Inactive New here, need help with rootkit thing

stoot64 · Feb 13, 2011

Hi.

Call me Al.

Just did the eight steps, these are my logs.

Please help!

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-02-14 01:03:55
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500420AS rev.0006HPM1
Running: x98pbiv8.exe; Driver: C:\Users\A6DF6~1.CAV\AppData\Local\Temp\uxrdrpob.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 02: copy of MBR

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86F99458

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] fsyjzzan <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5751

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14/02/2011 1:13:39 AM
mbam-log-2011-02-14 (01-13-39).txt

Scan type: Quick scan
Objects scanned: 187505
Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\windows\system32\drivers\fsyjzzan.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully.

DDS (Ver_10-12-12.02) - NTFSx86
Run by a.caveney at 1:18:05.13 on Mon 14/02/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3580.2720 [GMT 11:00]

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Users\a.caveney\AppData\Local\vghd\bin\vghd.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
C:\Users\a.caveney\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\sppsvc.exe
"C:\Windows\System32\svchost.exe"
"C:\Windows\System32\svchost.exe"
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\a.caveney\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=15442&l=dis
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /Background
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"
dRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
StartupFolder: c:\users\a6df6~1.cav\appdata\roaming\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\users\a.caveney\appdata\local\vghd\bin\vghd.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\a6df6~1.cav\appdata\roaming\mozilla\firefox\profiles\swy5a2zf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d21a506&v=6.011.025.001&i=26&tp=ab&iy=&ychte=au&lng=en-US&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\a.caveney\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: XULRunner: {0D3354DB-5D86-45F4-9D83-381040B0C0B2} - c:\windows\system32\config\systemprofile\appdata\local\{0D3354DB-5D86-45F4-9D83-381040B0C0B2}
FF - Ext: XULRunner: {48B0D77B-DCA1-4D95-8936-9CFC93B6CA58} - c:\users\a.caveney\appdata\local\{48B0D77B-DCA1-4D95-8936-9CFC93B6CA58}

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe [2010-1-16 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-5 176128]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-10-31 228408]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-16 167936]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-1-16 28344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-9 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-5-6 198656]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-2-8 155344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-25 1343400]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]

=============== Created Last 30 ================

2011-02-13 13:24:02 -------- d-----w- C:\TDSSKiller_Quarantine
2011-02-12 03:48:12 114688 ----a-w- c:\program files\mozilla firefox\plugins\np32dsw.dll
2011-02-12 02:52:27 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-02-11 22:58:29 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlcB858.tmp
2011-02-09 22:50:51 7 ----a-w- c:\windows\treeskp.sys
2011-02-09 22:50:51 7 ----a-w- c:\windows\sbacknt.bin
2011-02-09 22:50:35 -------- d-----w- c:\users\a6df6~1.cav\appdata\local\vghd
2011-02-08 06:33:45 -------- d-----w- c:\program files\Sony Ericsson
2011-02-08 06:33:45 -------- d-----w- c:\progra~2\Sony Ericsson
2011-01-31 16:36:29 -------- d-----w- c:\users\a6df6~1.cav\appdata\roaming\thriXXX
2011-01-31 16:36:29 -------- d-----w- c:\program files\thriXXX
2011-01-30 03:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-01-30 03:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-01-19 10:56:43 -------- d-----w- c:\program files\common files\Steam
2011-01-19 10:56:42 -------- d-----w- c:\program files\Steam
2011-01-17 10:31:53 -------- d-----w- C:\vikings
2011-01-17 10:24:37 -------- d-----w- C:\harry
2011-01-17 10:24:37 -------- d-----w- C:\Alien Carnage - Halloween Harry
2011-01-17 10:21:39 -------- d-----w- C:\Dalek
2011-01-17 09:56:15 -------- d-----w- c:\program files\DOSBox-0.74

==================== Find3M ====================

============= FINISH: 1:19:03.08 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 19/02/2010 4:15:08 PM
System Uptime: 14/02/2011 1:14:43 AM (0 hours ago)

Motherboard: Hewlett-Packard | | 3652
Processor: AMD Athlon(tm) II Dual-Core M340 | Socket S1G3 | 1496/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 453 GiB total, 186.955 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.991 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.
F: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2007 Microsoft Office system
7-Zip 4.60 beta
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color Video Profiles AE CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 7.0
Adobe Reader 9.4.2 MUI
Adobe Setup
Adobe Shockwave Player
Adobe Shockwave Player 11
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
ATI Catalyst Install Manager
Belarc Advisor 8.1
BitTorrent
Bonjour
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP270 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Carmageddon 2
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDirector
CyberLink PowerDVD 8
CyberLink YouCam
EAX Unified
Fable - The Lost Chapters
Facebook Plug-In
Google Update Helper
Guitar Pro 6 (6.0.7 b2 r8924)
HP Customer Experience Enhancements
HP Games
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides 0148
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
InterActual Player
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
LabelPrint
LAME v3.98.2 for Audacity
LightScribe System Software
LSI HDA Modem
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSVCRT
MSXML4 Parser
Norton Internet Security
OGA Notifier 2.0.0048.0
Oracle VM VirtualBox 3.2.8
Photoshop Camera Raw
Pixel Bender Toolkit
Power2Go
QLBCASL
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Recovery Manager
SAMSUNG Intelli-studio
Scrabble PLUS
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
SmartSound Quicktracks Plugin
SoftStylus
Sony Ericsson PC Companion 2.01.110
Sony Ericsson Update Engine
Sony USB Driver
StarCraft
Steam
Steinberg Cubase LE
Suite Shared Configuration CS4
Synaptics Pointing Device Driver
The Godfather™ II
thriXXX WebLaunch
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Outlook 2007 Junk Email Filter (kb983486)
Virgin Mobile
VirtuaGirl version 1.0.5.1
VLC media player 1.1.2
Warcraft III
Warcraft III: All Products
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
WinZip 14.0
Worms Reloaded
zeckensack's Glide wrapper (remove only)

==== Event Viewer Messages From Past Week ========

14/02/2011 12:29:35 AM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
14/02/2011 12:04:31 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
14/02/2011 1:15:04 AM, Error: Service Control Manager [7000] - The Agere Modem Call Progress Audio service failed to start due to the following error: The system cannot find the file specified.
14/02/2011 1:14:54 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
13/02/2011 9:12:18 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
12/02/2011 2:11:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
11/02/2011 11:57:39 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

Broni · Feb 13, 2011

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================================================

I don't see any AV program running.
Please, install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
Update, run full scan.
Report on any findings.

When done....

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

stoot64 · Feb 14, 2011

I've installed Avira and run a check, and run the other two programs you asked.

Here are the logs.

Avira AntiVir Personal
Report file date: Monday, 14 February 2011 15:20

Scanning for 2397630 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : a.caveney
Computer name : ACAVENEY

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 14/01/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 10/01/2011 03:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 1/04/2010 01:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 10/01/2011 03:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 12:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 22:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 03:23:50
VBASE002.VDF : 7.11.3.0 1950720 Bytes 9/02/2011 04:17:37
VBASE003.VDF : 7.11.3.1 2048 Bytes 9/02/2011 04:17:37
VBASE004.VDF : 7.11.3.2 2048 Bytes 9/02/2011 04:17:38
VBASE005.VDF : 7.11.3.3 2048 Bytes 9/02/2011 04:17:38
VBASE006.VDF : 7.11.3.4 2048 Bytes 9/02/2011 04:17:38
VBASE007.VDF : 7.11.3.5 2048 Bytes 9/02/2011 04:17:39
VBASE008.VDF : 7.11.3.6 2048 Bytes 9/02/2011 04:17:39
VBASE009.VDF : 7.11.3.7 2048 Bytes 9/02/2011 04:17:40
VBASE010.VDF : 7.11.3.8 2048 Bytes 9/02/2011 04:17:40
VBASE011.VDF : 7.11.3.9 2048 Bytes 9/02/2011 04:17:40
VBASE012.VDF : 7.11.3.10 2048 Bytes 9/02/2011 04:17:41
VBASE013.VDF : 7.11.3.11 2048 Bytes 9/02/2011 04:17:41
VBASE014.VDF : 7.11.3.12 2048 Bytes 9/02/2011 04:17:41
VBASE015.VDF : 7.11.3.13 2048 Bytes 9/02/2011 04:17:42
VBASE016.VDF : 7.11.3.14 2048 Bytes 9/02/2011 04:17:42
VBASE017.VDF : 7.11.3.15 2048 Bytes 9/02/2011 04:17:43
VBASE018.VDF : 7.11.3.16 2048 Bytes 9/02/2011 04:17:43
VBASE019.VDF : 7.11.3.17 2048 Bytes 9/02/2011 04:17:43
VBASE020.VDF : 7.11.3.18 2048 Bytes 9/02/2011 04:17:44
VBASE021.VDF : 7.11.3.19 2048 Bytes 9/02/2011 04:17:44
VBASE022.VDF : 7.11.3.20 2048 Bytes 9/02/2011 04:17:45
VBASE023.VDF : 7.11.3.21 2048 Bytes 9/02/2011 04:17:45
VBASE024.VDF : 7.11.3.22 2048 Bytes 9/02/2011 04:17:45
VBASE025.VDF : 7.11.3.23 2048 Bytes 9/02/2011 04:17:46
VBASE026.VDF : 7.11.3.24 2048 Bytes 9/02/2011 04:17:46
VBASE027.VDF : 7.11.3.25 2048 Bytes 9/02/2011 04:17:47
VBASE028.VDF : 7.11.3.26 2048 Bytes 9/02/2011 04:17:47
VBASE029.VDF : 7.11.3.27 2048 Bytes 9/02/2011 04:17:47
VBASE030.VDF : 7.11.3.28 2048 Bytes 9/02/2011 04:17:48
VBASE031.VDF : 7.11.3.53 128000 Bytes 13/02/2011 04:17:53
Engineversion : 8.2.4.166
AEVDF.DLL : 8.1.2.1 106868 Bytes 10/01/2011 03:23:26
AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 14/02/2011 04:20:17
AESCN.DLL : 8.1.7.2 127349 Bytes 10/01/2011 03:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 10/01/2011 03:23:26
AERDL.DLL : 8.1.9.2 635252 Bytes 10/01/2011 03:23:25
AEPACK.DLL : 8.2.4.9 512374 Bytes 14/02/2011 04:20:01
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 14/02/2011 04:19:45
AEHEUR.DLL : 8.1.2.76 3273078 Bytes 14/02/2011 04:19:39
AEHELP.DLL : 8.1.16.1 246134 Bytes 14/02/2011 04:18:22
AEGEN.DLL : 8.1.5.2 397683 Bytes 14/02/2011 04:18:17
AEEMU.DLL : 8.1.3.0 393589 Bytes 10/01/2011 03:23:18
AECORE.DLL : 8.1.19.2 196983 Bytes 14/02/2011 04:18:07
AEBB.DLL : 8.1.1.0 53618 Bytes 10/01/2011 03:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10/01/2011 03:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 10/01/2011 03:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 03:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 10/01/2011 03:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10/01/2011 03:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 10/01/2011 03:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10/01/2011 03:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 03:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10/01/2011 03:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 03:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 02:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 10/01/2011 03:23:52

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, 14 February 2011 15:20

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'conhost.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en(3).exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'taskhost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hphc_service.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'Com4QLBEx.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'VirtuaGirl_Downloader.exe' - '1' Module(s) have been scanned
Scan process 'PCCompanionInfo.exe' - '1' Module(s) have been scanned
Scan process 'vghd.exe' - '1' Module(s) have been scanned
Scan process 'PCCompanion.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '1' Module(s) have been scanned
Scan process 'hpwuschd2.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'QLBCtrl.exe' - '1' Module(s) have been scanned
Scan process 'sttray.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'taskhost.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'Dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'IJPLMSVC.EXE' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'aestsrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'atieclxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'STacSV.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'atiesrxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '542' files ).

