Solved Firefox boot slow, browser redirect, new tab opens up

[canam]

Hi there having issues with firefox slow booting, (up to 3 minutes), redirect when clicking on a link, and new windows opening on their own.
I have maleware bytes, and microsoft security essentials.
I have run combo fix and will paste result. Microsoft security essentials is turned off now after combofix, can i still use it?
since combofix the firefox seems to be working and i will update any other findings.
Do you see any errors or problems?Thanks



ComboFix 10-12-14.01 - Jeff 12/14/2010 20:34:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1982.1335 [GMT -4:00]
Running from: c:\users\Jeff\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jeff\AppData\Roaming\inst.exe
c:\users\Jeff\AppData\Roaming\Local
c:\users\Jeff\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Jeff\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Jeff\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Jeff\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\users\Jeff\Documents\Readiris.DUS
c:\windows\system32\KBL.LOG

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-11-15 to 2010-12-15 )))))))))))))))))))))))))))))))
.

2010-12-15 00:54 . 2010-12-15 00:57 -------- d-----w- c:\users\Jeff\AppData\Local\temp
2010-12-15 00:54 . 2010-12-15 00:54 -------- d-----w- c:\users\postgres\AppData\Local\temp
2010-12-15 00:54 . 2010-12-15 00:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-15 00:54 . 2010-12-15 00:54 -------- d-----w- c:\users\SHELL\AppData\Local\temp
2010-12-13 16:05 . 2010-12-13 16:05 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-12-13 16:04 . 2010-12-13 16:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-12-13 16:02 . 2010-12-13 16:06 -------- d-----w- c:\program files\DivX
2010-12-13 16:02 . 2010-12-13 16:06 -------- d-----w- c:\programdata\DivX
2010-12-12 21:31 . 2010-12-12 21:33 -------- d-----w- c:\windows\system32\catroot2
2010-12-12 01:25 . 2010-12-12 01:25 -------- d-----w- c:\users\Jeff\AppData\Local\WBFSManager
2010-12-12 01:23 . 2010-12-12 01:23 -------- d-----w- c:\program files\WBFS
2010-12-11 23:59 . 2010-07-15 12:44 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-12-11 23:59 . 2010-10-28 16:23 2217088 ----a-w- c:\windows\system32\BootMan.exe
2010-12-11 23:59 . 2010-07-15 12:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-12-11 23:59 . 2010-07-15 12:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-12-11 23:59 . 2010-07-15 12:44 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2010-12-11 23:59 . 2010-12-11 23:59 -------- d-----w- c:\program files\EASEUS
2010-12-11 16:22 . 2008-12-14 00:01 77824 ----a-w- c:\windows\system32\xvid.ax
2010-12-11 16:22 . 2008-12-05 01:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-11 16:22 . 2008-12-05 01:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-11 16:22 . 2010-12-11 16:22 -------- d-----w- c:\program files\Xvid
2010-12-11 12:09 . 2010-12-11 12:25 -------- d-----w- c:\users\Jeff\AppData\Roaming\Nero
2010-12-11 02:21 . 2010-12-11 02:22 -------- d-----w- c:\program files\Common Files\Nero
2010-12-11 02:20 . 2010-12-11 02:25 -------- d-----w- c:\programdata\Nero
2010-12-11 02:13 . 2008-10-15 10:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-12-11 02:13 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-12-10 13:13 . 2010-11-16 16:01 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F12A32A5-8DF5-469D-99AC-9CFB9B8D7DB5}\mpengine.dll
2010-12-10 13:08 . 2010-12-10 13:08 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-12-10 11:54 . 2010-12-10 11:54 -------- d-----w- c:\program files\uTorrent
2010-12-10 11:54 . 2010-12-15 00:03 -------- d-----w- c:\users\Jeff\AppData\Roaming\uTorrent
2010-12-08 13:30 . 2010-12-08 13:30 219200 ----a-w- c:\windows\system32\dtsoftbus01.sys
2010-12-08 13:22 . 2010-12-08 13:22 -------- d-----w- c:\programdata\bdch
2010-12-08 13:07 . 2010-12-08 13:07 -------- d-----w- c:\program files\BitDefender
2010-12-08 13:02 . 2010-12-08 13:02 -------- d-----w- c:\users\Jeff\AppData\Roaming\QuickScan
2010-12-08 13:01 . 2010-12-08 13:07 -------- d-----w- c:\program files\Common Files\BitDefender
2010-12-08 13:01 . 2010-12-08 13:19 62450 ----a-w- c:\programdata\bdinstall.bin
2010-12-07 11:25 . 2010-12-07 11:25 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-12-07 03:35 . 2010-11-30 15:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 03:34 . 2010-11-30 15:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 03:24 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBA4B151-505A-4B9D-9EB2-4C21043B6535}\mpengine.dll
2010-12-04 14:40 . 2010-12-04 14:40 -------- d-----w- c:\users\Jeff\AppData\Roaming\Malwarebytes
2010-12-04 14:40 . 2010-12-04 14:40 -------- d-----w- c:\programdata\Malwarebytes
2010-12-04 14:40 . 2010-12-10 11:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-23 19:54 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-17 23:30 . 2010-11-17 23:30 -------- d-----w- c:\program files\Passware
2010-11-17 11:55 . 2010-11-17 11:55 -------- d-----w- c:\program files\Intelore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-14 23:54 . 2010-08-25 10:50 420920 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-10-19 14:41 . 2009-10-03 10:04 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-03 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"Prelaunch OmniPage"="c:\program files\Nuance\OmniPage17\OmniPage17.exe" [2010-01-26 5592352]
"Nuance OmniPage 17-reminder"="c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]

c:\users\SHELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca45ea80e8e190;Google Update Service (gupdate1ca45ea80e8e190);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 133104]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AFS;AFS; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-14 420920]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-06 04:18]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 18:34]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: pogo.com\game3
TCP: {9EDE12AD-6E7E-4171-9A86-A055CBE5991D} = 24.222.0.94,24.222.0.95
FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\bljpsikf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6b978&v=6.010.006.004&i=26&tp=ab&iy=&ychte=ca&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-OpAgent - OpAgent.exe
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
HKLM-Run-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
AddRemove-Adobe Acrobat 4.0 - c:\program files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu
AddRemove-Adobe AIR - c:\program files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
AddRemove-Adobe_faf656ef605427ee2f42989c3ad31b8 - c:\program files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe
AddRemove-Greeting Card Creator 32 - c:\progra~1\GREETI~1\UNWISE.EXE
AddRemove-InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0} - c:\progra~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe
AddRemove-Mansion Poker - c:\poker\MansionPoker\_MansionPoker.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-14 20:57
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Jeff\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD1600BEVS-60RST0 rev.04.01G04 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85BAE555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85bb47b0]; MOV EAX, [0x85bb482c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81E4B962] -> \Device\Harddisk0\DR0[0x85512358]
3 CLASSPNP[0x87FAC8B3] -> ntkrnlpa!IofCallDriver[0x81E4B962] -> [0x84DCB858]
5 acpi[0x8074A6BC] -> ntkrnlpa!IofCallDriver[0x81E4B962] -> [0x84DC5030]
\Driver\atapi[0x8591E318] -> IRP_MJ_CREATE -> 0x85BAE555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-3 -> \??\IDE#DiskWDC_WD1600BEVS-60RST0___________________04.01G04#5&1f5e53fc&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x843f01f8
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"0\" InstallIS=\"1289332796\" isSubsc=\"0\" authStat_is=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"2\" moduleId1=\"8\" moduleId2=\"0\" relType=\"1\" />"

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-14 21:10:40
ComboFix-quarantined-files.txt 2010-12-15 01:10

Pre-Run: 12,929,273,856 bytes free
Post-Run: 14,584,410,112 bytes free

- - End Of File - - 1364B2C627A7C013DB80C600070ADB69

 

[Broni]

Welcome aboard

You shouldn't be running Combofix on your own.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

 

[canam]

logs

sorry about the combofix and I thank you for your time



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/19/2007 8:39:12 PM
System Uptime: 12/14/2010 11:14:54 PM (0 hours ago)

Motherboard: Quanta | | 30EA
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58 | Socket S1 | 800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 137 GiB total, 14.183 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.005 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {ff646f80-8def-11d2-9449-00105a075f6b}
Description: pcouffin device for 32 bits systems
Device ID: ROOT\PCOUFFIN\0000
Manufacturer: VSO Software
Name: pcouffin device for 32 bits systems
PNP Device ID: ROOT\PCOUFFIN\0000
Service: pcouffin

