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\EASEUS\easeus
partition master 6.5.2 home edition\bin\x64\WinChkdsk.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/22/2010 7:41:28 PM | Computer Name = Blue-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Program Files\Microsoft
Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/22/2010 7:43:52 PM | Computer Name = Blue-PC | Source = VSS | ID = 8193
Description =

Error - 12/23/2010 8:10:25 PM | Computer Name = Blue-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\EASEUS\easeus
partition master 6.5.2 home edition\bin\x64\WinChkdsk.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/23/2010 8:11:25 PM | Computer Name = Blue-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Program Files\Microsoft
Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 11/24/2010 9:09:57 PM | Computer Name = Blue-PC | Source = Microsoft-Windows-Media Center Extender | ID = 545
Description =

Error - 11/24/2010 9:10:24 PM | Computer Name = Blue-PC | Source = Microsoft-Windows-Media Center Extender | ID = 544
Description =

Error - 12/3/2010 12:28:15 PM | Computer Name = Blue-PC | Source = MCUpdate | ID = 0
Description = 11:26:26 AM - Failed to retrieve SportsSchedule (Error: Unable to
connect to the remote server)

[ System Events ]
Error - 10/17/2010 4:20:07 PM | Computer Name = Blue-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 10/17/2010 8:37:31 PM | Computer Name = Blue-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 10/19/2010 4:54:33 PM | Computer Name = Blue-PC | Source = SCardSvr | ID = 610
Description =

Error - 10/19/2010 9:13:57 PM | Computer Name = Blue-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 10/20/2010 3:39:17 PM | Computer Name = Blue-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the TouchServicePen service.

Error - 10/20/2010 6:59:34 PM | Computer Name = Blue-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 10/20/2010 11:03:21 PM | Computer Name = Blue-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 10/23/2010 5:33:22 PM | Computer Name = Blue-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the TouchServicePen service.

Error - 10/23/2010 11:45:18 PM | Computer Name = Blue-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 10/24/2010 8:57:30 AM | Computer Name = Blue-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the TouchServicePen service.


< End of report >

 

[Broni]

You're running very low on C drive free space. It's time to start moving some stuff out.

Drive C: | 72.46 Gb Total Space | 3.18 Gb Free Space | 4.38% Space Free

=====================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

======================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  [1 C:\Users\rdeluca\Documents\*.tmp files -> C:\Users\rdeluca\Documents\*.tmp -> ]
  [1 C:\Users\rdeluca\Documents\*.tmp files -> C:\Users\rdeluca\Documents\*.tmp -> ]
  
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[buggedBoy]

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Users\rdeluca\Documents\~WRL1271.tmp deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: rdeluca
->Temp folder emptied: 16054 bytes
->Temporary Internet Files folder emptied: 124111 bytes
->Java cache emptied: 2027 bytes
->Google Chrome cache emptied: 203397811 bytes
->Flash cache emptied: 5535 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 194.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: rdeluca
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.18.0 log created on 12232010_202416

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

--------------------------=============================------------------------

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Microsoft Security Essentials
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
Microsoft Security Essentials successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Java(TM) SE Development Kit 6 Update 18
Java DB 10.4.2.1
Out of date Java installed!
Adobe Flash Player 10.1.102.64
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````




No threats found

 

[Broni]

Unless you're Java developer uninstall these:
Java(TM) SE Development Kit 6 Update 18
Java DB 10.4.2.1

====================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

 

[buggedBoy]

Computer is working much better now.

Thank you so much for the cleanup and all the tips.

So much easier than doing a full wipe and reinstall.

Have a great day, holiday and New Year.

 

[Broni]

Way to go!!

Good luck and stay safe

Merry Christmas