End of the scan: Monday, 14 February 2011 15:21
Used time: 00:24 Minute(s)

The scan has been done completely.

0 Scanned directories
1045 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1045 Files not concerned
3 Archives were scanned
0 Warnings
0 Notes

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Presario CQ61 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 206):
0x82C05000 \SystemRoot\system32\ntkrnlpa.exe
0x83015000 \SystemRoot\system32\halmacpi.dll
0x80BB2000 \SystemRoot\system32\kdcom.dll
0x83218000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x83223000 \SystemRoot\system32\PSHED.dll
0x83234000 \SystemRoot\system32\BOOTVID.dll
0x8323C000 \SystemRoot\system32\CLFS.SYS
0x8327E000 \SystemRoot\system32\CI.dll
0x83329000 \SystemRoot\System32\drivers\dyhiykgq.sys
0x83337000 \SystemRoot\system32\drivers\Wdf01000.sys
0x833A8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x833B6000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x83200000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x83209000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8CC36000 \SystemRoot\system32\DRIVERS\pci.sys
0x8CC60000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8CC6B000 \SystemRoot\System32\Drivers\fsyjzzan.sys
0x8CD2D000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x8CD3C000 \SystemRoot\system32\DRIVERS\mpio.sys
0x8CD60000 \SystemRoot\System32\drivers\partmgr.sys
0x8CD71000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8CD79000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8CD84000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8CD94000 \SystemRoot\System32\drivers\volmgrx.sys
0x8CDDF000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8CDE6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8CDF4000 \SystemRoot\system32\DRIVERS\aliide.sys
0x8CC00000 \SystemRoot\system32\DRIVERS\amdide.sys
0x8CC07000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x8CC0F000 \SystemRoot\System32\drivers\mountmgr.sys
0x8CE3B000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x8CE5B000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x8CE7A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8CE9F000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8CEA6000 \SystemRoot\system32\DRIVERS\viaide.sys
0x8CEAE000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x8CF89000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8CF92000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8CFB5000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x8D009000 \SystemRoot\system32\DRIVERS\storport.sys
0x8D050000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8D05A000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x8D06D000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x8D0D7000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x8D123000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x8D149000 \SystemRoot\system32\DRIVERS\djsvs.sys
0x8D15D000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8D183000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x8D19A000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x8D1D7000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8D1E0000 \SystemRoot\system32\DRIVERS\arc.sys
0x8CFCD000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x8D238000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x8D2AB000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x8D2BB000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x8D2D5000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x8D2E5000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x8D2FF000 \SystemRoot\system32\DRIVERS\megasas.sys
0x8D30A000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x8D39C000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x8D3AA000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x8D402000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x8D581000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x8D5D6000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x8D5E3000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x8D3CF000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x8D200000 \SystemRoot\system32\drivers\fltmgr.sys
0x8CFE5000 \SystemRoot\system32\drivers\fileinfo.sys
0x8D626000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8D755000 \SystemRoot\System32\Drivers\msrpc.sys
0x8D780000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8D793000 \SystemRoot\System32\Drivers\cng.sys
0x8D7F0000 \SystemRoot\System32\drivers\pcw.sys
0x8D600000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8D81A000 \SystemRoot\system32\drivers\ndis.sys
0x8D8D1000 \SystemRoot\system32\drivers\NETIO.SYS
0x8D90F000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8DA29000 \SystemRoot\System32\drivers\tcpip.sys
0x8DB72000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8DBA3000 \SystemRoot\system32\DRIVERS\wd.sys
0x8DBAB000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8DBEA000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x8DBF3000 \SystemRoot\System32\Drivers\spldr.sys
0x8DA00000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x8D934000 \SystemRoot\System32\drivers\rdyboost.sys
0x8DA18000 \SystemRoot\System32\Drivers\mup.sys
0x8D961000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8D969000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8D99B000 \SystemRoot\system32\DRIVERS\disk.sys
0x8D9AC000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8CE00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D9E7000 \SystemRoot\System32\Drivers\Null.SYS
0x8D9EE000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D800000 \SystemRoot\System32\drivers\vga.sys
0x92C3D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x92C5E000 \SystemRoot\System32\drivers\watchdog.sys
0x92C6B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x92C73000 \SystemRoot\system32\drivers\rdpencdd.sys
0x92C7B000 \SystemRoot\system32\drivers\rdprefmp.sys
0x92C83000 \SystemRoot\System32\Drivers\Msfs.SYS
0x92C8E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x92C9C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x92CB3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x92CBE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x92CF0000 \SystemRoot\system32\drivers\afd.sys
0x92D4A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x92D51000 \SystemRoot\system32\DRIVERS\pacer.sys
0x92D70000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x92D81000 \SystemRoot\system32\DRIVERS\netbios.sys
0x92D8F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92DA2000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
0x92DAB000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
0x92DCD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x92E1A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92E5B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92E65000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x92E6F000 \SystemRoot\System32\drivers\discache.sys
0x92E7B000 \SystemRoot\System32\Drivers\dfsc.sys
0x92E93000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x92EA1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x92EC2000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x9323E000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x92ED3000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x93753000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9378C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x93000000 \SystemRoot\system32\DRIVERS\athr.sys
0x93123000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x9312D000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x93159000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x93163000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x931AE000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x931B4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x931B6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x931C5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x931DD000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x931E6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x937AB000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x931F3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x937E6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x937EA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x937F3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x93200000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x93212000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9322A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x92F8A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x92FAC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x92FC4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x92FDB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x92E00000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
0x93235000 \SystemRoot\system32\DRIVERS\swenum.sys
0x92C00000 \SystemRoot\system32\DRIVERS\ks.sys
0x92FF2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x93C09000 \SystemRoot\System32\Drivers\fastfat.SYS
0x93C33000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x93C77000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x93C88000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x93CA5000 \SystemRoot\system32\drivers\portcls.sys
0x93CD4000 \SystemRoot\system32\drivers\drmk.sys
0x93CED000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x95A12000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x95B2E000 \SystemRoot\system32\drivers\modem.sys
0x95B3B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x95B46000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x95B59000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x82150000 \SystemRoot\System32\win32k.sys
0x95B60000 \SystemRoot\System32\drivers\Dxapi.sys
0x95B6A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x95B80000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x95B8B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x95BA2000 \SystemRoot\System32\Drivers\usbvideo.sys
0x95BC6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x95BD3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x95BDE000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x95BE8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x95A00000 \SystemRoot\system32\DRIVERS\monitor.sys
0x823B0000 \SystemRoot\System32\TSDDD.dll
0x823E0000 \SystemRoot\System32\cdd.dll
0x82000000 \SystemRoot\System32\ATMFD.DLL
0x93D55000 \SystemRoot\system32\drivers\luafv.sys
0x93D70000 \SystemRoot\system32\drivers\WudfPf.sys
0x93D8A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x93D9A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x93DE0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x92DDD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9BA36000 \SystemRoot\system32\drivers\HTTP.sys
0x9BABB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9BAD4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9BAE6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9BB09000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9BB44000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9BB5F000 \SystemRoot\system32\drivers\peauth.sys
0x9BBF6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9BA00000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9BA21000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9D219000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D268000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D2B9000 \SystemRoot\system32\drivers\tdtcp.sys
0x9D2C3000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x9D2D0000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x9D36B000 \??\C:\Users\A6DF6~1.CAV\AppData\Local\Temp\mbr.sys
0x9D301000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x9D327000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x76F70000 \Windows\System32\ntdll.dll
0x47750000 \Windows\System32\smss.exe
0x771B0000 \Windows\System32\apisetschema.dll
0x00CA0000 \Windows\System32\autochk.exe

Processes (total 69):
0 System Idle Process
4 System
240 C:\Windows\System32\smss.exe
344 csrss.exe
420 C:\Windows\System32\wininit.exe
432 csrss.exe
476 C:\Windows\System32\services.exe
492 C:\Windows\System32\lsass.exe
500 C:\Windows\System32\lsm.exe
600 C:\Windows\System32\svchost.exe
676 C:\Windows\System32\winlogon.exe
724 C:\Windows\System32\svchost.exe
760 C:\Windows\System32\atiesrxx.exe
868 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe
1272 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\atieclxx.exe
1384 C:\Windows\System32\svchost.exe
1536 C:\Windows\System32\svchost.exe
1608 C:\Windows\System32\spoolsv.exe
1724 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe
1756 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1780 C:\Program Files\Bonjour\mDNSResponder.exe
1832 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
1864 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1904 C:\Program Files\CyberLink\Shared files\RichVideo.exe
1924 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1976 C:\Windows\System32\svchost.exe
2004 C:\Windows\System32\svchost.exe
2244 C:\Windows\System32\svchost.exe
2584 C:\Windows\System32\dwm.exe
2640 C:\Windows\explorer.exe
2680 C:\Windows\System32\taskhost.exe
2944 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2960 C:\Program Files\IDT\WDM\sttray.exe
2980 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
3004 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3012 C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
3024 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3164 WmiPrvSE.exe
3180 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
3276 C:\Users\a.caveney\AppData\Local\vghd\bin\vghd.exe
3320 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
3404 C:\Users\a.caveney\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe
3460 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
3596 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
3636 C:\Windows\System32\SearchIndexer.exe
3932 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4008 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2820 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
148 C:\Windows\System32\svchost.exe
3528 C:\Windows\System32\svchost.exe
308 C:\Windows\System32\wuauclt.exe
2792 C:\Windows\System32\svchost.exe
3148 C:\Windows\System32\taskhost.exe
3096 C:\Program Files\Mozilla Firefox\firefox.exe
3512 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2464 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2480 C:\Windows\System32\conhost.exe
984 C:\Program Files\Avira\AntiVir Desktop\sched.exe
808 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2432 C:\Program Files\Mozilla Firefox\plugin-container.exe
2076 C:\Windows\System32\SearchProtocolHost.exe
1088 C:\Windows\System32\dllhost.exe
2052 C:\Windows\System32\SearchFilterHost.exe
3928 C:\Users\a.caveney\Desktop\MBRCheck.exe
1328 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`6bd00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000074`6a400000 (FAT32)

PhysicalDrive0 Model Number: ST9500420AS, Rev: 0006HPM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 7075410786CD262C1DA407F0E53E4BA89C80D2E7

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

ComboFix 11-02-13.01 - a.caveney 14/02/2011 15:27:57.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3580.2694 [GMT 11:00]
Running from: c:\users\a.caveney\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\a.caveney\AppData\Local\{48B0D77B-DCA1-4D95-8936-9CFC93B6CA58}
c:\users\a.caveney\AppData\Local\{48B0D77B-DCA1-4D95-8936-9CFC93B6CA58}\chrome.manifest
c:\users\a.caveney\AppData\Local\{48B0D77B-DCA1-4D95-8936-9CFC93B6CA58}\chrome\content\_cfg.js
c:\users\a.caveney\AppData\Local\{48B0D77B-DCA1-4D95-8936-9CFC93B6CA58}\chrome\content\overlay.xul
c:\users\a.caveney\AppData\Local\{48B0D77B-DCA1-4D95-8936-9CFC93B6CA58}\install.rdf
c:\users\a.caveney\AppData\Roaming\completescan
c:\users\a.caveney\AppData\Roaming\install
c:\windows\system32\service
c:\windows\system32\service\11062010_TIS17_SfFniAU.log

.
((((((((((((((((((((((((( Files Created from 2011-01-14 to 2011-02-14 )))))))))))))))))))))))))))))))
.