==== System Restore Points ===================

RP1154: 12/6/2010 11:01:08 PM - Restore Operation

==== Installed Programs ======================


AC3Filter (remove only)
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.4.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Software Update
ArcSoft Panorama Maker 3
Atheros Driver Installation Program
µTorrent
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Connect
ConvertXtoDVD 4.0.12.327
CyberLink YouCam
DivX Setup
DVD Decrypter (Remove Only)
DVD Suite
EA Link
EASEUS Partition Master 6.5.2 Home Edition
ESU for Microsoft Vista
Final Uninstaller
Full Tilt Poker
GameHouse
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Holdem Manager
Home Designer Suite 8
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.6
HP Easy Setup - Frontend
HP Games
HP Help and Support
HP Memories Disc
HP Photo and Imaging 2.3 - Scanjet 4600 Series
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 D2
HP Total Care Advisor
HP Update
HP User Guides 0091
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 21
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kids Cam Show and Share Creativity Center
kuler
LabelPrint
Magellan RoadMate Tools
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.13)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
Neonatal Resuscitation DVD-ROM
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
neroxml
NetWaiting
Notepad++
Nuance OmniPage 17
NVIDIA Drivers
OpenOffice.org Installer 1.0
Opera 10.63
PDF Settings CS4
Photoshop Camera Raw
PokerStars
PostgreSQL 8.4
PowerDirector
PSSWCORE
QuickTax 2008
QuickTax 2009
QuickTime
Readiris Pro 8
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
ShareIns
Skype™ 4.2
Spelling Dictionaries Support For Adobe Reader 9
Suite Shared Configuration CS4
Synaptics Pointing Device Driver
UltimateBet
Uninstall Dual Mode Camera
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VantagePoint
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
Viewpoint Media Player
WBFS Manager 3.0
Web Games Player Plugin
Windows Media Player Firefox Plugin
WinRAR archiver
Xvid 1.2.1 final uninstall

==== Event Viewer Messages From Past Week ========

12/9/2010 7:02:03 AM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
12/8/2010 9:36:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/8/2010 9:36:24 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/8/2010 9:36:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/8/2010 9:25:10 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Bdfndisf Bdftdif DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sptd tdx Wanarpv6
12/8/2010 6:04:19 PM, Error: Service Control Manager [7031] - The HP Health Check Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/8/2010 3:29:39 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2010 3:29:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/8/2010 3:29:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/8/2010 3:29:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
12/8/2010 3:27:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Bdfndisf bdfsfltr Bdftdif DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sptd tdx Wanarpv6
12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2010 3:27:27 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2010 3:26:11 PM, Error: EventLog [6008] - The previous system shutdown at 3:23:07 PM on 08/12/2010 was unexpected.
12/7/2010 7:01:48 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
12/7/2010 1:47:22 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/14/2010 8:57:07 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/14/2010 8:33:54 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
12/14/2010 8:26:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1522.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
12/14/2010 8:15:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/14/2010 8:10:53 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/14/2010 8:01:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/14/2010 6:44:15 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/14/2010 6:23:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
12/14/2010 11:48:33 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
12/14/2010 11:42:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1522.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
12/14/2010 11:42:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1522.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
12/14/2010 11:38:43 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
12/14/2010 11:38:43 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
12/14/2010 11:38:13 PM, Error: srv [2018] - The server was unable to allocate from the system paged pool because the server reached the configured limit for paged pool allocations.
12/14/2010 11:16:45 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/14/2010 11:14:54 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
12/14/2010 11:05:53 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
12/14/2010 10:16:58 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
12/13/2010 7:14:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1522.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
12/13/2010 7:04:14 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/13/2010 12:49:40 PM, Error: Service Control Manager [7022] - The Remote Access Connection Manager service hung on starting.
12/13/2010 12:49:40 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state.
12/13/2010 12:14:09 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
12/13/2010 12:14:09 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.113.102, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
12/13/2010 12:11:52 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/12/2010 7:37:47 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/12/2010 7:37:32 AM, Error: EventLog [6008] - The previous system shutdown at 7:35:34 AM on 12/12/2010 was unexpected.
12/12/2010 7:13:10 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
12/12/2010 7:13:10 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/12/2010 7:13:10 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/12/2010 7:13:10 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/12/2010 6:59:09 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/12/2010 5:30:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1522.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
12/12/2010 5:22:29 PM, Error: Microsoft-Windows-WMPNSS-Service [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
12/12/2010 5:20:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/11/2010 8:04:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
12/11/2010 7:20:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/11/2010 7:12:10 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/11/2010 5:18:00 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/11/2010 12:23:50 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/ClickPotato&threatid=153288 User: Jeff-PC\Jeff Name: Adware:Win32/ClickPotato ID: 153288 Severity: Medium Category: Adware Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.1522.0, AS: 1.95.1522.0 Engine Version: 1.1.6402.0
12/11/2010 12:23:41 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.113.105, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
12/11/2010 12:23:37 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.113.105 for the Network Card with network address 001B24E96EE5 has been denied by the DHCP server 192.168.113.1 (The DHCP Server sent a DHCPNACK message).
12/11/2010 12:09:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/11/2010 12:09:01 PM, Error: EventLog [6008] - The previous system shutdown at 12:07:36 PM on 11/12/2010 was unexpected.
12/11/2010 10:10:15 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1522.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
12/11/2010 10:00:00 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/10/2010 9:54:02 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/10/2010 9:22:44 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/10/2010 9:11:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007041d Error description: The service did not respond to the start or control request in a timely fashion.
12/10/2010 8:50:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr sptd Wanarpv6
12/10/2010 8:50:01 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/10/2010 8:49:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/10/2010 8:49:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/10/2010 8:49:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/10/2010 7:56:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/10/2010 10:39:09 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/10/2010 10:30:54 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/10/2010 10:15:59 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

==== End Of File ===========================

 

[canam]

logs cont

DDS (Ver_10-12-12.02) - NTFSx86
Run by Jeff at 23:48:44.54 on Tue 12/14/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1982.1070 [GMT -4:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jeff\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
mURLSearchHooks: H - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Prelaunch OmniPage] "c:\program files\nuance\omnipage17\OmniPage17.exe" /preload
mRun: [Nuance OmniPage 17-reminder] "c:\program files\nuance\omnipage17\ereg\ereg.exe" -r "c:\programdata\scansoft\omnipage 17\ereg\Ereg.ini"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\users\jeff\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: pogo.com\game3
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {9EDE12AD-6E7E-4171-9A86-A055CBE5991D} = 24.222.0.94,24.222.0.95
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\jeff\appdata\roaming\mozilla\firefox\profiles\bljpsikf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6b978&v=6.010.006.004&i=26&tp=ab&iy=&ychte=ca&lng=en-US&q=
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2008-8-29 77004]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-20 24652]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca45ea80e8e190;Google Update Service (gupdate1ca45ea80e8e190);c:\program files\google\update\GoogleUpdate.exe [2009-10-5 133104]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-12-11 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-12-11 8456]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-26 21504]
S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe --> c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-15 03:41:07 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{2ff6d50b-01c9-4e01-84a8-c72fbf58cc2e}\mpengine.dll
2010-12-15 01:11:03 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-15 01:10:53 -------- d-----w- c:\users\jeff\appdata\local\temp
2010-12-15 00:21:01 98816 ----a-w- c:\windows\sed.exe
2010-12-15 00:21:01 89088 ----a-w- c:\windows\MBR.exe
2010-12-15 00:21:01 256512 ----a-w- c:\windows\PEV.exe
2010-12-15 00:21:01 161792 ----a-w- c:\windows\SWREG.exe
2010-12-13 16:05:49 -------- d-----w- c:\program files\common files\PX Storage Engine
2010-12-13 16:04:34 -------- d-----w- c:\program files\common files\DivX Shared
2010-12-13 16:02:56 -------- d-----w- c:\program files\DivX
2010-12-13 16:02:33 -------- d-----w- c:\progra~2\DivX
2010-12-12 21:31:01 -------- d-----w- c:\windows\system32\catroot2
2010-12-12 01:25:25 -------- d-----w- c:\users\jeff\appdata\local\WBFSManager
2010-12-12 01:23:43 -------- d-----w- c:\program files\WBFS
2010-12-11 23:59:47 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-12-11 23:59:46 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-12-11 23:59:46 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-12-11 23:59:46 2217088 ----a-w- c:\windows\system32\BootMan.exe
2010-12-11 23:59:46 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2010-12-11 23:59:27 -------- d-----w- c:\program files\EASEUS
2010-12-11 16:22:47 815104 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-11 16:22:47 77824 ----a-w- c:\windows\system32\xvid.ax
2010-12-11 16:22:47 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-11 16:22:46 -------- d-----w- c:\program files\Xvid
2010-12-11 02:20:15 -------- d-----w- c:\progra~2\Nero
2010-12-11 02:13:43 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-12-11 02:13:24 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-12-10 13:08:19 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-12-10 11:54:57 -------- d-----w- c:\program files\uTorrent
2010-12-10 11:54:30 -------- d-----w- c:\users\jeff\appdata\roaming\uTorrent
2010-12-08 13:30:33 219200 ----a-w- c:\windows\system32\dtsoftbus01.sys
2010-12-08 13:22:31 -------- d-----w- c:\progra~2\bdch
2010-12-08 13:07:32 -------- d-----w- c:\program files\BitDefender
2010-12-08 13:02:46 -------- d-----w- c:\users\jeff\appdata\roaming\QuickScan
2010-12-08 13:01:42 -------- d-----w- c:\program files\common files\BitDefender
2010-12-08 13:01:00 62450 ----a-w- c:\progra~2\bdinstall.bin
2010-12-07 11:25:54 -------- d-----w- c:\progra~2\AVG Security Toolbar
2010-12-07 03:35:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 03:34:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 03:24:48 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{eba4b151-505a-4b9d-9eb2-4c21043b6535}\mpengine.dll
2010-12-04 14:40:47 -------- d-----w- c:\users\jeff\appdata\roaming\Malwarebytes
2010-12-04 14:40:26 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-04 14:40:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-23 19:54:52 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-17 23:30:56 -------- d-----w- c:\program files\Passware
2010-11-17 11:55:05 -------- d-----w- c:\program files\Intelore

==================== Find3M ====================

2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-10-19 14:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD1600BEVS-60RST0 rev.04.01G04 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85BAF555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85bb57b0]; MOV EAX, [0x85bb582c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81E86962] -> \Device\Harddisk0\DR0[0x85513AC8]
3 CLASSPNP[0x87FA28B3] -> ntkrnlpa!IofCallDriver[0x81E86962] -> [0x84DC9858]
5 acpi[0x807466BC] -> ntkrnlpa!IofCallDriver[0x81E86962] -> [0x84DC7030]
\Driver\atapi[0x85A220B8] -> IRP_MJ_CREATE -> 0x85BAF555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-3 -> \??\IDE#DiskWDC_WD1600BEVS-60RST0___________________04.01G04#5&1f5e53fc&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x843e41f8
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 23:49:43.64 ===============
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5315

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

12/14/2010 11:26:20 PM
mbam-log-2010-12-14 (23-26-20).txt

Scan type: Quick scan
Objects scanned: 175898
Time elapsed: 5 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Broni]

And GMER....