2011-02-14 04:40 . 2011-02-14 04:41 -------- d-----w- c:\users\a.caveney\AppData\Local\temp
2011-02-14 04:40 . 2011-02-14 04:40 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-02-14 04:40 . 2011-02-14 04:40 -------- d-----w- c:\users\Mcx1-ACAVENEY\AppData\Local\temp
2011-02-14 04:40 . 2011-02-14 04:40 -------- d-----w- c:\users\Jukebox\AppData\Local\temp
2011-02-14 04:40 . 2011-02-14 04:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-14 04:40 . 2011-02-14 04:40 -------- d-----w- c:\users\A6DF6~1~CAV\AppData\Local\temp
2011-02-14 04:13 . 2011-02-14 04:13 -------- d-----w- c:\programdata\Avira
2011-02-14 04:13 . 2011-02-14 04:13 -------- d-----w- c:\program files\Avira
2011-02-14 04:13 . 2011-01-10 03:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-14 04:13 . 2011-01-10 03:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-13 13:24 . 2011-02-13 13:24 -------- d-----w- C:\TDSSKiller_Quarantine
2011-02-12 03:48 . 2008-08-06 05:22 114688 ----a-w- c:\program files\Mozilla Firefox\plugins\np32dsw.dll
2011-02-12 03:45 . 2011-02-12 03:45 -------- d-----w- c:\programdata\FLEXnet
2011-02-12 02:58 . 2011-02-12 02:58 -------- d-----w- c:\program files\Adobe Media Player
2011-02-12 02:52 . 2011-02-12 02:52 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-02-12 02:45 . 2011-02-12 02:45 -------- d-----w- c:\program files\7-Zip
2011-02-11 22:58 . 2011-02-11 22:58 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcB858.tmp
2011-02-09 22:50 . 2011-02-13 14:15 7 ----a-w- c:\windows\treeskp.sys
2011-02-09 22:50 . 2011-02-13 14:15 7 ----a-w- c:\windows\sbacknt.bin
2011-02-09 22:50 . 2011-02-09 22:50 -------- d-----w- c:\users\a.caveney\AppData\Local\vghd
2011-02-08 06:33 . 2011-02-08 06:47 -------- d-----w- c:\programdata\Sony Ericsson
2011-02-08 06:33 . 2011-02-08 06:47 -------- d-----w- c:\program files\Sony Ericsson
2011-01-31 16:36 . 2011-01-31 16:38 -------- d-----w- c:\program files\thriXXX
2011-01-31 16:36 . 2011-01-31 16:36 -------- d-----w- c:\users\a.caveney\AppData\Roaming\thriXXX
2011-01-30 03:57 . 2011-01-30 03:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 03:57 . 2011-01-30 03:57 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-01-19 10:56 . 2011-01-19 10:56 -------- d-----w- c:\program files\Common Files\Steam
2011-01-19 10:56 . 2011-01-20 21:49 -------- d-----w- c:\program files\Steam
2011-01-17 10:31 . 2011-01-17 10:31 -------- d-----w- C:\vikings
2011-01-17 10:24 . 2011-01-17 10:26 -------- d-----w- C:\harry
2011-01-17 10:24 . 2011-01-17 10:24 -------- d-----w- C:\Alien Carnage - Halloween Harry
2011-01-17 10:21 . 2011-01-17 10:22 -------- d-----w- C:\Dalek
2011-01-17 09:56 . 2011-01-18 23:57 -------- d-----w- c:\program files\DOSBox-0.74

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-14 08:40 . 2009-07-13 23:12 710720 ----a-w- c:\windows\system32\drivers\ndis.sys
2011-01-17 10:18 . 2011-01-17 10:16 1020517 ----a-w- C:\Dalek Attack.zip
2011-01-17 10:16 . 2011-01-17 10:10 2949558 ----a-w- C:\Alien Carnage - Halloween Harry.zip
2011-01-17 10:14 . 2011-01-17 10:11 1624021 ----a-w- C:\Bio Menace.zip
2011-01-17 09:56 . 2011-01-17 09:52 1812912 ----a-w- C:\spear-of-destiny.zip
2011-01-17 09:56 . 2011-01-17 09:53 212870 ----a-w- C:\tyrian-2000.zip
2011-01-17 09:54 . 2011-01-17 09:53 517299 ----a-w- C:\the-incredible-machine.zip
2011-01-17 09:51 . 2011-01-17 09:47 1248617 ----a-w- C:\lost-vikings.zip
2011-01-17 09:50 . 2011-01-17 09:48 1003683 ----a-w- C:\gods.zip
2010-12-20 07:33 . 2010-04-14 04:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-12-20 07:09 . 2010-11-05 01:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 07:08 . 2010-11-05 01:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 08:36 . 2010-03-29 22:52 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-12-15 08:36 . 2010-04-14 04:44 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-01-05 424448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-22 458844]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

c:\users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DesktopVideoPlayer.lnk - c:\users\a.caveney\AppData\Local\vghd\bin\vghd.exe [2011-2-10 696320]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-4-28 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Users^a.caveney^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Gangsters2Setup.lnk]
path=c:\users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gangsters2Setup.lnk
backup=c:\windows\pss\Gangsters2Setup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-03-24 02:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-07-23 18:04 498744 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 135664]
R3 adxapie;adxapie;c:\users\A6DF6~1.CAV\AppData\Local\Temp\adxapie.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-03 17408]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-21 198656]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-08-05 143184]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-08-05 41936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 28344]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-08-05 100496]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*Deregistered* - fsyjzzan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 12:56]

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 12:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15442&l=dis
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\a.caveney\AppData\Roaming\Mozilla\Firefox\Profiles\swy5a2zf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d21a506&v=6.011.025.001&i=26&tp=ab&iy=&ychte=au&lng=en-US&q=
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: XULRunner: {0D3354DB-5D86-45F4-9D83-381040B0C0B2} - c:\windows\system32\config\systemprofile\AppData\Local\{0D3354DB-5D86-45F4-9D83-381040B0C0B2}
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSConfigStartUp-HPADVISOR - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fsyjzzan]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3017484975-2806290812-2973588613-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:18,68,64,7e,29,33,15,da,cd,6b,92,24,a9,e3,82,c6,49,1d,9f,ab,09,
58,94,b4,64,c0,f6,10,a4,fe,0e,96,d2,fa,9f,6b,f8,11,d6,c8,a8,66,57,ed,70,1a,\
"rkeysecu"=hex:8e,16,85,50,16,01,79,9a,0c,ea,a2,b1,52,b6,a5,b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-14 15:55:38
ComboFix-quarantined-files.txt 2011-02-14 04:55

Pre-Run: 200,051,146,752 bytes free
Post-Run: 200,002,109,440 bytes free

- - End Of File - - 9B04DCCCA9B6869875329B2E184C6410

Broni · Feb 14, 2011

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\treeskp.sys
c:\windows\sbacknt.bin
c:\users\A6DF6~1.CAV\AppData\Local\Temp\adxapie.sys


Folder::
c:\users\a.caveney\AppData\Local\vghd


Driver::
adxapie

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fsyjzzan]

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

stoot64 · Feb 14, 2011

Do I disable the AV software again?

Broni · Feb 14, 2011

Yes..............

stoot64 · Feb 14, 2011

My bad, I didn't see point four.

stoot64 · Feb 14, 2011

I did what you said and it rebooted and disabled all my browsers, so I'm on my mum's pc now.

Here's the log:

ComboFix 11-02-13.01 - a.caveney 14/02/2011 16:36:34.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3580.2496 [GMT 11:00]
Running from: c:\users\a.caveney\Desktop\ComboFix.exe
Command switches used :: c:\users\a.caveney\Desktop\cfscript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\users\A6DF6~1.CAV\AppData\Local\Temp\adxapie.sys"
"c:\windows\sbacknt.bin"
"c:\windows\treeskp.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\a.caveney\AppData\Local\vghd
c:\users\a.caveney\AppData\Local\vghd\bin\D3DX9_43.dll
c:\users\a.caveney\AppData\Local\vghd\bin\dxmodules.dll
c:\users\a.caveney\AppData\Local\vghd\bin\msvcp100.dll
c:\users\a.caveney\AppData\Local\vghd\bin\msvcr100.dll
c:\users\a.caveney\AppData\Local\vghd\bin\System.dll
c:\users\a.caveney\AppData\Local\vghd\bin\unins000.dat
c:\users\a.caveney\AppData\Local\vghd\bin\unins000.exe
c:\users\a.caveney\AppData\Local\vghd\bin\unins000.msg
c:\users\a.caveney\AppData\Local\vghd\bin\uninstall.ico
c:\users\a.caveney\AppData\Local\vghd\bin\vghd.exe
c:\users\a.caveney\AppData\Local\vghd\bin\vghd.scr
c:\users\a.caveney\AppData\Local\vghd\bin\vhd.dll
c:\users\a.caveney\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe
c:\users\a.caveney\AppData\Local\vghd\bin\Windows.dll
c:\users\a.caveney\AppData\Local\vghd\bin\WindowsEx.dll
c:\users\a.caveney\AppData\Local\vghd\data\a0108\a0108.vhddat
c:\users\a.caveney\AppData\Local\vghd\data\a0108\a0108.vhddld
c:\users\a.caveney\AppData\Local\vghd\data\a0108\a0108.vhdinf
c:\users\a.caveney\AppData\Local\vghd\data\a0108\a0108c.jpg
c:\users\a.caveney\AppData\Local\vghd\data\a0108\a0108d.bmp
c:\users\a.caveney\AppData\Local\vghd\data\a0108\a0108e.bmp
c:\users\a.caveney\AppData\Local\vghd\data\a0217\a0217.vhddat
c:\users\a.caveney\AppData\Local\vghd\data\a0217\a0217.vhddld
c:\users\a.caveney\AppData\Local\vghd\data\a0217\a0217.vhdinf
c:\users\a.caveney\AppData\Local\vghd\data\a0217\a0217c.jpg
c:\users\a.caveney\AppData\Local\vghd\data\a0217\a0217d.bmp
c:\users\a.caveney\AppData\Local\vghd\data\a0217\a0217e.bmp
c:\users\a.caveney\AppData\Local\vghd\data\a0321\a0321.vhddat
c:\users\a.caveney\AppData\Local\vghd\data\a0321\a0321.vhddld
c:\users\a.caveney\AppData\Local\vghd\data\a0321\a0321.vhdinf
c:\users\a.caveney\AppData\Local\vghd\data\a0321\a0321c.jpg
c:\users\a.caveney\AppData\Local\vghd\data\a0321\a0321d.bmp
c:\users\a.caveney\AppData\Local\vghd\data\a0321\a0321e.bmp
c:\users\a.caveney\AppData\Local\vghd\data\a0458\a0458.vhddat
c:\users\a.caveney\AppData\Local\vghd\data\a0458\a0458.vhddld
c:\users\a.caveney\AppData\Local\vghd\data\a0458\a0458.vhdinf
c:\users\a.caveney\AppData\Local\vghd\data\a0458\a0458c.jpg
c:\users\a.caveney\AppData\Local\vghd\data\a0458\a0458d.bmp
c:\users\a.caveney\AppData\Local\vghd\data\a0458\a0458e.bmp
c:\users\a.caveney\AppData\Local\vghd\data\a0460\a0460.vhddat
c:\users\a.caveney\AppData\Local\vghd\data\a0460\a0460.vhddld
c:\users\a.caveney\AppData\Local\vghd\data\a0460\a0460.vhdinf
c:\users\a.caveney\AppData\Local\vghd\data\a0460\a0460c.jpg
c:\users\a.caveney\AppData\Local\vghd\data\a0460\a0460d.bmp
c:\users\a.caveney\AppData\Local\vghd\data\a0460\a0460e.bmp
c:\users\a.caveney\AppData\Local\vghd\data\a0542\a0542.vhddat
c:\users\a.caveney\AppData\Local\vghd\data\a0542\a0542.vhddld
c:\users\a.caveney\AppData\Local\vghd\data\a0542\a0542.vhdinf
c:\users\a.caveney\AppData\Local\vghd\data\a0542\a0542c.jpg
c:\users\a.caveney\AppData\Local\vghd\data\a0542\a0542d.bmp
c:\users\a.caveney\AppData\Local\vghd\data\a0542\a0542e.bmp
c:\users\a.caveney\AppData\Local\vghd\data\a0666\a0666.vhddat
c:\users\a.caveney\AppData\Local\vghd\data\a0666\a0666.vhddld
c:\users\a.caveney\AppData\Local\vghd\data\a0666\a0666.vhdinf
c:\users\a.caveney\AppData\Local\vghd\data\a0666\a0666c.jpg
c:\users\a.caveney\AppData\Local\vghd\data\a0666\a0666d.bmp
c:\users\a.caveney\AppData\Local\vghd\data\a0666\a0666e.bmp
c:\users\a.caveney\AppData\Local\vghd\data\a0670\a0670.vhddat
c:\users\a.caveney\AppData\Local\vghd\data\a0670\a0670.vhddld
c:\users\a.caveney\AppData\Local\vghd\data\a0670\a0670.vhdinf
c:\users\a.caveney\AppData\Local\vghd\data\a0670\a0670c.jpg
c:\users\a.caveney\AppData\Local\vghd\data\a0670\a0670d.bmp
c:\users\a.caveney\AppData\Local\vghd\data\a0670\a0670e.bmp
c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\club1_0.scd
c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\club1_2.scd
c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\floor.JPG
c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\fond_hustler_01.jpg
c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\fond_hustler_02.jpg
c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\ico_scr.bmp
c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\logo.BMP
c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\sky1.jpg
c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\sky2.jpg
c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\slideshow\bkgd_01.jpg
c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\slideshow\bkgd_03.jpg
c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\slideshow\bkgd_05.jpg
c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\slideshow\bkgd_07.jpg
c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\slideshow\bkgd_21.jpg
c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\slideshow\bkgd_28.jpg
c:\users\a.caveney\AppData\Local\vghd\data\backgrounds\slideshow\bkgd_34.jpg
c:\users\a.caveney\AppData\Local\vghd\data\calendar.cld
c:\users\a.caveney\AppData\Local\vghd\data\DLScript.cds
c:\users\a.caveney\AppData\Local\vghd\data\License.txt
c:\users\a.caveney\AppData\Local\vghd\data\models.lst
c:\users\a.caveney\AppData\Local\vghd\data\newmodels.lst
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\back_register_congrats_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\backadvanced.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\backbmplist.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\backdelete.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\backenterpassword.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\background.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\background_licence.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\backmodels_border.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\backplaylist.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\backregister_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\backscreensaver.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\backsettings.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\backwarnbox.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_add_playlist_click_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_add_playlist_on_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_buy_click.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_buy_on.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_cancel_click_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_cancel_on_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_confirm_click.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_confirm_on.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_delete_playlist_click_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_delete_playlist_on_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_downloadtrailer_click_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_downloadtrailer_on_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_finish_click_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_finish_on_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_load_playlist_click_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_load_playlist_on_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_mini_cancel.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_mini_cancel_wait.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_mode.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_models.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_preview_click_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_preview_on_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_save_playlist_click_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_save_playlist_on_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_skins.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_toggle_click_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_toggle_on_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_whatsnew_click.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\button_whatsnew_on.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\calendar_nocard.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\checkbox.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\checkbox_fav.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\checkbox_models.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\checkbox_nok.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\checkbox_off.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\checkbox_off_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\checkbox_ok.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_delete.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_delete_on.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_download.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_download_off.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_play.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_play_on.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_playingnow.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_plus.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_plus_on.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_progressbar.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\collection_progressbar_list.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\confirmbox.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\Demo_DL_off_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\Demo_DL_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\DL_Back_Reset.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\dl_internal.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\dl_nocard.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\dualscreen.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\empty_girl.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\empty_girl_small.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\favorite_small.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\Illus_startcollection_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\list_disabled.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\list_enabled.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\logo.BMP
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\magnify.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\multicard.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\multicard.jpg
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\oncard_player.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\plus.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\radio.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\register_sticker.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\shadow.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\show_DL_off_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\show_DL_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\slider.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_background.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_deleted.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_deleted_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_onstage_big_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_onstage_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_play.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_play_off.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_tomorrow_list_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_tomorrow_us.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_trailer.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\sticker_trailer_mini.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\thumb_notopmost.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\thumb_shadow.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\thumb_side1.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\thumb_side2.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\thumb_smallmode.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\tip_background.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\tip_background_small.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\tooltip_button.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\tooltip_button_click.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\tooltip_check_off.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\tooltip_check_on.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\tooltip_close.bmp
c:\users\a.caveney\AppData\Local\vghd\data\skins\VirtuaGirl\regular skin\version.txt
c:\users\a.caveney\AppData\Local\vghd\data\Vghd_info.log
c:\users\a.caveney\AppData\Local\vghd\data\virtuagirllicense.txt.us
c:\users\a.caveney\AppData\Local\vghd\data\virtuagirlredirect.cds
c:\users\a.caveney\AppData\Local\vghd\models\a0108\a0108.vhdtrailers
c:\users\a.caveney\AppData\Local\vghd\models\a0108\a0108_0103.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0108\a0108_1101.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0108\a0108_4102.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0217\a0217.vhdtrailers
c:\users\a.caveney\AppData\Local\vghd\models\a0217\a0217_0101.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0217\a0217_1103.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0217\a0217_68102.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0321\a0321.vhdtrailers
c:\users\a.caveney\AppData\Local\vghd\models\a0321\a0321_1201.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0321\a0321_2103.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0458\a0458.vhdtrailers
c:\users\a.caveney\AppData\Local\vghd\models\a0458\a0458_32101.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0458\a0458_33103.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0458\a0458_4102.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0460\a0460.vhdtrailers
c:\users\a.caveney\AppData\Local\vghd\models\a0460\a0460_32101.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0460\a0460_33103.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0460\a0460_36102.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0542\a0542.vhdtrailers
c:\users\a.caveney\AppData\Local\vghd\models\a0542\a0542_1103.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0542\a0542_64101.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0542\a0542_68102.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0666\a0666.vhdtrailers
c:\users\a.caveney\AppData\Local\vghd\models\a0666\a0666_1112.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0666\a0666_4111.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0666\a0666_64110.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0670\a0670.vhdtrailers
c:\users\a.caveney\AppData\Local\vghd\models\a0670\a0670_0101.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0670\a0670_1103.demo
c:\users\a.caveney\AppData\Local\vghd\models\a0670\a0670_68102.demo
c:\windows\sbacknt.bin
c:\windows\System32\config\systemprofile\AppData\Local\{0D3354DB-5D86-45F4-9D83-381040B0C0B2}
c:\windows\System32\config\systemprofile\AppData\Local\{0D3354DB-5D86-45F4-9D83-381040B0C0B2}\chrome.manifest
c:\windows\System32\config\systemprofile\AppData\Local\{0D3354DB-5D86-45F4-9D83-381040B0C0B2}\chrome\content\_cfg.js
c:\windows\System32\config\systemprofile\AppData\Local\{0D3354DB-5D86-45F4-9D83-381040B0C0B2}\chrome\content\overlay.xul
c:\windows\System32\config\systemprofile\AppData\Local\{0D3354DB-5D86-45F4-9D83-381040B0C0B2}\install.rdf
c:\windows\treeskp.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ADXAPIE
-------\Service_adxapie

((((((((((((((((((((((((( Files Created from 2011-01-14 to 2011-02-14 )))))))))))))))))))))))))))))))
.

2011-02-14 05:46 . 2011-02-14 05:46 -------- d-----w- c:\users\Mcx1-ACAVENEY\AppData\Local\temp
2011-02-14 05:46 . 2011-02-14 05:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-14 05:46 . 2011-02-14 05:58 -------- d-----w- c:\users\a.caveney\AppData\Local\temp
2011-02-14 05:46 . 2011-02-14 05:46 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-02-14 05:46 . 2011-02-14 05:46 -------- d-----w- c:\users\Jukebox\AppData\Local\temp
2011-02-14 05:46 . 2011-02-14 05:46 -------- d-----w- c:\users\A6DF6~1~CAV\AppData\Local\temp
2011-02-14 05:34 . 2011-02-14 05:34 -------- d-----w- C:\32788R22FWJFW
2011-02-14 04:13 . 2011-02-14 04:13 -------- d-----w- c:\programdata\Avira
2011-02-14 04:13 . 2011-02-14 04:13 -------- d-----w- c:\program files\Avira
2011-02-14 04:13 . 2011-01-10 03:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-14 04:13 . 2011-01-10 03:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-13 13:24 . 2011-02-13 13:24 -------- d-----w- C:\TDSSKiller_Quarantine
2011-02-12 03:48 . 2008-08-06 05:22 114688 ----a-w- c:\program files\Mozilla Firefox\plugins\np32dsw.dll
2011-02-12 03:45 . 2011-02-12 03:45 -------- d-----w- c:\programdata\FLEXnet
2011-02-12 02:58 . 2011-02-12 02:58 -------- d-----w- c:\program files\Adobe Media Player
2011-02-12 02:52 . 2011-02-12 02:52 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-02-12 02:45 . 2011-02-12 02:45 -------- d-----w- c:\program files\7-Zip
2011-02-11 22:58 . 2011-02-11 22:58 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcB858.tmp
2011-02-08 06:33 . 2011-02-08 06:47 -------- d-----w- c:\programdata\Sony Ericsson
2011-02-08 06:33 . 2011-02-08 06:47 -------- d-----w- c:\program files\Sony Ericsson
2011-01-31 16:36 . 2011-01-31 16:38 -------- d-----w- c:\program files\thriXXX
2011-01-31 16:36 . 2011-01-31 16:36 -------- d-----w- c:\users\a.caveney\AppData\Roaming\thriXXX
2011-01-30 03:57 . 2011-01-30 03:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 03:57 . 2011-01-30 03:57 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-01-19 10:56 . 2011-01-19 10:56 -------- d-----w- c:\program files\Common Files\Steam
2011-01-19 10:56 . 2011-01-20 21:49 -------- d-----w- c:\program files\Steam
2011-01-17 10:31 . 2011-01-17 10:31 -------- d-----w- C:\vikings
2011-01-17 10:24 . 2011-01-17 10:26 -------- d-----w- C:\harry
2011-01-17 10:24 . 2011-01-17 10:24 -------- d-----w- C:\Alien Carnage - Halloween Harry
2011-01-17 10:21 . 2011-01-17 10:22 -------- d-----w- C:\Dalek
2011-01-17 09:56 . 2011-01-18 23:57 -------- d-----w- c:\program files\DOSBox-0.74