 

[canam]

gmr oops

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-14 23:32:58
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort2 WDC_WD1600BEVS-60RST0 rev.04.01G04
Running: h03ml3le.exe; Driver: C:\Users\Jeff\AppData\Local\Temp\kxldypob.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 312581552 (+255): rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 843E41F8
Device \Driver\atapi \Device\Ide\IdePort0 843E41F8
Device \Driver\atapi \Device\Ide\IdePort1 843E41F8
Device \Driver\atapi \Device\Ide\IdePort2 843E41F8
Device \Driver\atapi \Device\Ide\IdePort3 843E41F8
Device \FileSystem\Ntfs \Ntfs 843E51F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP2T0L0-3 -> \??\IDE#DiskWDC_WD1600BEVS-60RST0___________________04.01G04#5&1f5e53fc&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[canam]

2010/12/16 07:04:21.0210 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/16 07:04:21.0210 ================================================================================
2010/12/16 07:04:21.0210 SystemInfo:
2010/12/16 07:04:21.0210
2010/12/16 07:04:21.0210 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/16 07:04:21.0211 Product type: Workstation
2010/12/16 07:04:21.0211 ComputerName: JEFF-PC
2010/12/16 07:04:21.0212 UserName: Jeff
2010/12/16 07:04:21.0212 Windows directory: C:\Windows
2010/12/16 07:04:21.0212 System windows directory: C:\Windows
2010/12/16 07:04:21.0212 Processor architecture: Intel x86
2010/12/16 07:04:21.0212 Number of processors: 2
2010/12/16 07:04:21.0212 Page size: 0x1000
2010/12/16 07:04:21.0212 Boot type: Normal boot
2010/12/16 07:04:21.0212 ================================================================================
2010/12/16 07:04:22.0498 Initialize success
2010/12/16 07:04:26.0429 ================================================================================
2010/12/16 07:04:26.0429 Scan started
2010/12/16 07:04:26.0429 Mode: Manual;
2010/12/16 07:04:26.0429 ================================================================================
2010/12/16 07:04:28.0510 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/16 07:04:28.0624 adfs (ece68655d81d662bc961abc05ba9680e) C:\Windows\system32\drivers\adfs.sys
2010/12/16 07:04:28.0721 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/12/16 07:04:28.0879 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/12/16 07:04:28.0951 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/12/16 07:04:29.0030 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/12/16 07:04:29.0169 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/16 07:04:29.0269 AFS (be913403ed7219894b30e362fd8d4313) C:\Windows\system32\drivers\AFS.sys
2010/12/16 07:04:29.0454 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/12/16 07:04:29.0543 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/16 07:04:29.0618 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/12/16 07:04:29.0682 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/12/16 07:04:29.0753 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/12/16 07:04:29.0818 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/12/16 07:04:29.0909 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/16 07:04:30.0027 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/12/16 07:04:30.0089 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/12/16 07:04:30.0210 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/16 07:04:30.0298 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/12/16 07:04:30.0444 athr (0437199c88f6e88a387cfec8a8886a6e) C:\Windows\system32\DRIVERS\athr.sys
2010/12/16 07:04:30.0650 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/12/16 07:04:30.0774 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/16 07:04:30.0966 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/16 07:04:31.0092 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/16 07:04:31.0152 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/16 07:04:31.0252 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/16 07:04:31.0332 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/16 07:04:31.0398 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/16 07:04:31.0473 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/16 07:04:31.0598 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/16 07:04:32.0012 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/16 07:04:32.0161 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/16 07:04:32.0281 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/12/16 07:04:32.0388 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/16 07:04:32.0508 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/16 07:04:32.0594 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/12/16 07:04:32.0690 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2010/12/16 07:04:32.0824 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/16 07:04:32.0884 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/12/16 07:04:32.0961 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/12/16 07:04:33.0148 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/16 07:04:33.0345 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/16 07:04:33.0484 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/16 07:04:33.0642 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/16 07:04:33.0805 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2010/12/16 07:04:34.0036 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/16 07:04:34.0272 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/16 07:04:34.0458 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/12/16 07:04:34.0599 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
2010/12/16 07:04:34.0798 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
2010/12/16 07:04:34.0976 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/16 07:04:35.0100 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/16 07:04:35.0237 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/16 07:04:35.0360 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/16 07:04:35.0434 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/16 07:04:35.0601 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/16 07:04:35.0710 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/16 07:04:35.0859 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/16 07:04:35.0934 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/16 07:04:36.0084 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2010/12/16 07:04:36.0167 HdAudAddService (7be40bb4cd16d8760e18ea981ff452ec) C:\Windows\system32\drivers\CHDART.sys
2010/12/16 07:04:36.0285 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/16 07:04:36.0365 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/16 07:04:36.0415 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/16 07:04:36.0529 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/16 07:04:36.0660 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/12/16 07:04:36.0764 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2010/12/16 07:04:36.0916 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/12/16 07:04:37.0093 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/12/16 07:04:37.0226 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/12/16 07:04:37.0344 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/12/16 07:04:37.0455 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/12/16 07:04:37.0569 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/16 07:04:37.0723 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/16 07:04:37.0960 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/12/16 07:04:38.0084 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/16 07:04:38.0222 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2010/12/16 07:04:38.0281 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/16 07:04:38.0415 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/16 07:04:38.0612 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/16 07:04:38.0708 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/16 07:04:38.0839 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/16 07:04:38.0930 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/12/16 07:04:39.0098 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/16 07:04:39.0190 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/16 07:04:39.0321 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/16 07:04:39.0451 JL2005C (78648c0450b9af8d1bbc5fd86dec1642) C:\Windows\system32\Drivers\jl2005c.sys
2010/12/16 07:04:39.0584 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/16 07:04:39.0685 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/16 07:04:39.0920 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/16 07:04:40.0067 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/16 07:04:40.0189 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/16 07:04:40.0269 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/16 07:04:40.0356 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/16 07:04:40.0468 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/16 07:04:40.0678 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2010/12/16 07:04:40.0839 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/12/16 07:04:41.0019 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/12/16 07:04:41.0167 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/16 07:04:41.0263 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/16 07:04:41.0397 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/16 07:04:41.0464 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/16 07:04:41.0584 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/16 07:04:41.0705 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/12/16 07:04:41.0799 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/12/16 07:04:42.0039 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/12/16 07:04:42.0185 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/16 07:04:42.0279 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/16 07:04:42.0373 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/16 07:04:42.0464 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/16 07:04:42.0531 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/16 07:04:42.0614 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/16 07:04:42.0682 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2010/12/16 07:04:42.0748 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/12/16 07:04:42.0891 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/16 07:04:42.0995 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/16 07:04:43.0123 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/16 07:04:43.0200 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/16 07:04:43.0263 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/16 07:04:43.0369 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/16 07:04:43.0465 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/16 07:04:43.0517 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/16 07:04:43.0575 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/16 07:04:43.0700 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/16 07:04:43.0872 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/16 07:04:43.0972 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/16 07:04:44.0110 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/16 07:04:44.0243 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/16 07:04:44.0352 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/16 07:04:44.0458 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/16 07:04:44.0569 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/16 07:04:44.0717 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/16 07:04:44.0835 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/16 07:04:44.0950 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/16 07:04:45.0122 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/16 07:04:45.0273 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/16 07:04:45.0439 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/16 07:04:45.0607 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2010/12/16 07:04:46.0096 nvlddmkm (d65bc32c1795191b7f2b028351ab4fe2) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/12/16 07:04:46.0351 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/12/16 07:04:46.0438 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
2010/12/16 07:04:46.0520 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/12/16 07:04:46.0613 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/12/16 07:04:46.0882 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/12/16 07:04:47.0073 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/16 07:04:47.0186 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/16 07:04:47.0270 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/16 07:04:47.0409 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/16 07:04:47.0485 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/12/16 07:04:47.0568 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/16 07:04:47.0716 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/16 07:04:48.0506 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/16 07:04:48.0592 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/12/16 07:04:48.0741 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/16 07:04:48.0854 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/12/16 07:04:48.0970 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/16 07:04:49.0079 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/16 07:04:49.0274 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/16 07:04:49.0418 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/16 07:04:49.0667 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/16 07:04:49.0802 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/16 07:04:49.0975 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/16 07:04:50.0116 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/16 07:04:50.0256 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/12/16 07:04:50.0333 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/16 07:04:50.0542 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/16 07:04:50.0740 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/12/16 07:04:50.0864 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/12/16 07:04:51.0076 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/12/16 07:04:51.0331 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/16 07:04:51.0489 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/16 07:04:51.0730 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2010/12/16 07:04:51.0868 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/16 07:04:52.0210 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/16 07:04:52.0456 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/16 07:04:52.0560 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/16 07:04:52.0801 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/16 07:04:52.0986 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/16 07:04:53.0079 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/16 07:04:53.0160 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/16 07:04:53.0296 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/12/16 07:04:53.0428 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/12/16 07:04:53.0494 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/12/16 07:04:53.0693 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/16 07:04:53.0866 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/16 07:04:54.0096 sptd (87b5595eb1c623ff5887e36a35e51ba2) C:\Windows\system32\Drivers\sptd.sys
2010/12/16 07:04:54.0096 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 87b5595eb1c623ff5887e36a35e51ba2
2010/12/16 07:04:54.0134 sptd - detected Locked file (1)
2010/12/16 07:04:54.0384 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/16 07:04:54.0659 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/16 07:04:54.0717 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/16 07:04:54.0852 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/16 07:04:54.0968 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/16 07:04:55.0092 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/16 07:04:55.0161 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/16 07:04:55.0308 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/16 07:04:55.0554 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/16 07:04:55.0746 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/16 07:04:55.0883 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/16 07:04:56.0150 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/16 07:04:56.0235 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/16 07:04:56.0326 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/16 07:04:56.0416 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/16 07:04:56.0593 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/16 07:04:56.0690 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/16 07:04:56.0784 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/16 07:04:56.0861 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/12/16 07:04:56.0955 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/16 07:04:57.0072 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/16 07:04:57.0142 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/12/16 07:04:57.0203 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/16 07:04:57.0305 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/16 07:04:57.0385 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/16 07:04:57.0533 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/16 07:04:57.0608 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/16 07:04:57.0700 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/16 07:04:57.0799 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/16 07:04:57.0885 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/16 07:04:57.0959 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/16 07:04:58.0051 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/16 07:04:58.0118 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/16 07:04:58.0221 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/16 07:04:58.0359 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/16 07:04:58.0472 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/16 07:04:58.0543 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/16 07:04:58.0620 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/12/16 07:04:58.0697 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/12/16 07:04:58.0808 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/12/16 07:04:58.0934 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/16 07:04:59.0059 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/16 07:04:59.0170 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/12/16 07:04:59.0253 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/12/16 07:04:59.0439 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/16 07:04:59.0517 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/16 07:04:59.0575 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/16 07:04:59.0686 wceusbsh (dc7f91b2ed24a738c807ea07f298928c) C:\Windows\system32\DRIVERS\wceusbsh.sys
2010/12/16 07:04:59.0798 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/12/16 07:04:59.0917 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/16 07:05:00.0307 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/12/16 07:05:00.0545 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/16 07:05:00.0765 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/16 07:05:00.0874 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/16 07:05:01.0059 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/16 07:05:01.0151 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2010/12/16 07:05:01.0286 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/16 07:05:01.0301 ================================================================================
2010/12/16 07:05:01.0301 Scan finished
2010/12/16 07:05:01.0301 ================================================================================
2010/12/16 07:05:01.0344 Detected object count: 2
2010/12/16 07:05:31.0698 Locked file(sptd) - User select action: Skip
2010/12/16 07:05:31.0724 \HardDisk0 - will be cured after reboot
2010/12/16 07:05:31.0726 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/16 07:05:36.0822 Deinitialize success