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-14 08:40 . 2009-07-13 23:12 710720 ----a-w- c:\windows\system32\drivers\ndis.sys
2011-01-17 10:18 . 2011-01-17 10:16 1020517 ----a-w- C:\Dalek Attack.zip
2011-01-17 10:16 . 2011-01-17 10:10 2949558 ----a-w- C:\Alien Carnage - Halloween Harry.zip
2011-01-17 10:14 . 2011-01-17 10:11 1624021 ----a-w- C:\Bio Menace.zip
2011-01-17 09:56 . 2011-01-17 09:52 1812912 ----a-w- C:\spear-of-destiny.zip
2011-01-17 09:56 . 2011-01-17 09:53 212870 ----a-w- C:\tyrian-2000.zip
2011-01-17 09:54 . 2011-01-17 09:53 517299 ----a-w- C:\the-incredible-machine.zip
2011-01-17 09:51 . 2011-01-17 09:47 1248617 ----a-w- C:\lost-vikings.zip
2011-01-17 09:50 . 2011-01-17 09:48 1003683 ----a-w- C:\gods.zip
2010-12-20 07:33 . 2010-04-14 04:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-12-20 07:09 . 2010-11-05 01:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 07:08 . 2010-11-05 01:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 08:36 . 2010-03-29 22:52 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-12-15 08:36 . 2010-04-14 04:44 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-01-05 424448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-22 458844]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

c:\users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DesktopVideoPlayer.lnk - c:\users\a.caveney\AppData\Local\vghd\bin\vghd.exe [N/A]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-4-28 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Users^a.caveney^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Gangsters2Setup.lnk]
path=c:\users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gangsters2Setup.lnk
backup=c:\windows\pss\Gangsters2Setup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-03-24 02:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-07-23 18:04 498744 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 135664]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-03 17408]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-21 198656]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-08-05 143184]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-08-05 41936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 28344]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-08-05 100496]

--- Other Services/Drivers In Memory ---

*Deregistered* - fsyjzzan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 12:56]

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 12:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15442&l=dis
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\a.caveney\AppData\Roaming\Mozilla\Firefox\Profiles\swy5a2zf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d21a506&v=6.011.025.001&i=26&tp=ab&iy=&ychte=au&lng=en-US&q=
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -

AddRemove-VirtuaGirl_is1 - c:\users\a.caveney\AppData\Local\vghd\bin\unins000.exe

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fsyjzzan]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3017484975-2806290812-2973588613-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:18,68,64,7e,29,33,15,da,cd,6b,92,24,a9,e3,82,c6,49,1d,9f,ab,09,
58,94,b4,64,c0,f6,10,a4,fe,0e,96,d2,fa,9f,6b,f8,11,d6,c8,a8,66,57,ed,70,1a,\
"rkeysecu"=hex:8e,16,85,50,16,01,79,9a,0c,ea,a2,b1,52,b6,a5,b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-02-14 17:03:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-14 06:03
ComboFix2.txt 2011-02-14 04:55

Pre-Run: 200,051,036,160 bytes free
Post-Run: 199,887,843,328 bytes free

- - End Of File - - 85C5D914FD66C6D25FAED2E5D2F22F69

Broni · Feb 14, 2011

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\system32\drivers\fsyjzzan.sys

Rootkit::
c:\windows\system32\drivers\fsyjzzan.sys

Driver::
fsyjzzan

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fsyjzzan]

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

stoot64 · Feb 15, 2011

ComboFix 11-02-13.01 - a.caveney 15/02/2011 17:03:19.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3580.2607 [GMT 11:00]
Running from: c:\users\a.caveney\Desktop\ComboFix.exe
Command switches used :: c:\users\a.caveney\Desktop\cfscript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\windows\system32\drivers\fsyjzzan.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FSYJZZAN
-------\Service_fsyjzzan

((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 )))))))))))))))))))))))))))))))
.

2011-02-15 06:17 . 2011-02-15 06:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-02-15 06:17 . 2011-02-15 06:17 -------- d-----w- c:\users\Mcx1-ACAVENEY\AppData\Local\temp
2011-02-15 06:17 . 2011-02-15 06:17 -------- d-----w- c:\users\Jukebox\AppData\Local\temp
2011-02-15 06:17 . 2011-02-15 06:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-15 06:17 . 2011-02-15 06:17 -------- d-----w- c:\users\A6DF6~1~CAV\AppData\Local\temp
2011-02-14 05:46 . 2011-02-15 06:22 -------- d-----w- c:\users\a.caveney\AppData\Local\temp
2011-02-14 04:13 . 2011-02-14 04:13 -------- d-----w- c:\programdata\Avira
2011-02-14 04:13 . 2011-02-14 04:13 -------- d-----w- c:\program files\Avira
2011-02-14 04:13 . 2011-01-10 03:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-14 04:13 . 2011-01-10 03:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-13 13:24 . 2011-02-13 13:24 -------- d-----w- C:\TDSSKiller_Quarantine
2011-02-12 03:48 . 2008-08-06 05:22 114688 ----a-w- c:\program files\Mozilla Firefox\plugins\np32dsw.dll
2011-02-12 03:45 . 2011-02-12 03:45 -------- d-----w- c:\programdata\FLEXnet
2011-02-12 02:58 . 2011-02-12 02:58 -------- d-----w- c:\program files\Adobe Media Player
2011-02-12 02:52 . 2011-02-12 02:52 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-02-12 02:45 . 2011-02-12 02:45 -------- d-----w- c:\program files\7-Zip
2011-02-11 22:58 . 2011-02-11 22:58 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcB858.tmp
2011-02-08 06:33 . 2011-02-08 06:47 -------- d-----w- c:\programdata\Sony Ericsson
2011-02-08 06:33 . 2011-02-08 06:47 -------- d-----w- c:\program files\Sony Ericsson
2011-01-31 16:36 . 2011-01-31 16:38 -------- d-----w- c:\program files\thriXXX
2011-01-31 16:36 . 2011-01-31 16:36 -------- d-----w- c:\users\a.caveney\AppData\Roaming\thriXXX
2011-01-30 03:57 . 2011-01-30 03:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 03:57 . 2011-01-30 03:57 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-01-19 10:56 . 2011-01-19 10:56 -------- d-----w- c:\program files\Common Files\Steam
2011-01-19 10:56 . 2011-01-20 21:49 -------- d-----w- c:\program files\Steam
2011-01-17 10:31 . 2011-01-17 10:31 -------- d-----w- C:\vikings
2011-01-17 10:24 . 2011-01-17 10:26 -------- d-----w- C:\harry
2011-01-17 10:24 . 2011-01-17 10:24 -------- d-----w- C:\Alien Carnage - Halloween Harry
2011-01-17 10:21 . 2011-01-17 10:22 -------- d-----w- C:\Dalek
2011-01-17 09:56 . 2011-01-18 23:57 -------- d-----w- c:\program files\DOSBox-0.74

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-15 06:18 . 2010-07-17 22:56 768000 ----a-w- c:\windows\system32\drivers\fsyjzzan.sys
2011-02-14 08:40 . 2009-07-13 23:12 710720 ----a-w- c:\windows\system32\drivers\ndis.sys
2011-01-17 10:18 . 2011-01-17 10:16 1020517 ----a-w- C:\Dalek Attack.zip
2011-01-17 10:16 . 2011-01-17 10:10 2949558 ----a-w- C:\Alien Carnage - Halloween Harry.zip
2011-01-17 10:14 . 2011-01-17 10:11 1624021 ----a-w- C:\Bio Menace.zip
2011-01-17 09:56 . 2011-01-17 09:52 1812912 ----a-w- C:\spear-of-destiny.zip
2011-01-17 09:56 . 2011-01-17 09:53 212870 ----a-w- C:\tyrian-2000.zip
2011-01-17 09:54 . 2011-01-17 09:53 517299 ----a-w- C:\the-incredible-machine.zip
2011-01-17 09:51 . 2011-01-17 09:47 1248617 ----a-w- C:\lost-vikings.zip
2011-01-17 09:50 . 2011-01-17 09:48 1003683 ----a-w- C:\gods.zip
2010-12-20 07:33 . 2010-04-14 04:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-12-20 07:09 . 2010-11-05 01:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 07:08 . 2010-11-05 01:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 08:36 . 2010-03-29 22:52 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-12-15 08:36 . 2010-04-14 04:44 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-02-14_04.41.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:55 . 2011-02-15 06:24 66278 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-19 05:16 . 2011-02-15 06:24 18538 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3017484975-2806290812-2973588613-1000_UserData.bin
- 2010-01-16 08:35 . 2011-02-14 04:14 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-16 08:35 . 2011-02-15 06:19 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-16 08:35 . 2011-02-15 06:19 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-16 08:35 . 2011-02-14 04:14 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2011-02-14 04:14 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2011-02-15 06:19 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-19 05:20 . 2011-02-14 22:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-19 05:20 . 2011-02-14 01:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-19 05:20 . 2011-02-14 22:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-19 05:20 . 2011-02-14 01:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-14 07:36 . 2011-02-15 06:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-13 14:14 . 2011-02-13 14:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-13 14:14 . 2011-02-13 14:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-14 07:36 . 2011-02-15 06:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-02-24 12:09 . 2011-02-15 04:22 211972 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-02-19 22:33 . 2011-02-14 11:19 295122 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:03 . 2011-02-14 11:39 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2011-02-14 00:57 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:05 . 2011-02-14 22:31 2434968 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2011-02-14 22:31 1022540 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-01-05 424448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-22 458844]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

c:\users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DesktopVideoPlayer.lnk - c:\users\a.caveney\AppData\Local\vghd\bin\vghd.exe [N/A]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-4-28 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Users^a.caveney^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Gangsters2Setup.lnk]
path=c:\users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gangsters2Setup.lnk
backup=c:\windows\pss\Gangsters2Setup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-03-24 02:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-07-23 18:04 498744 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-03 17408]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-21 198656]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 12:56]

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 12:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15442&l=dis
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\a.caveney\AppData\Roaming\Mozilla\Firefox\Profiles\swy5a2zf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d21a506&v=6.011.025.001&i=26&tp=ab&iy=&ychte=au&lng=en-US&q=
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3017484975-2806290812-2973588613-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:18,68,64,7e,29,33,15,da,cd,6b,92,24,a9,e3,82,c6,49,1d,9f,ab,09,
58,94,b4,64,c0,f6,10,a4,fe,0e,96,d2,fa,9f,6b,f8,11,d6,c8,a8,66,57,ed,70,1a,\
"rkeysecu"=hex:8e,16,85,50,16,01,79,9a,0c,ea,a2,b1,52,b6,a5,b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-02-15 17:26:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-15 06:26
ComboFix2.txt 2011-02-14 06:03
ComboFix3.txt 2011-02-14 04:55

Pre-Run: 198,057,725,952 bytes free
Post-Run: 197,965,279,232 bytes free

- - End Of File - - C4418B04E0438E5172339E86AEE52AF7

Broni · Feb 15, 2011

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\system32\drivers\fsyjzzan.sys

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

stoot64 · Feb 16, 2011

ComboFix 11-02-13.01 - a.caveney 16/02/2011 15:37:02.5.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3580.2595 [GMT 11:00]
Running from: c:\users\a.caveney\Desktop\ComboFix.exe
Command switches used :: c:\users\a.caveney\Desktop\cfscript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\windows\system32\drivers\fsyjzzan.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\fsyjzzan.sys

.
((((((((((((((((((((((((( Files Created from 2011-01-16 to 2011-02-16 )))))))))))))))))))))))))))))))
.

2011-02-16 04:48 . 2011-02-16 04:48 -------- d-----w- c:\users\a.caveney\AppData\Local\temp
2011-02-16 04:48 . 2011-02-16 04:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-02-16 04:48 . 2011-02-16 04:48 -------- d-----w- c:\users\Mcx1-ACAVENEY\AppData\Local\temp
2011-02-16 04:48 . 2011-02-16 04:48 -------- d-----w- c:\users\Jukebox\AppData\Local\temp
2011-02-16 04:48 . 2011-02-16 04:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-16 04:48 . 2011-02-16 04:48 -------- d-----w- c:\users\A6DF6~1~CAV\AppData\Local\temp
2011-02-14 04:13 . 2011-02-14 04:13 -------- d-----w- c:\programdata\Avira
2011-02-14 04:13 . 2011-02-14 04:13 -------- d-----w- c:\program files\Avira
2011-02-14 04:13 . 2011-01-10 03:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-14 04:13 . 2011-01-10 03:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-13 13:24 . 2011-02-13 13:24 -------- d-----w- C:\TDSSKiller_Quarantine
2011-02-12 03:48 . 2008-08-06 05:22 114688 ----a-w- c:\program files\Mozilla Firefox\plugins\np32dsw.dll
2011-02-12 03:45 . 2011-02-12 03:45 -------- d-----w- c:\programdata\FLEXnet
2011-02-12 02:58 . 2011-02-12 02:58 -------- d-----w- c:\program files\Adobe Media Player
2011-02-12 02:52 . 2011-02-12 02:52 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-02-12 02:45 . 2011-02-12 02:45 -------- d-----w- c:\program files\7-Zip
2011-02-11 22:58 . 2011-02-11 22:58 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcB858.tmp
2011-02-08 06:33 . 2011-02-08 06:47 -------- d-----w- c:\programdata\Sony Ericsson
2011-02-08 06:33 . 2011-02-08 06:47 -------- d-----w- c:\program files\Sony Ericsson
2011-01-31 16:36 . 2011-01-31 16:38 -------- d-----w- c:\program files\thriXXX
2011-01-31 16:36 . 2011-01-31 16:36 -------- d-----w- c:\users\a.caveney\AppData\Roaming\thriXXX
2011-01-30 03:57 . 2011-01-30 03:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 03:57 . 2011-01-30 03:57 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-01-19 10:56 . 2011-01-19 10:56 -------- d-----w- c:\program files\Common Files\Steam
2011-01-19 10:56 . 2011-01-20 21:49 -------- d-----w- c:\program files\Steam
2011-01-17 10:31 . 2011-01-17 10:31 -------- d-----w- C:\vikings
2011-01-17 10:24 . 2011-01-17 10:26 -------- d-----w- C:\harry
2011-01-17 10:24 . 2011-01-17 10:24 -------- d-----w- C:\Alien Carnage - Halloween Harry
2011-01-17 10:21 . 2011-01-17 10:22 -------- d-----w- C:\Dalek
2011-01-17 09:56 . 2011-01-18 23:57 -------- d-----w- c:\program files\DOSBox-0.74

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-14 08:40 . 2009-07-13 23:12 710720 ----a-w- c:\windows\system32\drivers\ndis.sys
2011-01-17 10:18 . 2011-01-17 10:16 1020517 ----a-w- C:\Dalek Attack.zip
2011-01-17 10:16 . 2011-01-17 10:10 2949558 ----a-w- C:\Alien Carnage - Halloween Harry.zip
2011-01-17 10:14 . 2011-01-17 10:11 1624021 ----a-w- C:\Bio Menace.zip
2011-01-17 09:56 . 2011-01-17 09:52 1812912 ----a-w- C:\spear-of-destiny.zip
2011-01-17 09:56 . 2011-01-17 09:53 212870 ----a-w- C:\tyrian-2000.zip
2011-01-17 09:54 . 2011-01-17 09:53 517299 ----a-w- C:\the-incredible-machine.zip
2011-01-17 09:51 . 2011-01-17 09:47 1248617 ----a-w- C:\lost-vikings.zip
2011-01-17 09:50 . 2011-01-17 09:48 1003683 ----a-w- C:\gods.zip
2010-12-20 07:33 . 2010-04-14 04:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-12-20 07:09 . 2010-11-05 01:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 07:08 . 2010-11-05 01:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 08:36 . 2010-03-29 22:52 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-12-15 08:36 . 2010-04-14 04:44 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-01-05 424448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-22 458844]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

c:\users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DesktopVideoPlayer.lnk - c:\users\a.caveney\AppData\Local\vghd\bin\vghd.exe [N/A]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-4-28 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Users^a.caveney^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Gangsters2Setup.lnk]
path=c:\users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gangsters2Setup.lnk
backup=c:\windows\pss\Gangsters2Setup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-03-24 02:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-07-23 18:04 498744 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 135664]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-03 17408]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-21 198656]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-08-05 143184]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-08-05 41936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 28344]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-08-05 100496]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 12:56]

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 12:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15442&l=dis
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\a.caveney\AppData\Roaming\Mozilla\Firefox\Profiles\swy5a2zf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d21a506&v=6.011.025.001&i=26&tp=ab&iy=&ychte=au&lng=en-US&q=
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3017484975-2806290812-2973588613-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:18,68,64,7e,29,33,15,da,cd,6b,92,24,a9,e3,82,c6,49,1d,9f,ab,09,
58,94,b4,64,c0,f6,10,a4,fe,0e,96,d2,fa,9f,6b,f8,11,d6,c8,a8,66,57,ed,70,1a,\
"rkeysecu"=hex:8e,16,85,50,16,01,79,9a,0c,ea,a2,b1,52,b6,a5,b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-16 15:50:23
ComboFix-quarantined-files.txt 2011-02-16 04:50
ComboFix2.txt 2011-02-16 03:59
ComboFix3.txt 2011-02-15 06:26
ComboFix4.txt 2011-02-14 06:03
ComboFix5.txt 2011-02-16 04:35

Pre-Run: 197,861,679,104 bytes free
Post-Run: 197,822,947,328 bytes free

- - End Of File - - FBC194BA7A832F2238F5777AE1F28AB7

Broni · Feb 16, 2011

Very good. It finally looks clean.

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

stoot64 · Feb 16, 2011

OTL logfile created on: 2/16/2011 9:26:13 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\a.caveney\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.49 Gb Total Space | 184.18 Gb Free Space | 40.61% Space Free | Partition Type: NTFS
Drive D: | 11.98 Gb Total Space | 1.99 Gb Free Space | 16.63% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 92.43 Mb Free Space | 93.35% Space Free | Partition Type: FAT32
Drive F: | 599.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ACAVENEY | User Name: a.caveney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/16 16:32:59 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\a.caveney\Desktop\OTL.exe
PRC - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/01/05 11:31:10 | 000,424,448 | ---- | M] (Sony Ericsson) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2010/12/13 13:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/18 12:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/31 16:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/05 15:45:12 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/05 15:44:44 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/22 12:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/07/22 12:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe
PRC - [2009/07/14 12:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 12:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/03/03 08:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe
PRC - [2009/02/11 03:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

========== Modules (SafeList) ==========

MOD - [2011/02/16 16:32:59 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\a.caveney\Desktop\OTL.exe
MOD - [2009/07/14 12:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009/07/14 12:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009/07/14 12:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 12:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll
MOD - [2009/07/14 12:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll
MOD - [2009/07/14 12:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 12:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 12:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll
MOD - [2009/07/14 12:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 12:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 12:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
MOD - [2009/07/14 12:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 12:15:21 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
MOD - [2009/07/14 12:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009/07/14 12:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 12:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 12:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll
MOD - [2009/07/14 12:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 12:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009/07/14 12:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 12:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AgereModemAudio)
SRV - [2011/02/12 13:52:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/10/26 16:05:24 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 23:45:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/05 15:44:44 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/22 12:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe -- (STacSV)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/14 12:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 12:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 12:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 12:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 12:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 12:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 12:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 12:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 12:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 12:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 12:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 12:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 12:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 12:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 12:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 12:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 12:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 12:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 12:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 12:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/06 11:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/03 08:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe -- (AESTFilters)
SRV - [2009/02/11 03:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

========== Driver Services (SafeList) ==========

DRV - [2011/01/10 14:23:53 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/08/05 14:08:04 | 000,100,496 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/08/05 14:08:04 | 000,041,936 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2010/08/05 14:08:02 | 000,143,184 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/27 23:32:58 | 000,245,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/12/11 18:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/04 02:59:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV - [2009/10/21 18:16:08 | 000,198,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/09/22 14:45:12 | 001,172,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/10 16:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/08/05 16:22:18 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 18:48:00 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/07/22 12:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/14 12:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 12:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 12:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 12:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 12:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 12:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 12:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 12:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 12:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 12:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 12:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 12:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 12:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 12:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 12:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 12:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 12:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 12:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 12:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 12:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 12:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 12:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 12:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 12:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 12:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 12:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 12:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 12:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 12:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 12:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 12:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 12:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 12:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 12:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 12:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 12:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 12:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 12:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 11:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 11:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 11:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 10:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 10:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 10:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 10:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 10:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 10:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 10:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/14 10:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/14 10:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 10:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 10:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 10:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 10:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 10:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 10:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 10:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 09:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 09:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 09:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 09:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 09:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 09:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 09:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/14 09:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/14 09:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/14 09:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 09:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/14 09:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 09:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 09:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/11 08:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/05/23 17:52:04 | 000,167,936 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/05/05 16:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/04/30 02:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/07 12:12:44 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/03/10 01:49:08 | 000,028,344 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sonypvs1.sys -- (sonypvs1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.jp.msn.com/CQALL/13
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.jp.msn.com/CQALL/13
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

IE - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15442&l=dis
IE - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4d21a506&v=6.011.025.001&i=26&tp=ab&iy=&ychte=au&lng=en-US&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://pac.tafensw.edu.au/hit/hiproxy.pac"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/31 12:22:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/12 14:48:12 | 000,000,000 | ---D | M]

[2010/02/20 02:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a.caveney\AppData\Roaming\Mozilla\Extensions
[2010/03/10 01:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a.caveney\AppData\Roaming\Mozilla\Firefox\Profiles\swy5a2zf.default\extensions
[2010/03/10 01:47:21 | 000,002,424 | ---- | M] () -- C:\Users\a.caveney\AppData\Roaming\Mozilla\Firefox\Profiles\swy5a2zf.default\searchplugins\askcom.xml
[2011/02/16 16:23:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/19 00:10:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 18:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/08/09 21:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll

O1 HOSTS File: ([2011/02/16 15:48:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - Startup: C:\Users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 08:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/01/22 21:34:34 | 000,000,066 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2011/02/16 16:32:12 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\a.caveney\Desktop\OTL.exe
[2011/02/16 15:50:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/16 15:50:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/02/16 15:50:25 | 000,000,000 | ---D | C] -- C:\Users\a.caveney\AppData\Local\temp
[2011/02/16 15:35:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/14 16:35:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/14 16:35:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/14 16:35:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/14 15:26:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/14 15:25:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/14 15:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/02/14 15:13:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/02/14 15:13:14 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/02/14 15:13:14 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/02/14 15:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/02/14 15:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/02/14 00:29:30 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\a.caveney\Desktop\TFC.exe
[2011/02/14 00:24:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/02/14 00:20:16 | 001,366,104 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\a.caveney\Desktop\TDSSKiller.exe
[2011/02/12 14:48:55 | 000,000,000 | ---D | C] -- C:\Users\a.caveney\Documents\Adobe
[2011/02/12 14:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/02/12 13:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2011/02/12 13:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/02/12 13:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2011/02/12 13:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/02/12 13:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/02/12 13:22:16 | 000,000,000 | ---D | C] -- C:\Users\a.caveney\Desktop\Adobe CS4
[2011/02/10 09:50:37 | 000,000,000 | ---D | C] -- C:\Users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtuaGirl
[2011/02/08 17:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2011/02/08 17:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
[2011/02/08 17:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2011/02/01 03:38:08 | 000,000,000 | ---D | C] -- C:\Users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\thriXXX
[2011/02/01 03:36:29 | 000,000,000 | ---D | C] -- C:\Users\a.caveney\AppData\Roaming\thriXXX
[2011/02/01 03:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\thriXXX
[2011/01/20 01:59:05 | 000,000,000 | ---D | C] -- C:\Users\a.caveney\Desktop\House MD Season 1
[2011/01/19 21:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/01/19 21:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/01/19 21:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/01/17 21:31:53 | 000,000,000 | ---D | C] -- C:\vikings
[1 C:\Users\a.caveney\Documents\*.tmp files -> C:\Users\a.caveney\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/16 21:13:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/16 21:13:47 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/16 17:36:35 | 000,023,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/16 17:36:35 | 000,023,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/16 17:33:40 | 002,537,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/16 17:33:40 | 001,074,584 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/16 17:29:26 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/16 17:29:03 | 2815,586,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/16 16:32:59 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\a.caveney\Desktop\OTL.exe
[2011/02/16 15:48:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/14 15:19:52 | 000,080,384 | ---- | M] () -- C:\Users\a.caveney\Desktop\MBRCheck.exe
[2011/02/14 15:13:24 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/02/14 12:07:03 | 004,267,704 | R--- | M] () -- C:\Users\a.caveney\Desktop\ComboFix.exe
[2011/02/14 00:58:49 | 000,296,448 | ---- | M] () -- C:\Users\a.caveney\Desktop\x98pbiv8.exe
[2011/02/14 00:29:22 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\a.caveney\Desktop\TFC.exe
[2011/02/12 17:38:44 | 002,372,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/12 14:58:19 | 000,001,277 | ---- | M] () -- C:\Users\a.caveney\Desktop\Adobe After Effects CS4.lnk
[2011/02/12 10:01:48 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/02/11 15:24:38 | 000,153,149 | ---- | M] () -- C:\Users\Public\Documents\Untitled (5).wma
[2011/02/10 11:08:26 | 001,366,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\a.caveney\Desktop\TDSSKiller.exe
[2011/02/10 09:50:37 | 000,001,078 | ---- | M] () -- C:\Users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk
[2011/02/09 09:12:37 | 000,441,104 | ---- | M] () -- C:\Users\a.caveney\Desktop\clocks 1.wav
[2011/02/09 09:08:33 | 000,129,464 | ---- | M] () -- C:\Users\a.caveney\Desktop\kiddies.wav
[2011/02/08 17:45:23 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2011/02/01 23:40:15 | 002,338,821 | ---- | M] () -- C:\Users\a.caveney\Desktop\Steviescars.png
[2011/02/01 09:47:05 | 000,019,454 | ---- | M] () -- C:\Users\a.caveney\Desktop\resume.docx
[2011/01/25 21:55:17 | 027,377,384 | ---- | M] () -- C:\Users\a.caveney\Desktop\Come On Baby.wav
[2011/01/25 21:46:42 | 026,269,004 | ---- | M] () -- C:\Users\a.caveney\Desktop\caroline.wav
[2011/01/20 13:05:37 | 000,011,479 | ---- | M] () -- C:\Users\a.caveney\Desktop\muso poster.docx
[2011/01/19 22:44:49 | 000,000,215 | ---- | M] () -- C:\Users\a.caveney\Desktop\Worms Reloaded.url
[2011/01/19 22:39:26 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[1 C:\Users\a.caveney\Documents\*.tmp files -> C:\Users\a.caveney\Documents\*.tmp -> ]

stoot64 · Feb 16, 2011

========== Files Created - No Company Name ==========

[2011/02/14 16:35:05 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/14 16:35:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/14 16:35:05 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/14 16:35:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/14 16:35:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/14 15:22:42 | 000,080,384 | ---- | C] () -- C:\Users\a.caveney\Desktop\MBRCheck.exe
[2011/02/14 15:13:24 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/02/14 12:09:45 | 004,267,704 | R--- | C] () -- C:\Users\a.caveney\Desktop\ComboFix.exe
[2011/02/14 00:59:26 | 000,296,448 | ---- | C] () -- C:\Users\a.caveney\Desktop\x98pbiv8.exe
[2011/02/12 14:58:19 | 000,001,277 | ---- | C] () -- C:\Users\a.caveney\Desktop\Adobe After Effects CS4.lnk
[2011/02/12 14:51:13 | 000,001,389 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mocha for After Effects CS4.lnk
[2011/02/12 14:26:51 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk
[2011/02/12 14:04:07 | 000,001,277 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS4.lnk
[2011/02/12 14:02:06 | 000,001,057 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
[2011/02/12 14:00:54 | 000,001,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS4.lnk
[2011/02/12 13:59:46 | 000,002,285 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit.lnk
[2011/02/12 13:55:10 | 000,001,241 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
[2011/02/12 13:54:33 | 000,001,365 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[2011/02/12 10:01:48 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/02/11 15:24:38 | 000,153,149 | ---- | C] () -- C:\Users\Public\Documents\Untitled (5).wma
[2011/02/10 09:50:37 | 000,001,078 | ---- | C] () -- C:\Users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk
[2011/02/09 09:12:37 | 000,441,104 | ---- | C] () -- C:\Users\a.caveney\Desktop\clocks 1.wav
[2011/02/09 09:08:33 | 000,129,464 | ---- | C] () -- C:\Users\a.caveney\Desktop\kiddies.wav
[2011/02/08 17:34:01 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2011/02/01 23:40:13 | 002,338,821 | ---- | C] () -- C:\Users\a.caveney\Desktop\Steviescars.png
[2011/01/25 21:46:33 | 026,269,004 | ---- | C] () -- C:\Users\a.caveney\Desktop\caroline.wav
[2011/01/25 21:10:22 | 027,377,384 | ---- | C] () -- C:\Users\a.caveney\Desktop\Come On Baby.wav
[2011/01/20 13:05:36 | 000,011,479 | ---- | C] () -- C:\Users\a.caveney\Desktop\muso poster.docx
[2011/01/19 21:56:43 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/11/07 10:21:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/10/23 11:11:26 | 000,000,006 | ---- | C] () -- C:\Users\a.caveney\AppData\Roaming\start
[2010/10/23 11:03:08 | 000,000,200 | ---- | C] () -- C:\Users\a.caveney\AppData\Roaming\35095.bat
[2010/07/28 18:47:47 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/07/28 18:47:47 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/07/20 14:40:36 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2010/07/19 16:14:00 | 000,000,120 | ---- | C] () -- C:\Users\a.caveney\AppData\Local\Lpugusef.dat
[2010/07/19 16:14:00 | 000,000,000 | ---- | C] () -- C:\Users\a.caveney\AppData\Local\Vwagezezocoh.bin
[2010/06/29 14:18:17 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/05/11 15:16:20 | 000,003,584 | ---- | C] () -- C:\Users\a.caveney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 23:19:16 | 000,000,067 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/30 16:06:00 | 000,000,359 | ---- | C] () -- C:\Users\a.caveney\AppData\Roaming\Gangsters2Setup.lnk
[2010/03/15 20:48:14 | 000,003,247 | ---- | C] () -- C:\Users\a.caveney\AppData\Roaming\glide_wrapper.zbag.ini
[2010/02/19 16:22:55 | 000,000,000 | ---- | C] () -- C:\Users\a.caveney\AppData\Local\QSwitch.txt
[2010/02/19 16:22:55 | 000,000,000 | ---- | C] () -- C:\Users\a.caveney\AppData\Local\DSwitch.txt
[2010/02/19 16:22:55 | 000,000,000 | ---- | C] () -- C:\Users\a.caveney\AppData\Local\AtStart.txt
[2010/02/19 16:22:52 | 000,000,189 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/01/16 19:47:09 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2010/01/16 19:47:04 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/01/16 19:46:51 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/01/16 19:46:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/01/16 19:45:58 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/01/16 19:34:56 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/01/16 19:32:04 | 000,000,282 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2010/01/16 19:32:04 | 000,000,223 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini
[2009/10/31 14:50:59 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/10/31 14:47:48 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/10/31 14:46:53 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/10/31 14:46:26 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 10:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2005/06/20 03:45:22 | 000,258,048 | ---- | C] () -- C:\Windows\glide3x.dll
[2005/06/20 03:45:18 | 000,262,144 | ---- | C] () -- C:\Windows\glide2x.dll
[2002/08/08 10:13:02 | 000,319,488 | R--- | C] () -- C:\Users\a.caveney\AppData\Roaming\MafiaSetup.exe
[1997/06/14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/07/28 18:41:52 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\AnvSoft
[2010/03/15 21:39:50 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\Atari
[2010/04/30 17:55:14 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\Audacity
[2011/01/03 21:30:35 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\AVG10
[2011/02/16 18:26:08 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\BitTorrent
[2010/03/07 09:28:47 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\Facebook
[2010/02/21 22:09:46 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\GOL_byHasbro
[2010/04/13 03:28:03 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\gtk-2.0
[2010/12/21 19:02:58 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\Guitar Pro 6
[2010/02/21 08:38:32 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\Leadertech
[2010/07/20 14:45:58 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\Motorola
[2010/05/13 02:24:19 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\muvee Technologies
[2010/07/17 00:40:28 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\Scrabble Plus
[2010/04/30 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\Steinberg
[2011/02/01 03:36:29 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\thriXXX
[2010/05/06 19:40:37 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\Vodafone
[2010/02/19 17:15:47 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\WildTangent
[2010/03/06 09:50:19 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\WildTangentv1001
[2011/02/13 11:16:24 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/01/17 21:16:29 | 002,949,558 | ---- | M] () -- C:\Alien Carnage - Halloween Harry.zip
[2009/06/11 08:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/01/17 21:14:30 | 001,624,021 | ---- | M] () -- C:\Bio Menace.zip
[2009/07/14 12:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011/02/16 15:50:24 | 000,014,196 | ---- | M] () -- C:\ComboFix.txt
[2009/06/11 08:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/01/17 21:18:55 | 001,020,517 | ---- | M] () -- C:\Dalek Attack.zip
[2011/01/17 20:50:25 | 001,003,683 | ---- | M] () -- C:\gods.zip
[2011/02/16 17:29:03 | 2815,586,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/23 00:23:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/17 20:51:04 | 001,248,617 | ---- | M] () -- C:\lost-vikings.zip
[2010/03/23 00:23:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/02/16 17:29:10 | 3754,115,072 | -HS- | M] () -- C:\pagefile.sys
[2011/01/17 20:56:58 | 001,812,912 | ---- | M] () -- C:\spear-of-destiny.zip
[2011/02/14 00:20:57 | 000,010,798 | ---- | M] () -- C:\TDSSKiller.2.4.17.0_14.02.2011_00.20.24_log.txt
[2011/02/14 00:24:45 | 000,201,964 | ---- | M] () -- C:\TDSSKiller.2.4.17.0_14.02.2011_00.22.51_log.txt
[2011/01/17 20:54:12 | 000,517,299 | ---- | M] () -- C:\the-incredible-machine.zip
[2011/01/17 20:56:06 | 000,212,870 | ---- | M] () -- C:\tyrian-2000.zip