 

[Broni]

Good job
We just killed a rootkit.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================

Download Bootkit Remover to your Desktop.

• You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
• After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[canam]

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: df1c10548966c4f16c540ebf80ffd180

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

 

[Broni]

We need to fix your MBR....

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

• Place a blank CD in your CD drive.
• Double click on NTBR_CD.exe file and a folder of the same name will appear.
• Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
• Follow the prompts to burn the CD.

• Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
• If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

• Insert the newly created CD into your infected PC and reboot your computer.
• Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
• Read the warning and then continue as prompted.
• You first need to select your keyboard layout - press Enter for English.
• Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
• On the following screen enter 5 to select Install Standard MBR code.
• Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
• When asked to confirm please do so.
• Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
• Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

 

[canam]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario F700 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 154):
0x81E3B000 \SystemRoot\system32\ntkrnlpa.exe
0x81E08000 \SystemRoot\system32\hal.dll
0x80409000 \SystemRoot\system32\kdcom.dll
0x80410000 \SystemRoot\system32\PSHED.dll
0x80421000 \SystemRoot\system32\BOOTVID.dll
0x80429000 \SystemRoot\system32\CLFS.SYS
0x8046A000 \SystemRoot\system32\CI.dll
0x8054A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805BB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80604000 \SystemRoot\System32\Drivers\sptd.sys
0x80710000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80719000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8073F000 \SystemRoot\system32\drivers\acpi.sys
0x80785000 \SystemRoot\system32\drivers\msisadrv.sys
0x8078D000 \SystemRoot\system32\drivers\pci.sys
0x807B4000 \SystemRoot\System32\drivers\partmgr.sys
0x807C3000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x807C6000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x807D0000 \SystemRoot\system32\drivers\volmgr.sys
0x82803000 \SystemRoot\System32\drivers\volmgrx.sys
0x8284D000 \SystemRoot\system32\drivers\pciide.sys
0x82854000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82862000 \SystemRoot\System32\drivers\mountmgr.sys
0x82872000 \SystemRoot\system32\drivers\atapi.sys
0x8287A000 \SystemRoot\system32\drivers\ataport.SYS
0x82898000 \SystemRoot\System32\Drivers\AFS.sys
0x828A5000 \SystemRoot\system32\drivers\fltmgr.sys
0x828D7000 \SystemRoot\system32\drivers\fileinfo.sys
0x828E7000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82A0D000 \SystemRoot\system32\drivers\ndis.sys
0x82B18000 \SystemRoot\system32\drivers\msrpc.sys
0x82B43000 \SystemRoot\system32\drivers\NETIO.SYS
0x87C0E000 \SystemRoot\System32\drivers\tcpip.sys
0x87CF8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87E0E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87F1E000 \SystemRoot\system32\drivers\volsnap.sys
0x87F57000 \SystemRoot\System32\Drivers\spldr.sys
0x87F5F000 \SystemRoot\System32\Drivers\mup.sys
0x87F6E000 \SystemRoot\System32\drivers\ecache.sys
0x87F95000 \SystemRoot\system32\drivers\disk.sys
0x87FA6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87FC7000 \SystemRoot\system32\drivers\crcdisk.sys
0x87FF0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87E00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87D13000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x87E09000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x87FFB000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x87D23000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x87D33000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x87D3A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x87D43000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x87D46000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x87D50000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87D8E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x87D9D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x82958000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x87DB5000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x87DCF000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x87DE0000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x82B7E000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8BA08000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8BB08000 \SystemRoot\system32\DRIVERS\athr.sys
0x8BC06000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C338000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C3D9000 \SystemRoot\System32\drivers\watchdog.sys
0x8C3E5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C3F8000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8BBC1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C407000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8C442000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C444000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C44F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C47E000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C4BF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C4CA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C4E1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C4EC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C50F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C51E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C532000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C547000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C557000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x8C574000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C576000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C5A0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C5AA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C5B7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8C5C0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BBCC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x805C9000 \SystemRoot\system32\drivers\CHDRT32.sys
0x82BD0000 \SystemRoot\system32\drivers\portcls.sys
0x8CA0D000 \SystemRoot\system32\drivers\drmk.sys
0x8CA32000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8CA70000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8CE09000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8CEBE000 \SystemRoot\system32\drivers\modem.sys
0x8CECB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CEE2000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8CF03000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8CF26000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8CF2F000 \SystemRoot\System32\Drivers\Null.SYS
0x8CF36000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CF3D000 \SystemRoot\System32\drivers\vga.sys
0x8CF49000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CF6A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CF72000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CF7A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CF85000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CF93000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CF9C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CFB2000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CFC6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CB73000 \SystemRoot\system32\drivers\afd.sys
0x8CBBB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CBD1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CBDF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D008000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D044000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D04E000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D065000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D072000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D07D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95890000 \SystemRoot\System32\win32k.sys
0x8D085000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D08F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95AB0000 \SystemRoot\System32\TSDDD.dll
0x95AD0000 \SystemRoot\System32\cdd.dll
0x95AE0000 \SystemRoot\System32\ATMFD.DLL
0x8D09E000 \SystemRoot\system32\drivers\luafv.sys
0x8D0C1000 \SystemRoot\system32\drivers\spsys.sys
0x8D171000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8D181000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8D1AB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8D1B5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9B802000 \SystemRoot\system32\drivers\HTTP.sys
0x9B86F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B88C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9B8A5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9B8BA000 \SystemRoot\system32\drivers\mrxdav.sys
0x9B8DB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B8FA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9B933000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B94B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B973000 \SystemRoot\System32\DRIVERS\srv.sys
0x9B9D9000 \SystemRoot\System32\Drivers\adfs.SYS
0x9B9EA000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9C602000 \SystemRoot\system32\drivers\peauth.sys
0x9C6E0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9C6EA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9C6F6000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9C6FE000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x9C707000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x9C72D000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77D40000 \Windows\System32\ntdll.dll

Processes (total 70):
0 System Idle Process
4 System
448 C:\Windows\System32\smss.exe
516 csrss.exe
568 C:\Windows\System32\wininit.exe
580 csrss.exe
612 C:\Windows\System32\services.exe
624 C:\Windows\System32\lsass.exe
632 C:\Windows\System32\lsm.exe
716 C:\Windows\System32\winlogon.exe
824 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\nvvsvc.exe
900 C:\Windows\System32\svchost.exe
952 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1076 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\audiodg.exe
1344 C:\Windows\System32\svchost.exe
1360 C:\Windows\System32\SLsvc.exe
1380 C:\Windows\System32\svchost.exe
1436 C:\Windows\System32\rundll32.exe
1572 C:\Windows\System32\svchost.exe
1768 C:\Windows\System32\spoolsv.exe
1792 C:\Windows\System32\svchost.exe
2016 C:\Program Files\Nero\Update\NASvc.exe
124 C:\Windows\System32\svchost.exe
1312 C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
1408 C:\Windows\System32\svchost.exe
1580 C:\Program Files\Viewpoint\Common\ViewpointService.exe
1600 postgres.exe
1840 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\SearchIndexer.exe
1912 postgres.exe
608 postgres.exe
1536 postgres.exe
1668 postgres.exe
2052 C:\Windows\System32\drivers\XAudio.exe
2108 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
2372 C:\Windows\System32\taskeng.exe
2740 C:\Windows\System32\taskeng.exe
2812 C:\Windows\System32\dwm.exe
2884 C:\Windows\explorer.exe
3132 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
3152 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3168 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3188 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
3196 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3236 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
3252 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3260 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
3312 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3332 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3376 C:\Windows\System32\rundll32.exe
3432 C:\Program Files\Microsoft Security Essentials\msseces.exe
3456 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3508 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3528 C:\Program Files\Windows Media Player\wmpnscfg.exe
3616 WmiPrvSE.exe
3640 C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
3912 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
3024 C:\Windows\System32\alg.exe
3408 C:\Program Files\Windows Media Player\wmpnetwk.exe
3976 C:\Program Files\Google\Chrome\Application\chrome.exe
3812 C:\Program Files\Google\Chrome\Application\chrome.exe
2480 C:\Program Files\Google\Chrome\Application\chrome.exe
2404 C:\Windows\System32\SearchProtocolHost.exe
1232 C:\Windows\System32\SearchFilterHost.exe
2292 C:\Users\Jeff\Desktop\MBRCheck.exe
3804 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`53ff8a00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVS-60RST0, Rev: 04.01G04

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

[Broni]

Good job

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[canam]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario F700 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 154):
0x81E3B000 \SystemRoot\system32\ntkrnlpa.exe
0x81E08000 \SystemRoot\system32\hal.dll
0x80409000 \SystemRoot\system32\kdcom.dll
0x80410000 \SystemRoot\system32\PSHED.dll
0x80421000 \SystemRoot\system32\BOOTVID.dll
0x80429000 \SystemRoot\system32\CLFS.SYS
0x8046A000 \SystemRoot\system32\CI.dll
0x8054A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805BB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80604000 \SystemRoot\System32\Drivers\sptd.sys
0x80710000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80719000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8073F000 \SystemRoot\system32\drivers\acpi.sys
0x80785000 \SystemRoot\system32\drivers\msisadrv.sys
0x8078D000 \SystemRoot\system32\drivers\pci.sys
0x807B4000 \SystemRoot\System32\drivers\partmgr.sys
0x807C3000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x807C6000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x807D0000 \SystemRoot\system32\drivers\volmgr.sys
0x82803000 \SystemRoot\System32\drivers\volmgrx.sys
0x8284D000 \SystemRoot\system32\drivers\pciide.sys
0x82854000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82862000 \SystemRoot\System32\drivers\mountmgr.sys
0x82872000 \SystemRoot\system32\drivers\atapi.sys
0x8287A000 \SystemRoot\system32\drivers\ataport.SYS
0x82898000 \SystemRoot\System32\Drivers\AFS.sys
0x828A5000 \SystemRoot\system32\drivers\fltmgr.sys
0x828D7000 \SystemRoot\system32\drivers\fileinfo.sys
0x828E7000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82A0D000 \SystemRoot\system32\drivers\ndis.sys
0x82B18000 \SystemRoot\system32\drivers\msrpc.sys
0x82B43000 \SystemRoot\system32\drivers\NETIO.SYS
0x87C0E000 \SystemRoot\System32\drivers\tcpip.sys
0x87CF8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87E0E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87F1E000 \SystemRoot\system32\drivers\volsnap.sys
0x87F57000 \SystemRoot\System32\Drivers\spldr.sys
0x87F5F000 \SystemRoot\System32\Drivers\mup.sys
0x87F6E000 \SystemRoot\System32\drivers\ecache.sys
0x87F95000 \SystemRoot\system32\drivers\disk.sys
0x87FA6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87FC7000 \SystemRoot\system32\drivers\crcdisk.sys
0x87FF0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87E00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87D13000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x87E09000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x87FFB000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x87D23000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x87D33000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x87D3A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x87D43000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x87D46000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x87D50000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87D8E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x87D9D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x82958000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x87DB5000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x87DCF000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x87DE0000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x82B7E000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8BA08000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8BB08000 \SystemRoot\system32\DRIVERS\athr.sys
0x8BC06000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C338000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C3D9000 \SystemRoot\System32\drivers\watchdog.sys
0x8C3E5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C3F8000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8BBC1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C407000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8C442000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C444000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C44F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C47E000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C4BF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C4CA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C4E1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C4EC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C50F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C51E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C532000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C547000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C557000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x8C574000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C576000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C5A0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C5AA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C5B7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8C5C0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BBCC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x805C9000 \SystemRoot\system32\drivers\CHDRT32.sys
0x82BD0000 \SystemRoot\system32\drivers\portcls.sys
0x8CA0D000 \SystemRoot\system32\drivers\drmk.sys
0x8CA32000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8CA70000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8CE09000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8CEBE000 \SystemRoot\system32\drivers\modem.sys
0x8CECB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CEE2000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8CF03000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8CF26000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8CF2F000 \SystemRoot\System32\Drivers\Null.SYS
0x8CF36000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CF3D000 \SystemRoot\System32\drivers\vga.sys
0x8CF49000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CF6A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CF72000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CF7A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CF85000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CF93000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CF9C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CFB2000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CFC6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CB73000 \SystemRoot\system32\drivers\afd.sys
0x8CBBB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CBD1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CBDF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D008000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D044000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D04E000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D065000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D072000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D07D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95890000 \SystemRoot\System32\win32k.sys
0x8D085000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D08F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95AB0000 \SystemRoot\System32\TSDDD.dll
0x95AD0000 \SystemRoot\System32\cdd.dll
0x95AE0000 \SystemRoot\System32\ATMFD.DLL
0x8D09E000 \SystemRoot\system32\drivers\luafv.sys
0x8D0C1000 \SystemRoot\system32\drivers\spsys.sys
0x8D171000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8D181000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8D1AB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8D1B5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9B802000 \SystemRoot\system32\drivers\HTTP.sys
0x9B86F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B88C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9B8A5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9B8BA000 \SystemRoot\system32\drivers\mrxdav.sys
0x9B8DB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B8FA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9B933000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B94B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B973000 \SystemRoot\System32\DRIVERS\srv.sys
0x9B9D9000 \SystemRoot\System32\Drivers\adfs.SYS
0x9B9EA000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9C602000 \SystemRoot\system32\drivers\peauth.sys
0x9C6E0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9C6EA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9C6F6000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9C6FE000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x9C707000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x9C72D000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77D40000 \Windows\System32\ntdll.dll