< %systemroot%\Fonts\*.com >
[2009/07/14 15:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 15:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 15:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 15:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 08:31:19 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010/04/24 06:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD9X.DLL
[2010/04/24 06:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP9X.DLL
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/14 12:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/12/19 13:09:54 | 000,001,686 | -HS- | M] () -- C:\Users\a.caveney\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >
[2009/07/14 15:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/02/19 19:28:34 | 000,000,221 | -HS- | M] () -- C:\Users\a.caveney\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/02/14 12:07:03 | 004,267,704 | R--- | M] () -- C:\Users\a.caveney\Desktop\ComboFix.exe
[2011/02/14 15:19:52 | 000,080,384 | ---- | M] () -- C:\Users\a.caveney\Desktop\MBRCheck.exe
[2011/02/16 16:32:59 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\a.caveney\Desktop\OTL.exe
[2011/02/10 11:08:26 | 001,366,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\a.caveney\Desktop\TDSSKiller.exe
[2011/02/14 00:29:22 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\a.caveney\Desktop\TFC.exe
[2011/02/14 00:58:49 | 000,296,448 | ---- | M] () -- C:\Users\a.caveney\Desktop\x98pbiv8.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 08:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/05/06 19:40:25 | 000,000,402 | -HS- | M] () -- C:\Users\a.caveney\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/03/17 11:53:29 | 000,000,189 | ---- | M] () -- C:\ProgramData\HPWALog.txt
[2010/11/07 10:21:45 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/01/16 19:47:04 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/10/31 14:51:32 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/01/16 19:46:33 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/10/31 14:47:40 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/01/16 19:45:58 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/01/16 19:46:51 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/10/31 14:46:47 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/10/31 14:50:53 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/01/16 19:47:11 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 08:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/05/06 19:40:25 | 000,000,402 | -HS- | M] () -- C:\Users\a.caveney\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/03/17 11:53:29 | 000,000,189 | ---- | M] () -- C:\ProgramData\HPWALog.txt
[2010/11/07 10:21:45 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/01/16 19:47:04 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/10/31 14:51:32 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/01/16 19:46:33 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/10/31 14:47:40 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/01/16 19:45:58 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/01/16 19:46:51 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/10/31 14:46:47 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/10/31 14:50:53 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/01/16 19:47:11 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp

FC5A2B2

< End of report >

stoot64 · Feb 16, 2011

OTL Extras logfile created on: 2/16/2011 4:34:13 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\a.caveney\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.49 Gb Total Space | 184.32 Gb Free Space | 40.64% Space Free | Partition Type: NTFS
Drive D: | 11.98 Gb Total Space | 1.99 Gb Free Space | 16.63% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 92.43 Mb Free Space | 93.35% Space Free | Partition Type: FAT32
Drive F: | 599.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ACAVENEY | User Name: a.caveney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation
"{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish
"{50A8D956-ABD1-9DF1-5243-45E10ACA3334}" = ccc-utility
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian
"{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish
"{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}" = HP Support Assistant
"{75BF5A99-74C9-FF8E-77B0-1DBA17A109BA}" = ATI Catalyst Install Manager
"{764DC542-D3D1-49D4-9BA5-8C7DAD18DE8E}" = Oracle VM VirtualBox 3.2.8
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85EAFAD8-9FDB-4343-82CE-29674C1AC6E1}" = SoftStylus
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = The Godfather™ II
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech
"{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.2 MUI
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BFE33B3C-0284-461D-97AC-3024281002B1}" = Carmageddon 2
"{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian
"{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{D3F9E47A-1393-40B6-8662-2801E4BC752B}" = Scrabble PLUS
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard
"{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.110
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 4.60 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.1
"BitTorrent" = BitTorrent
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EAX Unified" = EAX Unified
"GlidewrapZbag" = zeckensack's Glide wrapper (remove only)
"Guitar Pro 6 (6.0.7 b2 r8924)" = Guitar Pro 6 (6.0.7 b2 r8924)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Intelli-studio" = SAMSUNG Intelli-studio
"InterActual Player" = InterActual Player
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"PROHYBRIDR" = 2007 Microsoft Office system
"StarCraft" = StarCraft
"Steam App 22600" = Worms Reloaded
"Steinberg Cubase LE" = Steinberg Cubase LE
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"thriXXX WebLaunch" = thriXXX WebLaunch
"Update Engine" = Sony Ericsson Update Engine
"Virgin Mobile" = Virgin Mobile
"VLC media player" = VLC media player 1.1.2
"Warcraft III" = Warcraft III
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/10/2011 2:41:21 AM | Computer Name = acaveney | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4961

Error - 2/10/2011 3:44:30 AM | Computer Name = acaveney | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/10/2011 3:44:30 AM | Computer Name = acaveney | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4898

Error - 2/10/2011 3:44:30 AM | Computer Name = acaveney | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4898

Error - 2/10/2011 5:16:17 AM | Computer Name = acaveney | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/10/2011 5:16:17 AM | Computer Name = acaveney | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5024

Error - 2/10/2011 5:16:17 AM | Computer Name = acaveney | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5024

Error - 2/10/2011 8:55:39 AM | Computer Name = acaveney | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/10/2011 8:55:39 AM | Computer Name = acaveney | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5007

Error - 2/10/2011 8:55:39 AM | Computer Name = acaveney | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5007

[ Hewlett-Packard Events ]
Error - 7/17/2010 7:26:13 AM | Computer Name = acaveney | Source = Hewlett-Packard | ID = 0
Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/17/2010 7:26:14 AM | Computer Name = acaveney | Source = Hewlett-Packard | ID = 0
Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/31/2010 7:17:28 AM | Computer Name = acaveney | Source = Hewlett-Packard | ID = 0
Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/31/2010 7:17:28 AM | Computer Name = acaveney | Source = Hewlett-Packard | ID = 0
Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 11/13/2010 8:24:42 PM | Computer Name = acaveney | Source = Hewlett-Packard | ID = 0
Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 11/13/2010 8:24:42 PM | Computer Name = acaveney | Source = Hewlett-Packard | ID = 0
Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 1/15/2011 5:07:08 AM | Computer Name = acaveney | Source = Hewlett-Packard | ID = 0
Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

[ Media Center Events ]
Error - 12/11/2010 10:53:17 PM | Computer Name = acaveney | Source = MCUpdate | ID = 0
Description = 1:53:16 PM - Error connecting to the internet. 1:53:16 PM - Unable
to contact server..

Error - 12/14/2010 2:32:24 AM | Computer Name = acaveney | Source = MCUpdate | ID = 0
Description = 5:32:24 PM - Error connecting to the internet. 5:32:24 PM - Unable
to contact server..

Error - 12/14/2010 2:32:33 AM | Computer Name = acaveney | Source = MCUpdate | ID = 0
Description = 5:32:29 PM - Error connecting to the internet. 5:32:29 PM - Unable
to contact server..

Error - 12/20/2010 2:29:40 AM | Computer Name = acaveney | Source = MCUpdate | ID = 0
Description = 5:29:40 PM - Error connecting to the internet. 5:29:40 PM - Unable
to contact server..

Error - 12/20/2010 2:29:46 AM | Computer Name = acaveney | Source = MCUpdate | ID = 0
Description = 5:29:45 PM - Error connecting to the internet. 5:29:45 PM - Unable
to contact server..

Error - 12/25/2010 12:17:58 PM | Computer Name = acaveney | Source = MCUpdate | ID = 0
Description = 3:17:57 AM - Error connecting to the internet. 3:17:57 AM - Unable
to contact server..

Error - 12/25/2010 1:18:06 PM | Computer Name = acaveney | Source = MCUpdate | ID = 0
Description = 4:18:05 AM - Error connecting to the internet. 4:18:05 AM - Unable
to contact server..

Error - 12/25/2010 2:18:14 PM | Computer Name = acaveney | Source = MCUpdate | ID = 0
Description = 5:18:13 AM - Error connecting to the internet. 5:18:13 AM - Unable
to contact server..

Error - 12/25/2010 3:18:22 PM | Computer Name = acaveney | Source = MCUpdate | ID = 0
Description = 6:18:21 AM - Error connecting to the internet. 6:18:21 AM - Unable
to contact server..

Error - 1/5/2011 10:31:39 PM | Computer Name = acaveney | Source = MCUpdate | ID = 0
Description = 1:31:39 PM - Failed to retrieve Directory (Error: The operation has
timed out)

[ System Events ]
Error - 2/15/2011 11:43:24 PM | Computer Name = acaveney | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/15/2011 11:55:59 PM | Computer Name = acaveney | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/16/2011 12:30:10 AM | Computer Name = acaveney | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 2/16/2011 12:30:14 AM | Computer Name = acaveney | Source = Service Control Manager | ID = 7000
Description = The Agere Modem Call Progress Audio service failed to start due to
the following error: %%2

Error - 2/16/2011 12:36:31 AM | Computer Name = acaveney | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/16/2011 12:48:08 AM | Computer Name = acaveney | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/16/2011 12:51:27 AM | Computer Name = acaveney | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 2/16/2011 12:51:28 AM | Computer Name = acaveney | Source = Microsoft-Windows-Kernel-Power | ID = 88
Description = The system was hibernated due to a critical thermal event. Hibernate
Time = 2011-02-16T04:51:28.685219500Z ACPI Thermal Zone = ACPI\ThermalZone\THRM

_HOT = 373K

Error - 2/16/2011 12:51:30 AM | Computer Name = acaveney | Source = Microsoft-Windows-Kernel-Power | ID = 88
Description = The system was hibernated due to a critical thermal event. Hibernate
Time = 2011-02-16T04:51:30.720050200Z ACPI Thermal Zone = ACPI\ThermalZone\THRM

_HOT = 373K

Error - 2/16/2011 12:51:32 AM | Computer Name = acaveney | Source = Service Control Manager | ID = 7000
Description = The Agere Modem Call Progress Audio service failed to start due to
the following error: %%2

< End of report >

Broni · Feb 16, 2011

You didn't say:

How is computer doing?

==========================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

======================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
IE - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
IE - HKU\S-1-5-21-3017484975-2806290812-2973588613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15442&l=dis
[2010/03/10 01:47:21 | 000,002,424 | ---- | M] () -- C:\Users\a.caveney\AppData\Roaming\Mozilla\Firefox\Profiles\swy5a2zf.defaul t\searchplugins\askcom.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - Startup: C:\Users\a.caveney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[1 C:\Users\a.caveney\Documents\*.tmp files -> C:\Users\a.caveney\Documents\*.tmp -> ]
[2010/10/23 11:03:08 | 000,000,200 | ---- | C] () -- C:\Users\a.caveney\AppData\Roaming\35095.bat
[2010/07/19 16:14:00 | 000,000,000 | ---- | C] () -- C:\Users\a.caveney\AppData\Local\Vwagezezocoh.bin
[2011/01/03 21:30:35 | 000,000,000 | ---D | M] -- C:\Users\a.caveney\AppData\Roaming\AVG10
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

========================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

stoot64 · Feb 16, 2011

Sorry, it;s running fine. All the problems (mostly concerning firefox) have gone. It is over heating a bit, but I don't think that's a virus.

Broni · Feb 16, 2011

Good news

It is over heating a bit

I suggest, you start new topic in appropriate forum, when we're done here.

Broni · Feb 21, 2011

Are you still out there?

Inactive New here, need help with rootkit thing

Posts: 11 +0

Posts: 56,041 +516

Posts: 11 +0

Posts: 56,041 +516

Posts: 11 +0

Posts: 56,041 +516

Posts: 11 +0

Posts: 11 +0

Posts: 56,041 +516

Posts: 11 +0

Posts: 56,041 +516

Posts: 11 +0

Posts: 56,041 +516

Posts: 11 +0

Posts: 11 +0

Posts: 11 +0

Posts: 56,041 +516

Posts: 11 +0

Posts: 56,041 +516

Posts: 56,041 +516

Similar threads