Processes (total 70):
0 System Idle Process
4 System
448 C:\Windows\System32\smss.exe
516 csrss.exe
568 C:\Windows\System32\wininit.exe
580 csrss.exe
612 C:\Windows\System32\services.exe
624 C:\Windows\System32\lsass.exe
632 C:\Windows\System32\lsm.exe
716 C:\Windows\System32\winlogon.exe
824 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\nvvsvc.exe
900 C:\Windows\System32\svchost.exe
952 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1076 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\audiodg.exe
1344 C:\Windows\System32\svchost.exe
1360 C:\Windows\System32\SLsvc.exe
1380 C:\Windows\System32\svchost.exe
1436 C:\Windows\System32\rundll32.exe
1572 C:\Windows\System32\svchost.exe
1768 C:\Windows\System32\spoolsv.exe
1792 C:\Windows\System32\svchost.exe
2016 C:\Program Files\Nero\Update\NASvc.exe
124 C:\Windows\System32\svchost.exe
1312 C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
1408 C:\Windows\System32\svchost.exe
1580 C:\Program Files\Viewpoint\Common\ViewpointService.exe
1600 postgres.exe
1840 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\SearchIndexer.exe
1912 postgres.exe
608 postgres.exe
1536 postgres.exe
1668 postgres.exe
2052 C:\Windows\System32\drivers\XAudio.exe
2108 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
2372 C:\Windows\System32\taskeng.exe
2740 C:\Windows\System32\taskeng.exe
2812 C:\Windows\System32\dwm.exe
2884 C:\Windows\explorer.exe
3132 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
3152 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3168 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3188 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
3196 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3236 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
3252 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3260 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
3312 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3332 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3376 C:\Windows\System32\rundll32.exe
3432 C:\Program Files\Microsoft Security Essentials\msseces.exe
3456 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3508 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3528 C:\Program Files\Windows Media Player\wmpnscfg.exe
3616 WmiPrvSE.exe
3640 C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
3912 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
3024 C:\Windows\System32\alg.exe
3408 C:\Program Files\Windows Media Player\wmpnetwk.exe
3976 C:\Program Files\Google\Chrome\Application\chrome.exe
3812 C:\Program Files\Google\Chrome\Application\chrome.exe
2480 C:\Program Files\Google\Chrome\Application\chrome.exe
2404 C:\Windows\System32\SearchProtocolHost.exe
1232 C:\Windows\System32\SearchFilterHost.exe
2292 C:\Users\Jeff\Desktop\MBRCheck.exe
3804 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`53ff8a00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVS-60RST0, Rev: 04.01G04

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

[Broni]

Looks good
Go on....

 

[canam]

I thank you for your time and input. On a side note why doesn't the anti-virus and malware protection find these issues?

 

[Broni]

There is no perfect security program.

I still need Combofix log.

 

[canam]

i posted it but it said ot needed admin approval

 

[Broni]

I don't see Combofix log.

 

[canam]

can i re run combo fix?

 

[Broni]

If you really ran Combofix already, look for C:\combofix.txt file.
If it's there, paste its content.

 

[canam]

lol search for combofix didnt work but adding c: to it helps

ComboFix 10-12-17.02 - Jeff 12/18/2010 9:54.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1982.1192 [GMT -4:00]
Running from: c:\users\Jeff\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 )))))))))))))))))))))))))))))))
.

2010-12-18 14:14 . 2010-12-18 14:15 -------- d-----w- c:\users\Jeff\AppData\Local\temp
2010-12-18 14:14 . 2010-12-18 14:14 -------- d-----w- c:\users\SHELL\AppData\Local\temp
2010-12-18 14:14 . 2010-12-18 14:14 -------- d-----w- c:\users\postgres\AppData\Local\temp
2010-12-18 14:14 . 2010-12-18 14:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-17 11:37 . 2010-11-16 16:01 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9329974A-32ED-4308-B237-CC973B97B68A}\mpengine.dll
2010-12-16 22:17 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 22:17 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-16 11:18 . 2010-11-16 16:01 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-13 16:05 . 2010-12-13 16:05 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-12-13 16:04 . 2010-12-13 16:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-12-13 16:02 . 2010-12-13 16:06 -------- d-----w- c:\program files\DivX
2010-12-13 16:02 . 2010-12-13 16:06 -------- d-----w- c:\programdata\DivX
2010-12-12 21:31 . 2010-12-16 22:16 -------- d-----w- c:\windows\system32\catroot2
2010-12-12 01:25 . 2010-12-12 01:25 -------- d-----w- c:\users\Jeff\AppData\Local\WBFSManager
2010-12-12 01:23 . 2010-12-12 01:23 -------- d-----w- c:\program files\WBFS
2010-12-11 23:59 . 2010-07-15 12:44 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-12-11 23:59 . 2010-10-28 16:23 2217088 ----a-w- c:\windows\system32\BootMan.exe
2010-12-11 23:59 . 2010-07-15 12:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-12-11 23:59 . 2010-07-15 12:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-12-11 23:59 . 2010-07-15 12:44 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2010-12-11 16:22 . 2008-12-14 00:01 77824 ----a-w- c:\windows\system32\xvid.ax
2010-12-11 16:22 . 2008-12-05 01:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-11 16:22 . 2008-12-05 01:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-11 16:22 . 2010-12-11 16:22 -------- d-----w- c:\program files\Xvid
2010-12-11 12:09 . 2010-12-11 12:25 -------- d-----w- c:\users\Jeff\AppData\Roaming\Nero
2010-12-11 02:21 . 2010-12-11 02:22 -------- d-----w- c:\program files\Common Files\Nero
2010-12-11 02:20 . 2010-12-11 02:25 -------- d-----w- c:\programdata\Nero
2010-12-11 02:13 . 2008-10-15 10:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-12-11 02:13 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-12-10 13:08 . 2010-12-10 13:08 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-12-10 11:54 . 2010-12-10 11:54 -------- d-----w- c:\program files\uTorrent
2010-12-10 11:54 . 2010-12-18 13:37 -------- d-----w- c:\users\Jeff\AppData\Roaming\uTorrent
2010-12-08 13:30 . 2010-12-08 13:30 219200 ----a-w- c:\windows\system32\dtsoftbus01.sys
2010-12-08 13:22 . 2010-12-08 13:22 -------- d-----w- c:\programdata\bdch
2010-12-08 13:07 . 2010-12-08 13:07 -------- d-----w- c:\program files\BitDefender
2010-12-08 13:02 . 2010-12-08 13:02 -------- d-----w- c:\users\Jeff\AppData\Roaming\QuickScan
2010-12-08 13:01 . 2010-12-08 13:19 62450 ----a-w- c:\programdata\bdinstall.bin
2010-12-07 11:25 . 2010-12-07 11:25 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-12-07 03:35 . 2010-11-30 15:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 03:34 . 2010-11-30 15:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 03:24 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBA4B151-505A-4B9D-9EB2-4C21043B6535}\mpengine.dll
2010-12-04 14:40 . 2010-12-04 14:40 -------- d-----w- c:\users\Jeff\AppData\Roaming\Malwarebytes
2010-12-04 14:40 . 2010-12-04 14:40 -------- d-----w- c:\programdata\Malwarebytes
2010-12-04 14:40 . 2010-12-10 11:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-23 19:54 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-14 23:54 . 2010-08-25 10:50 420920 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-10-19 20:51 . 2009-10-03 10:04 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-03 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"Prelaunch OmniPage"="c:\program files\Nuance\OmniPage17\OmniPage17.exe" [2010-01-26 5592352]
"Nuance OmniPage 17-reminder"="c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\users\SHELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca45ea80e8e190;Google Update Service (gupdate1ca45ea80e8e190);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 133104]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AFS;AFS; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-14 420920]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-06 04:18]

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 18:34]

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: pogo.com\game3
TCP: {9EDE12AD-6E7E-4171-9A86-A055CBE5991D} = 24.222.0.94,24.222.0.95
FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\bljpsikf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6b978&v=6.010.006.004&i=26&tp=ab&iy=&ychte=ca&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

AddRemove-EASEUS Partition Master Home Edition_is1 - c:\program files\EASEUS\EASEUS Partition Master 6.5.2 Home Edition\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-18 10:14
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"0\" InstallIS=\"1289332796\" isSubsc=\"0\" authStat_is=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"2\" moduleId1=\"8\" moduleId2=\"0\" relType=\"1\" />"

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4028)
c:\program files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
c:\program files\Hewlett-Packard\HP Share-to-Web\S2WNSRES.DLL
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
.
Completion time: 2010-12-18 10:32:26
ComboFix-quarantined-files.txt 2010-12-18 14:32
ComboFix2.txt 2010-12-15 01:10

Pre-Run: 14,836,469,760 bytes free
Post-Run: 14,811,410,432 bytes free

- - End Of File - - EBDCC780FEFE82CE9E36578537F7E327

 

[Broni]

It looks good

How is computer doing?

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

=======================================================================

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[canam]

OTL logfile created on: 12/20/2010 7:07:42 AM - Run 1
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Users\Jeff\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.31 Gb Total Space | 17.37 Gb Free Space | 12.65% Space Free | Partition Type: NTFS
Drive D: | 11.74 Gb Total Space | 2.01 Gb Free Space | 17.09% Space Free | Partition Type: NTFS

Computer Name: JEFF-PC | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/20 07:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
PRC - [2010/12/08 19:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2010/12/08 15:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/09/08 03:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009/09/08 03:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/03 09:14:27 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/09/15 04:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2002/04/17 09:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 09:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (SafeList) ==========

MOD - [2010/12/20 07:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/08 03:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 14:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jeff\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/11/14 19:54:53 | 000,420,920 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/05/27 22:32:58 | 000,245,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/03/25 06:13:11 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/29 10:54:37 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/04 01:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/11/01 07:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 07:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/11/01 07:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/18 05:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/09 03:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/08/08 20:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/18 21:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/30 19:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/10 11:36:36 | 000,062,794 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2007/02/16 04:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 03:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/10/18 22:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/06/28 14:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc6b978&v=6.010.006.004&i=26&tp=ab&iy=&ychte=ca&lng=en-US&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 12:12:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/13 11:49:01 | 000,000,000 | ---D | M]

[2009/05/29 22:04:49 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mozilla\Extensions
[2010/12/19 12:05:39 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\bljpsikf.default\extensions
[2009/09/02 09:53:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\bljpsikf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/14 19:41:23 | 000,002,059 | ---- | M] () -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\bljpsikf.default\searchplugins\daemon-search.xml
[2010/12/10 07:39:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/05 20:00:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/26 22:49:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/07/02 10:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2010/12/14 20:56:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nuance OmniPage 17-reminder] C:\Program Files\Nuance\OmniPage17\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Prelaunch OmniPage] C:\Program Files\Nuance\OmniPage17\OmniPage17.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O15 - HKCU\..Trusted Domains: pogo.com ([game3] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/04 09:09:42 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.JDCT - C:\Windows\System32\jl_jdct.drv (JEILIN Tech.)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/20 07:06:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
[2010/12/18 10:32:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/12/18 10:32:45 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\temp
[2010/12/18 10:29:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/18 09:48:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/14 20:21:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/14 20:21:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/14 20:21:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/14 20:20:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/13 12:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/12/13 12:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/12/13 12:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/12/13 12:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/12/12 17:31:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2010/12/12 07:12:31 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\eli
[2010/12/12 07:07:19 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\music
[2010/12/11 21:25:25 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\WBFSManager
[2010/12/11 21:23:44 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Documents\WBFS Manager Covers
[2010/12/11 21:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\WBFS
[2010/12/11 12:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/12/11 08:09:38 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\Nero
[2010/12/11 07:45:37 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\hdd
[2010/12/11 07:45:07 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\SEA_DISC
[2010/12/10 22:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/12/10 22:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/12/10 21:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/12/10 10:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/12/10 09:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/12/10 07:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/12/10 07:54:30 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\uTorrent
[2010/12/08 09:30:33 | 000,219,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\dtsoftbus01.sys
[2010/12/08 09:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
[2010/12/08 09:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2010/12/08 09:02:46 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\QuickScan
[2010/12/07 07:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/12/06 23:35:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/06 23:34:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/05 19:33:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/04 10:40:47 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\Malwarebytes
[2010/12/04 10:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/04 10:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/21 09:28:41 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\web
[2010/08/20 21:54:39 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Jeff\AppData\Roaming\pcouffin.sys
[1 C:\Users\Jeff\Documents\*.tmp files -> C:\Users\Jeff\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/20 07:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
[2010/12/20 06:19:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/20 05:53:10 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/20 05:53:10 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/19 22:41:32 | 000,125,800 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/12/19 22:41:32 | 000,125,800 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/12/19 17:51:43 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/12/19 14:19:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/19 11:54:47 | 000,000,437 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/12/19 11:53:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/18 09:44:54 | 000,618,330 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/18 09:44:54 | 000,112,552 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/17 03:24:25 | 002,328,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/14 20:56:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/14 20:14:27 | 209,644,028 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/13 19:20:37 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/12/13 12:06:49 | 000,001,430 | ---- | M] () -- C:\Users\Jeff\Desktop\DivX Movies.lnk
[2010/12/13 12:06:09 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/12/12 17:15:17 | 000,689,664 | ---- | M] () -- C:\Users\Jeff\Desktop\MicrosoftFixit50202.msi
[2010/12/12 14:05:11 | 000,001,057 | ---- | M] () -- C:\Users\Jeff\AppData\Roaming\vso_ts_preview.xml
[2010/12/11 21:23:46 | 000,000,938 | ---- | M] () -- C:\Users\Jeff\Desktop\WBFS Manager 3.0.lnk
[2010/12/10 22:23:21 | 000,002,122 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010/12/10 10:34:57 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/12/10 09:08:24 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/12/10 07:54:57 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/12/10 07:49:02 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/08 17:41:00 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/12/08 09:36:28 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/12/08 09:30:33 | 000,219,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\dtsoftbus01.sys
[2010/12/08 09:30:33 | 000,007,838 | ---- | M] () -- C:\Windows\System32\dtsoftbus01.cat
[2010/12/08 09:30:33 | 000,001,915 | ---- | M] () -- C:\Windows\System32\dtsoftbus01.inf
[2010/12/08 09:19:51 | 000,062,450 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2010/11/30 11:22:20 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/30 11:22:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/23 00:20:31 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/11/20 08:52:29 | 000,000,657 | ---- | M] () -- C:\Users\Public\Desktop\Poker 770.lnk
[1 C:\Users\Jeff\Documents\*.tmp files -> C:\Users\Jeff\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/14 20:21:01 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/14 20:21:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/14 20:21:01 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/14 20:21:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/14 20:21:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/13 12:06:49 | 000,001,430 | ---- | C] () -- C:\Users\Jeff\Desktop\DivX Movies.lnk
[2010/12/13 12:06:09 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/12/13 11:41:13 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/12/12 17:15:15 | 000,689,664 | ---- | C] () -- C:\Users\Jeff\Desktop\MicrosoftFixit50202.msi
[2010/12/11 21:23:46 | 000,000,938 | ---- | C] () -- C:\Users\Jeff\Desktop\WBFS Manager 3.0.lnk
[2010/12/11 19:59:47 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010/12/11 19:59:46 | 002,217,088 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010/12/11 19:59:46 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010/12/11 19:59:46 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010/12/11 19:59:46 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/12/11 12:22:47 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/11 12:22:47 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/12/11 12:22:47 | 000,077,824 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2010/12/10 22:23:21 | 000,002,122 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010/12/10 10:34:57 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/10 09:08:24 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/12/10 07:54:57 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/12/08 09:30:33 | 000,007,838 | ---- | C] () -- C:\Windows\System32\dtsoftbus01.cat
[2010/12/08 09:30:33 | 000,001,915 | ---- | C] () -- C:\Windows\System32\dtsoftbus01.inf
[2010/12/08 09:01:00 | 000,062,450 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010/12/06 23:35:05 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/20 08:52:29 | 000,000,657 | ---- | C] () -- C:\Users\Public\Desktop\Poker 770.lnk
[2010/11/13 09:26:18 | 000,000,391 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/10/28 17:33:54 | 000,000,293 | ---- | C] () -- C:\Windows\hpqcopy.INI
[2010/08/25 06:50:03 | 000,420,920 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/08/20 21:58:53 | 000,001,057 | ---- | C] () -- C:\Users\Jeff\AppData\Roaming\vso_ts_preview.xml
[2010/08/20 21:56:57 | 000,000,034 | ---- | C] () -- C:\Users\Jeff\AppData\Roaming\pcouffin.log
[2010/08/20 21:54:39 | 000,007,887 | ---- | C] () -- C:\Users\Jeff\AppData\Roaming\pcouffin.cat
[2010/08/20 21:54:39 | 000,001,144 | ---- | C] () -- C:\Users\Jeff\AppData\Roaming\pcouffin.inf
[2010/07/22 09:32:38 | 000,000,000 | ---- | C] () -- C:\Windows\PTWebCam.INI
[2010/07/22 09:19:07 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/07/05 19:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009/11/21 03:34:02 | 000,000,484 | ---- | C] () -- C:\Windows\wininit.ini
[2009/09/17 01:40:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/29 13:36:25 | 000,000,576 | ---- | C] () -- C:\ProgramData\afl.log
[2009/07/01 09:37:45 | 000,125,800 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/01 09:37:45 | 000,125,800 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/01 08:54:13 | 000,118,784 | ---- | C] () -- C:\Windows\System32\PTTreeIcons.dll
[2009/05/20 15:56:20 | 000,001,112 | ---- | C] () -- C:\Users\Jeff\AppData\Local\autohandposter.xml
[2008/08/29 11:00:25 | 000,147,456 | ---- | C] () -- C:\Windows\System32\VegaShEx.dll
[2008/08/29 10:59:28 | 000,000,021 | ---- | C] () -- C:\Windows\PMK_setup.ini
[2008/08/29 10:58:33 | 000,000,142 | ---- | C] () -- C:\Windows\Readiris.ini
[2008/08/29 10:58:31 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2008/08/26 08:27:23 | 000,025,602 | ---- | C] () -- C:\Windows\System32\un2ibdb.dll
[2008/08/26 08:27:23 | 000,022,530 | ---- | C] () -- C:\Windows\System32\32kndit.dll
[2008/08/12 11:48:06 | 000,000,000 | ---- | C] () -- C:\Users\Jeff\AppData\Local\FnF4.txt
[2008/08/05 23:57:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/06/08 13:51:17 | 000,000,680 | ---- | C] () -- C:\Users\Jeff\AppData\Local\d3d9caps.dat
[2008/05/05 21:02:44 | 000,009,216 | ---- | C] () -- C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/05 19:01:02 | 000,087,024 | ---- | C] () -- C:\Users\Jeff\AppData\Roaming\nvModes.001
[2008/05/04 15:00:19 | 000,087,024 | ---- | C] () -- C:\Users\Jeff\AppData\Roaming\nvModes.dat
[2008/05/03 07:59:32 | 000,000,000 | ---- | C] () -- C:\Users\Jeff\AppData\Local\QSwitch.txt
[2008/05/03 07:59:32 | 000,000,000 | ---- | C] () -- C:\Users\Jeff\AppData\Local\DSwitch.txt
[2008/05/03 07:59:32 | 000,000,000 | ---- | C] () -- C:\Users\Jeff\AppData\Local\AtStart.txt
[2008/05/03 07:06:11 | 000,000,367 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/03/30 12:31:20 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dec_jl6.dll
[2007/02/22 11:17:50 | 000,000,071 | ---- | C] () -- C:\Windows\pn.ini
[2007/02/22 11:17:50 | 000,000,051 | ---- | C] () -- C:\Windows\pr.ini
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 18:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/05/20 15:30:39 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\acccore
[2009/10/13 18:51:05 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\AM Browser
[2010/11/14 11:47:55 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\CheeseSoft
[2010/11/14 12:54:38 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\DAEMON Tools Lite
[2010/08/25 16:35:16 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\DAEMON Tools Pro
[2010/10/24 11:20:33 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Home Designer Suite 8.0
[2009/01/03 15:40:57 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\iWin
[2008/08/21 11:49:21 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\muvee Technologies
[2010/11/09 17:41:50 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Notepad++
[2010/11/13 09:26:48 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Nuance
[2009/10/28 17:31:06 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Opera
[2009/08/20 20:09:56 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Passware
[2009/06/07 09:21:44 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\PlayFirst
[2010/12/08 09:02:46 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\QuickScan
[2010/06/27 17:16:02 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\TeamViewer
[2010/12/20 07:00:42 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\uTorrent
[2010/12/12 14:05:12 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Vso
[2009/06/10 17:26:24 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Wildlife Zoo
[2008/05/04 19:22:16 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\WildTangent
[2010/11/13 09:27:46 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Zeon
[2010/12/19 11:52:07 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/01 08:54:15 | 000,000,035 | ---- | M] () -- C:\aa.txt
[2007/11/04 09:09:42 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2010/12/09 00:43:06 | 000,003,052 | ---- | M] () -- C:\bdlog.txt
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/12/18 10:32:35 | 000,014,766 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/08/29 10:55:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/08/29 10:55:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/12/19 11:52:56 | 2393,038,848 | -HS- | M] () -- C:\pagefile.sys
[2010/12/16 07:05:36 | 000,060,414 | ---- | M] () -- C:\TDSSKiller.2.4.11.0_16.12.2010_07.04.21_log.txt
[2008/11/23 16:00:49 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/29 19:00:44 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/19 03:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/09/07 02:41:00 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/07/01 09:45:17 | 000,000,286 | -HS- | M] () -- C:\Users\Jeff\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/12/20 07:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/05/03 07:58:56 | 000,000,402 | -HS- | M] () -- C:\Users\Jeff\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/07/29 13:36:55 | 000,000,576 | ---- | M] () -- C:\ProgramData\afl.log
[2010/12/08 09:19:51 | 000,062,450 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2008/05/03 07:07:14 | 000,000,367 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2008/08/05 23:57:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini
[2010/12/10 10:34:57 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/12/19 22:41:32 | 000,125,800 | ---- | M] () -- C:\ProgramData\nvModes.001

 

[canam]

OTL Extras logfile created on: 12/20/2010 7:07:42 AM - Run 1
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Users\Jeff\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.31 Gb Total Space | 17.37 Gb Free Space | 12.65% Space Free | Partition Type: NTFS
Drive D: | 11.74 Gb Total Space | 2.01 Gb Free Space | 17.09% Space Free | Partition Type: NTFS

Computer Name: JEFF-PC | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F28CFE-397D-47E6-8FAB-4BA0AE156F74}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{215EFFB2-3CFA-4C7C-A272-78A88330147E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2537F476-8C19-4958-A83D-5CBF022FB2AD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2B207403-0F50-41F7-819B-7CF3E37FE16D}" = rport=445 | protocol=6 | dir=out | app=system |
"{2B64F7F2-9682-4F06-9285-BFB05E06BBC7}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{2C953002-F8CE-4E98-BABC-D4F93D737FB5}" = lport=137 | protocol=17 | dir=in | app=system |
"{4BAB754D-E9EB-4EB1-80A4-B00F1B527E11}" = lport=445 | protocol=6 | dir=in | app=system |
"{4C50BC56-CCC0-4647-9BF7-6E3071244462}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8281F96D-70D5-4CEC-A538-FF74B006FFEC}" = rport=2869 | protocol=6 | dir=out | app=system |
"{876778A4-8EF0-4F69-B5E8-AE175E801142}" = rport=139 | protocol=6 | dir=out | app=system |
"{8B2E7F08-C28F-45CC-9DB5-8DDFE17CF281}" = rport=138 | protocol=17 | dir=out | app=system |
"{A4C13B4F-3D9D-4197-A8C7-E359D217949A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A79C9EC7-6F92-4CA3-801E-9977E1F579EA}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A95D99A0-E6D0-4BB5-A788-27B877B7F022}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AA4B79BE-EEF9-4FE5-A264-BEAB321CAE35}" = lport=15521 | protocol=6 | dir=in | name=bit |
"{B30176D8-AC0E-4AFF-9322-00B77C41D79F}" = rport=137 | protocol=17 | dir=out | app=system |
"{C53D16EB-91AA-4041-9F5B-81885150AA11}" = lport=48280 | protocol=6 | dir=in | name=bt |
"{CBC59855-9931-4CB5-A77C-39A094FF9467}" = lport=139 | protocol=6 | dir=in | app=system |
"{DD02B778-DD61-4A9D-BFA8-7164FA670C43}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E322BEE7-6622-4892-8B52-06EDE7F30362}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F8072254-D116-458A-85CA-5B92B0ECC58B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FF584733-4972-4AC0-9D95-350B99620BDB}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ADA5953-51A9-4C66-BFBE-96F2014F19C7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{10991564-3DB0-4C92-9BC1-C643C6720110}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{23EB3066-98EB-4480-808F-95C947B03857}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{26B16EFB-C97F-4E98-B1C4-679FB61DB2A1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{35126E00-6F0E-4A6B-A215-582B48C615E4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{38480E5F-0C34-4C74-A1D0-5AB45A8D1063}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40CE8CC0-FFAC-47D7-AE13-7D965DF405E8}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{5117AB97-2ABD-42A3-897E-AED5D13ADB7D}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{591F1AE4-2A84-45CF-99AA-D27EAC0F183A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{740B1D4D-2480-41DD-93D5-CF4B43EEBC97}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{9C8F60A2-70E3-4072-8414-3E0ED01F8ABE}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{9F118CEF-E90F-486F-A15D-2B6EF9B76822}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AA17A70B-303D-49D4-9DE2-8102CA6FB948}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{B0C8F3DD-7159-4214-96FE-928312A8BD7E}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{BB3B11C7-D341-4BDA-B17D-9D8545C540DF}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BFE4293A-29E3-4443-A0B2-6CC457693363}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{C5242670-38B6-45A2-B48A-68F8BAAF499D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C6721515-62E5-44D7-940B-6F9C5A93B9F1}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C7A37852-B64D-4282-B7BE-950849339362}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{CCF0AA8A-1CBE-402E-9330-6019719CC44A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D7A37AA5-5D25-4E2B-BDAA-6337F3DFB345}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D925B26B-E3B4-416C-AEFA-BBD8E28EC0D1}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{DBF76BFC-BD5C-4B67-A166-D4F41DA6D412}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE9156E7-467F-4733-94A6-5EB4CA60CC06}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{E157CC2D-4495-4A1E-88E9-B1AB420B1909}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E3499878-E43F-413C-9BB1-C198CD9C6A7A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E8D5FD2C-6D9A-4570-9064-22E3C83AD063}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{EA3315DE-7B5D-4C84-942C-FD3B943326BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{9F9CBFF5-9741-470A-9F07-B8ED115AD4B2}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{DFD7EE7C-2885-4F65-A19E-CFF095FC1FE9}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1D21ED4F-3C5E-45C3-9795-8C8CB2AB31DC}" = VantagePoint
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{2E190C8E-682A-409D-9329-539E24C9D1C1}" = Opera 10.63
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 D2
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E270C95-8327-4C2F-A8E1-902CC2604A20}" = HP Photo and Imaging 2.3 - Scanjet 4600 Series
"{3EB3B7E8-1466-405A-B5BC-44513AF85E34}_is1" = UltimateBet
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4304BE34-6DDA-46CC-ADAB-77990DC77ED5}" = Magellan RoadMate Tools
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{71A271BC-9147-4074-B8FA-C222E6C5084D}" = ArcSoft Panorama Maker 3
"{74B68E74-908B-48C4-8562-580CF2741BBA}" = Nuance OmniPage 17
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{900792CC-3203-356C-EC2D-C3E558991ACE}" = Home Designer Suite 8
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9B93C2B3-D9E8-11D6-AB3E-000102B0F79A}" = Readiris Pro 8
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.12.327
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E6D3A461-8DDE-45C9-8C34-A33436FCC0B4}" = HP User Guides 0091
"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCF2A735-3324-4D97-ADAD-4FF865CC05EB}_is1" = Final Uninstaller
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIMars" = Kids Cam Show and Share Creativity Center
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX Setup
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GameHouse" = GameHouse
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HoldemManager" = Holdem Manager
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1D21ED4F-3C5E-45C3-9795-8C8CB2AB31DC}" = VantagePoint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Neonatal Resuscitation DVD-ROM" = Neonatal Resuscitation DVD-ROM
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"WBFS Manager 3.0" = WBFS Manager 3.0
"Web Games Player Plugin" = Web Games Player Plugin
"WildTangent hp Master Uninstall" = HP Games
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >