Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Please help with Hijacked Internet Browser

Started by Richard C , Jun 27 2010 05:07 PM

Please log in to reply

#1
Richard C

Posted 27 June 2010 - 05:07 PM

Member

Member
21 posts

Hello, I'm new to the site and was hoping someone would help me. Yesterday my friend stumbled across a website that I think may have been compromised. A popup looking like a fake virus scan sofware came up and I think he clicked on something in the menu. Ever since, my internet and computer seems slower, and internet explorer redirects me to websites that have nothing to do with what Im search for, and sometimes leads to websites with other malware. I use Avast Antivirus, but I guess it did not catch it in time and it does not identify any threats with a full scan. Please help. I dont want my information or identity to be stolen.

I have just installed malwarebytes but dont know how to use it.

Thanks in advance.

#2
RKinner

Posted 27 June 2010 - 09:15 PM

Malware Expert

Expert
24,625 posts

Do as much of

http://www.geekstogo...uide-t2852.html

as you can. If a step won't work, skip to the next one. Copy and paste your gmer, mbam, otl, & extras logs into a reply. Do not attach them.

If you lose internet access after running MBAM or if you are not able to get to the downloads:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Ron

#3
Richard C

Posted 28 June 2010 - 12:38 AM

Member

Topic Starter
Member
21 posts

Thank you for your help. Yes I have all but one of the logs requested, my computer crashes whenever I use gmer, so I dont have a log for that. Here are the rest:

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4248

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/27/2010 11:05:44 PM
mbam-log-2010-06-27 (23-05-44).txt

Scan type: Quick scan
Objects scanned: 130436
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL Log:

OTL logfile created on: 6/27/2010 11:19:38 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Richard Cantu\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.00 Gb Total Space | 54.30 Gb Free Space | 40.52% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.69 Gb Free Space | 71.28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICHARDCANTU-PC
Current User Name: Richard Cantu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/27 23:19:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Richard Cantu\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/07 05:36:10 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/05/07 05:36:08 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/05/06 13:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/04/08 09:14:20 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/03/13 18:16:01 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009/07/10 13:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/10/28 20:14:40 | 000,229,376 | ---- | M] (TODO: <Company name>) -- C:\Windows\System32\TestUnitReady.exe
PRC - [2008/10/27 10:20:16 | 002,179,072 | ---- | M] () -- C:\Windows\System32\MediaButtons.exe
PRC - [2008/08/26 04:57:46 | 006,246,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/08/26 04:57:44 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/07/17 10:16:28 | 000,065,536 | ---- | M] () -- C:\Windows\System32\WinService.exe
PRC - [2008/03/04 08:37:18 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\DELL\DellComms\bin\sprtsvc.exe

========== Modules (SafeList) ==========

MOD - [2010/06/27 23:19:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Richard Cantu\Desktop\OTL.exe
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (DockLoginService)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/07 05:36:10 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/02/27 04:00:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008/11/11 12:20:06 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/26 04:57:44 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/07/17 10:16:28 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WinService.exe -- (DELLODDSrv)
SRV - [2008/03/04 08:37:18 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms)

========== Driver Services (SafeList) ==========

DRV - [2010/06/27 19:24:03 | 000,338,944 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2010/05/06 13:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 13:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 13:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 13:34:10 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/05/06 13:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/04 13:42:58 | 000,277,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/12/11 00:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/23 19:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/07/13 18:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 18:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 18:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 18:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 18:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 18:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 18:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 18:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 18:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 18:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 18:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 18:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 18:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 18:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 18:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 18:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 18:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 18:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 18:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 18:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 18:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 18:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 18:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 18:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 18:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 18:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 18:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 18:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 18:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 18:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 18:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 18:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 18:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 18:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 17:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 17:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 17:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 16:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 16:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 16:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 16:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 16:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 16:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 16:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 16:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 16:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 16:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 16:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 16:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 16:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 16:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 15:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 15:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 15:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 15:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 15:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 15:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 15:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 15:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/03/26 08:00:02 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009/03/06 09:06:02 | 000,140,800 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/08/26 04:57:48 | 002,153,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/08 04:29:38 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/04/16 02:37:44 | 000,014,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DLACPI.sys -- (DLXPDisplayName)
DRV - [2007/04/03 14:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 13:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 13:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616obex.sys -- (s616obex)
DRV - [2007/04/03 13:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 13:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/04/03 13:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...amp;ibd=2081111
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/13 18:16:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/06 19:20:04 | 000,000,000 | ---D | M]

[2010/01/23 15:56:54 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Mozilla\Extensions
[2010/01/23 15:56:54 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mystery%20Case%20Files%20-%20Ravenhearst/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Richard Cantu\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Richard Cantu\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{62b4f543-1a8b-11de-a02d-00217039dfcd}\Shell - "" = AutoRun
O33 - MountPoints2\{62b4f543-1a8b-11de-a02d-00217039dfcd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{eeab9cb0-54c3-11df-ac65-00217039dfcd}\Shell - "" = AutoRun
O33 - MountPoints2\{eeab9cb0-54c3-11df-ac65-00217039dfcd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 19:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/27 23:19:02 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Richard Cantu\Desktop\OTL.exe
[2010/06/27 15:57:26 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Roaming\Malwarebytes
[2010/06/27 15:57:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/27 15:57:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/27 15:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/27 15:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/27 10:40:18 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Roaming\SUPERAntiSpyware.com
[2010/06/26 21:18:52 | 000,000,000 | ---D | C] -- C:\Program Files\SpyNoMore
[2010/06/26 20:23:24 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/06/26 20:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/06/26 19:42:58 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Roaming\Registry Mechanic
[2010/06/26 16:22:35 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Local\{1F4C84B1-98F3-45F3-B02B-D27F28541F9E}
[2010/06/21 12:45:48 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Roaming\Big Fish Games
[2010/06/21 00:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mystery Case Files - Dire Grove
[2010/06/20 17:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/20 17:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/13 14:09:29 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/06/10 06:28:37 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2010/06/10 06:28:37 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2010/06/10 06:28:36 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2010/06/10 06:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/05/29 15:46:04 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\Documents\My Aion
[2010/05/23 16:49:57 | 000,000,000 | ---D | C] -- C:\Intel
[2010/05/08 17:35:55 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Local\PMB Files
[2010/05/08 17:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/05/08 17:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/05/01 21:08:30 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Local\assembly
[2010/05/01 21:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\NCsoft
[2010/05/01 20:58:28 | 000,000,000 | -HSD | C] -- C:\Users\Richard Cantu\AppData\Roaming\.#
[2010/05/01 20:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2010/04/02 21:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/02 21:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

========== Files - Modified Within 90 Days ==========

[2010/06/27 23:20:13 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/27 23:20:13 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/27 23:19:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Richard Cantu\Desktop\OTL.exe
[2010/06/27 23:13:54 | 004,194,304 | ---- | M] () -- C:\Users\Richard Cantu\ntuser.dat
[2010/06/27 23:12:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/27 23:12:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/27 23:12:07 | 343,862,743 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/27 23:12:06 | 2610,307,072 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/27 23:08:38 | 000,284,915 | ---- | M] () -- C:\Users\Richard Cantu\Desktop\gmer.zip
[2010/06/27 22:30:14 | 001,648,193 | -H-- | M] () -- C:\Users\Richard Cantu\AppData\Local\IconCache.db
[2010/06/27 21:40:09 | 000,524,288 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{11f8eb3a-826d-11df-9767-00217039dfcd}.TMContainer00000000000000000002.regtrans-ms
[2010/06/27 21:40:09 | 000,524,288 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{11f8eb3a-826d-11df-9767-00217039dfcd}.TMContainer00000000000000000001.regtrans-ms
[2010/06/27 21:40:09 | 000,065,536 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{11f8eb3a-826d-11df-9767-00217039dfcd}.TM.blf
[2010/06/27 19:25:18 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/27 19:24:03 | 000,338,944 | ---- | M] () -- C:\Windows\System32\drivers\afd.sys
[2010/06/27 15:57:22 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/26 21:18:59 | 000,001,152 | ---- | M] () -- C:\Windows\System32\windrv.sys
[2010/06/26 21:18:53 | 000,000,951 | ---- | M] () -- C:\Users\Richard Cantu\Desktop\SpyNoMore.lnk
[2010/06/26 20:23:23 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/06/26 20:00:38 | 000,524,288 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{063bf69b-8194-11df-bb9a-00217039dfcd}.TMContainer00000000000000000002.regtrans-ms
[2010/06/26 20:00:38 | 000,524,288 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{063bf69b-8194-11df-bb9a-00217039dfcd}.TMContainer00000000000000000001.regtrans-ms
[2010/06/26 20:00:38 | 000,065,536 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{063bf69b-8194-11df-bb9a-00217039dfcd}.TM.blf
[2010/06/26 19:43:02 | 004,718,592 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat.rmbak
[2010/06/26 17:44:30 | 000,524,288 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{ca4c658f-8182-11df-ba90-00217039dfcd}.TMContainer00000000000000000002.regtrans-ms
[2010/06/26 17:44:30 | 000,524,288 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{ca4c658f-8182-11df-ba90-00217039dfcd}.TMContainer00000000000000000001.regtrans-ms
[2010/06/26 17:44:30 | 000,065,536 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{ca4c658f-8182-11df-ba90-00217039dfcd}.TM.blf
[2010/06/26 16:22:37 | 000,000,120 | ---- | M] () -- C:\Users\Richard Cantu\AppData\Local\Elinikehejonuquc.dat
[2010/06/26 16:22:37 | 000,000,000 | ---- | M] () -- C:\Users\Richard Cantu\AppData\Local\Xyilujec.bin
[2010/06/21 13:23:43 | 000,001,158 | ---- | M] () -- C:\Users\Richard Cantu\Desktop\Mystery Case Files - Ravenhearst.lnk
[2010/06/21 00:32:00 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Mystery Case Files - Dire Grove.lnk
[2010/06/20 23:32:00 | 000,001,895 | ---- | M] () -- C:\Users\Richard Cantu\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/06/20 23:32:00 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/06/20 17:20:40 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/14 21:39:39 | 000,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/14 21:39:39 | 000,618,026 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/14 21:39:39 | 000,104,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/10 06:28:37 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2010/06/09 03:21:28 | 000,419,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/01 23:17:18 | 000,000,050 | ---- | M] () -- C:\Windows\cdplayer.ini
[2010/05/23 18:15:24 | 000,000,000 | -H-- | M] () -- C:\Users\Richard Cantu\Documents\Default.rdp
[2010/05/10 17:44:53 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/06 13:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/06 13:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/06 13:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/06 13:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/06 13:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/06 13:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/14 09:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr

========== Files Created - No Company Name ==========

[2010/06/27 23:12:07 | 343,862,743 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/06/27 23:08:35 | 000,284,915 | ---- | C] () -- C:\Users\Richard Cantu\Desktop\gmer.zip
[2010/06/27 21:35:09 | 000,524,288 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{11f8eb3a-826d-11df-9767-00217039dfcd}.TMContainer00000000000000000002.regtrans-ms
[2010/06/27 21:35:09 | 000,524,288 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{11f8eb3a-826d-11df-9767-00217039dfcd}.TMContainer00000000000000000001.regtrans-ms
[2010/06/27 21:35:09 | 000,065,536 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{11f8eb3a-826d-11df-9767-00217039dfcd}.TM.blf
[2010/06/27 15:57:22 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/27 11:48:11 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/26 21:18:59 | 000,001,152 | ---- | C] () -- C:\Windows\System32\windrv.sys
[2010/06/26 21:18:53 | 000,000,951 | ---- | C] () -- C:\Users\Richard Cantu\Desktop\SpyNoMore.lnk
[2010/06/26 19:44:18 | 000,524,288 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{063bf69b-8194-11df-bb9a-00217039dfcd}.TMContainer00000000000000000002.regtrans-ms
[2010/06/26 19:44:18 | 000,524,288 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{063bf69b-8194-11df-bb9a-00217039dfcd}.TMContainer00000000000000000001.regtrans-ms
[2010/06/26 19:44:18 | 000,065,536 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{063bf69b-8194-11df-bb9a-00217039dfcd}.TM.blf
[2010/06/26 19:42:53 | 000,000,000 | -HS- | C] () -- C:\Users\Richard Cantu\S-1-5-21-47504490-1602177544-3041905625-1000.rrr.LOG2
[2010/06/26 19:42:53 | 000,000,000 | -HS- | C] () -- C:\Users\Richard Cantu\S-1-5-21-47504490-1602177544-3041905625-1000.rrr.LOG1
[2010/06/26 17:33:48 | 000,524,288 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{ca4c658f-8182-11df-ba90-00217039dfcd}.TMContainer00000000000000000002.regtrans-ms
[2010/06/26 17:33:48 | 000,524,288 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{ca4c658f-8182-11df-ba90-00217039dfcd}.TMContainer00000000000000000001.regtrans-ms
[2010/06/26 17:33:48 | 000,065,536 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{ca4c658f-8182-11df-ba90-00217039dfcd}.TM.blf
[2010/06/26 16:22:37 | 000,000,120 | ---- | C] () -- C:\Users\Richard Cantu\AppData\Local\Elinikehejonuquc.dat
[2010/06/26 16:22:37 | 000,000,000 | ---- | C] () -- C:\Users\Richard Cantu\AppData\Local\Xyilujec.bin
[2010/06/21 13:23:43 | 000,001,158 | ---- | C] () -- C:\Users\Richard Cantu\Desktop\Mystery Case Files - Ravenhearst.lnk
[2010/06/21 00:32:00 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Mystery Case Files - Dire Grove.lnk
[2010/06/20 23:32:00 | 000,001,895 | ---- | C] () -- C:\Users\Richard Cantu\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/06/20 23:32:00 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/06/20 17:20:40 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/01 23:16:42 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/05/23 18:15:24 | 000,000,000 | -H-- | C] () -- C:\Users\Richard Cantu\Documents\Default.rdp
[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/26 22:38:11 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 16:12:38 | 000,338,944 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2009/06/14 16:23:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/11/11 13:40:50 | 000,014,392 | ---- | C] () -- C:\Windows\System32\drivers\DLACPI.sys

========== LOP Check ==========

[2010/05/02 00:25:20 | 000,000,000 | -HSD | M] -- C:\Users\Richard Cantu\AppData\Roaming\.#
[2009/10/26 19:40:43 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Amazon
[2010/06/21 12:45:48 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Big Fish Games
[2010/06/06 08:05:45 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\GetRightToGo
[2009/10/26 19:40:45 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\JGoodies
[2010/06/26 19:42:58 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Registry Mechanic
[2009/08/24 14:23:19 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Skinux
[2009/12/26 17:47:43 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Sony
[2009/12/26 17:46:10 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Sony Setup
[2009/10/26 19:41:12 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\SpinTop
[2010/01/23 15:56:53 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\TomTom
[2010/06/27 19:25:18 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/05/29 08:47:43 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 14:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 18:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/10/26 20:17:16 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 14:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/11/11 13:41:04 | 000,004,459 | RH-- | M] () -- C:\dell.sdr
[2010/06/27 23:12:06 | 2610,307,072 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/27 23:12:07 | 3480,412,160 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/10/20 18:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2009/06/22 19:58:20 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2009/07/13 18:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzppw71.dll
[2009/07/13 18:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 18:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 18:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/13 18:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/07/13 18:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/07/13 18:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/13 18:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/13 18:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:61A3E318
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D31BE97C

< End of report >

Extras Log:

OTL Extras logfile created on: 6/27/2010 11:19:38 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Richard Cantu\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.00 Gb Total Space | 54.30 Gb Free Space | 40.52% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.69 Gb Free Space | 71.28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICHARDCANTU-PC
Current User Name: Richard Cantu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{148DB7A0-BCA6-47DF-A715-DD01F9266478}" = MediaButtons 5.0.0.1T4
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BB0BDFF-E193-42A0-90BE-2D59441E51D2}" = F2200
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{351DE0AB-7787-4497-9A7A-4AA9E3A4E290}" = Dell Communications
"{3690900F-85EA-447F-BAD1-5CA25AA9B627}" = HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C222566F-1C50-4ECD-A01E-77F9C4B95458}" = DJ_AIO_03_F2200_Software_Min
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"avast5" = avast! Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files ®: Dire Grove ™
"BFG-Mystery Case Files - Madame Fate" = Mystery Case Files: Madame Fate (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free RAR Extract Frog" = Free RAR Extract Frog
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mystery Case Files - Ravenhearst" = Mystery Case Files - Ravenhearst
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 9.0
"Shop for HP Supplies" = Shop for HP Supplies
"SpyNoMore" = SpyNoMore 2.97
"TomTom HOME" = TomTom HOME 2.7.4.1962
"TVWiz" = Intel® TV Wizard

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

I have also tried TDSS Killer:

19:22:45:631 1360 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
19:22:45:631 1360 ================================================================================
19:22:45:631 1360 SystemInfo:

19:22:45:631 1360 OS Version: 6.1.7600 ServicePack: 0.0
19:22:45:631 1360 Product type: Workstation
19:22:45:631 1360 ComputerName: RICHARDCANTU-PC
19:22:45:647 1360 UserName: Richard Cantu
19:22:45:647 1360 Windows directory: C:\Windows
19:22:45:647 1360 Processor architecture: Intel x86
19:22:45:647 1360 Number of processors: 2
19:22:45:647 1360 Page size: 0x1000
19:22:45:647 1360 Boot type: Normal boot
19:22:45:647 1360 ================================================================================
19:22:45:974 1360 Initialize success
19:22:45:974 1360
19:22:45:974 1360 Scanning Services ...
19:22:47:004 1360 Raw services enum returned 470 services
19:22:47:019 1360
19:22:47:019 1360 Scanning Drivers ...
19:22:47:799 1360 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
19:22:47:831 1360 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
19:22:47:862 1360 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
19:22:47:893 1360 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:22:47:909 1360 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:22:47:940 1360 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:22:47:971 1360 AFD (5a2309f168dd6b30f96824511a13a60b) C:\Windows\system32\drivers\afd.sys
19:22:47:971 1360 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 5a2309f168dd6b30f96824511a13a60b, Fake md5: ddc040fdb01ef1712a6b13e52afb104c
19:22:47:971 1360 File "C:\Windows\system32\drivers\afd.sys" infected by TDSS rootkit ... 19:22:48:392 1360 Backup copy not found, trying to cure infected file..
19:22:48:392 1360 Cure success, using it..
19:22:48:392 1360 will be cured on next reboot
19:22:48:533 1360 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
19:22:48:579 1360 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:22:48:611 1360 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
19:22:48:642 1360 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
19:22:48:673 1360 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
19:22:48:720 1360 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:22:48:751 1360 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:22:48:767 1360 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
19:22:48:813 1360 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:22:48:845 1360 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
19:22:48:860 1360 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
19:22:48:876 1360 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:22:48:923 1360 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:22:48:954 1360 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:\Windows\system32\drivers\aswFsBlk.sys
19:22:48:969 1360 aswMonFlt (58254e06b36b984e33ae314c0ea8f1a5) C:\Windows\system32\drivers\aswMonFlt.sys
19:22:49:032 1360 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:\Windows\system32\drivers\aswRdr.sys
19:22:49:063 1360 aswSP (d78b644816db540e103d0b0766fd9967) C:\Windows\system32\drivers\aswSP.sys
19:22:49:094 1360 aswTdi (606d731008d98b6ef946730c597c1642) C:\Windows\system32\drivers\aswTdi.sys
19:22:49:110 1360 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:22:49:157 1360 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
19:22:49:203 1360 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:22:49:250 1360 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:22:49:281 1360 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:22:49:297 1360 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:22:49:328 1360 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
19:22:49:344 1360 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:22:49:359 1360 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:22:49:391 1360 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:22:49:422 1360 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:22:49:453 1360 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:22:49:469 1360 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:22:49:500 1360 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:22:49:515 1360 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:22:49:547 1360 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
19:22:49:578 1360 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:22:49:625 1360 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:22:49:656 1360 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:22:49:687 1360 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
19:22:49:718 1360 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
19:22:49:749 1360 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:22:49:781 1360 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:22:49:796 1360 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:22:49:843 1360 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
19:22:49:874 1360 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:22:49:890 1360 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:22:49:937 1360 DLXPDisplayName (251be1d81cecb8a3aef509631ea40522) C:\Windows\system32\DRIVERS\DLACPI.sys
19:22:49:983 1360 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
19:22:50:015 1360 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:22:50:030 1360 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
19:22:50:077 1360 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:22:50:124 1360 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
19:22:50:483 1360 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:22:50:623 1360 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:22:50:654 1360 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
19:22:50:670 1360 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:22:50:701 1360 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:22:50:717 1360 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:22:50:748 1360 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:22:50:763 1360 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:22:50:795 1360 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:22:50:826 1360 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:22:50:857 1360 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:22:50:904 1360 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:22:50:935 1360 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
19:22:50:966 1360 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:22:51:013 1360 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:22:51:044 1360 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:22:51:075 1360 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:22:51:107 1360 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:22:51:122 1360 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:22:51:153 1360 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:22:51:185 1360 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
19:22:51:200 1360 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:22:51:247 1360 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
19:22:51:294 1360 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
19:22:51:309 1360 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
19:22:51:341 1360 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
19:22:51:512 1360 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:22:51:653 1360 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:22:51:777 1360 IntcAzAudAddService (32abc54d0dde1a8885c9439537dd3bad) C:\Windows\system32\drivers\RTKVHDA.sys
19:22:51:824 1360 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
19:22:51:840 1360 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:22:51:871 1360 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:22:51:918 1360 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:22:51:933 1360 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:22:51:965 1360 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:22:51:980 1360 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
19:22:52:011 1360 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
19:22:52:043 1360 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:22:52:074 1360 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
19:22:52:105 1360 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
19:22:52:152 1360 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
19:22:52:183 1360 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
19:22:52:245 1360 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
19:22:52:261 1360 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:22:52:277 1360 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:22:52:308 1360 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:22:52:323 1360 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:22:52:355 1360 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:22:52:370 1360 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:22:52:401 1360 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:22:52:433 1360 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:22:52:464 1360 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:22:52:511 1360 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:22:52:526 1360 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
19:22:52:542 1360 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:22:52:573 1360 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
19:22:52:604 1360 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
19:22:52:635 1360 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:22:52:651 1360 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
19:22:52:682 1360 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:22:52:713 1360 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:22:52:760 1360 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:22:52:807 1360 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
19:22:52:823 1360 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
19:22:52:854 1360 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:22:52:901 1360 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:22:52:932 1360 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
19:22:52:963 1360 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:22:52:994 1360 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:22:53:025 1360 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:22:53:057 1360 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:22:53:072 1360 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
19:22:53:088 1360 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:22:53:103 1360 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:22:53:119 1360 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:22:53:181 1360 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:22:53:228 1360 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
19:22:53:291 1360 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:22:53:322 1360 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:22:53:337 1360 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
19:22:53:384 1360 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
19:22:53:415 1360 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
19:22:53:431 1360 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:22:53:462 1360 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
19:22:53:493 1360 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:22:53:525 1360 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:22:53:540 1360 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:22:53:603 1360 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
19:22:53:665 1360 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:22:53:696 1360 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
19:22:53:727 1360 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
19:22:53:774 1360 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
19:22:53:790 1360 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
19:22:53:821 1360 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:22:53:852 1360 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
19:22:53:883 1360 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:22:53:915 1360 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
19:22:53:977 1360 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
19:22:54:008 1360 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:22:54:039 1360 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:22:54:086 1360 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:22:54:117 1360 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:22:54:149 1360 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:22:54:180 1360 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:22:54:211 1360 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
19:22:54:273 1360 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:22:54:336 1360 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:22:54:367 1360 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:22:54:398 1360 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:22:54:429 1360 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:22:54:445 1360 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:22:54:461 1360 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:22:54:492 1360 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:22:54:523 1360 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
19:22:54:554 1360 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:22:54:570 1360 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:22:54:585 1360 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:22:54:617 1360 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:22:54:632 1360 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
19:22:54:663 1360 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
19:22:54:679 1360 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:22:54:726 1360 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
19:22:54:773 1360 RTL8169 (912c0a8c7e9b2467cf6dae1b64b72779) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:22:54:804 1360 RtNdPt60 (7f8d15ee000577be703537849d4f9397) C:\Windows\system32\DRIVERS\RtNdPt60.sys
19:22:54:835 1360 RTSTOR (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
19:22:54:882 1360 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys
19:22:54:913 1360 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys
19:22:54:975 1360 s616bus (ef4b5a8d53f15cb269469dd4e4bb0109) C:\Windows\system32\DRIVERS\s616bus.sys
19:22:55:022 1360 s616mdfl (96187731eefcf83e844bc1ce6617aaeb) C:\Windows\system32\DRIVERS\s616mdfl.sys
19:22:55:069 1360 s616mdm (d2dd87368bfecfa099e50dc120f3f513) C:\Windows\system32\DRIVERS\s616mdm.sys
19:22:55:100 1360 s616mgmt (5f0be24e4d4fa134b0b2fef35d3a9d90) C:\Windows\system32\DRIVERS\s616mgmt.sys
19:22:55:147 1360 s616nd5 (b9b507fcc67e204ef38e05ffd4176345) C:\Windows\system32\DRIVERS\s616nd5.sys
19:22:55:178 1360 s616obex (f123a1f2a04a0e8dba80b64f0072475a) C:\Windows\system32\DRIVERS\s616obex.sys
19:22:55:209 1360 s616unic (e7e55048ebd5c17bfa791b4a6ec3d54b) C:\Windows\system32\DRIVERS\s616unic.sys
19:22:55:287 1360 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:22:55:303 1360 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:22:55:350 1360 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
19:22:55:381 1360 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
19:22:55:397 1360 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:22:55:631 1360 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:22:55:662 1360 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:22:55:677 1360 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:22:55:709 1360 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
19:22:55:740 1360 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:22:55:755 1360 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:22:55:787 1360 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:22:55:802 1360 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
19:22:55:833 1360 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:22:55:865 1360 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:22:55:880 1360 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:22:55:911 1360 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:22:55:958 1360 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
19:22:56:005 1360 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
19:22:56:036 1360 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
19:22:56:067 1360 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:22:56:083 1360 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
19:22:56:145 1360 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
19:22:56:239 1360 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
19:22:56:286 1360 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
19:22:56:301 1360 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
19:22:56:317 1360 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
19:22:56:333 1360 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
19:22:56:348 1360 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
19:22:56:379 1360 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:22:56:411 1360 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
19:22:56:426 1360 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:22:56:457 1360 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
19:22:56:489 1360 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:22:56:520 1360 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
19:22:56:551 1360 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:22:56:598 1360 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
19:22:56:613 1360 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
19:22:56:645 1360 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
19:22:56:676 1360 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
19:22:56:707 1360 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
19:22:56:723 1360 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
19:22:56:754 1360 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:22:56:785 1360 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
19:22:56:816 1360 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:22:56:847 1360 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
19:22:56:863 1360 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:22:56:894 1360 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:22:56:925 1360 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:22:56:957 1360 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
19:22:56:972 1360 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
19:22:57:019 1360 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:22:57:035 1360 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
19:22:57:066 1360 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
19:22:57:097 1360 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:22:57:144 1360 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
19:22:57:191 1360 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:22:57:222 1360 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
19:22:57:253 1360 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:22:57:284 1360 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
19:22:57:284 1360 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
19:22:57:315 1360 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:22:57:347 1360 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:22:57:378 1360 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:22:57:409 1360 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:22:57:456 1360 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
19:22:57:487 1360 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:22:57:518 1360 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:22:57:534 1360 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
19:22:57:565 1360 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:22:57:581 1360 Reboot required for cure complete..
19:22:57:877 1360 Cure on reboot scheduled successfully
19:22:57:877 1360
19:22:57:877 1360 Completed
19:22:57:877 1360
19:22:57:877 1360 Results:
19:22:57:877 1360 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:22:57:877 1360 File objects infected / cured / cured on reboot: 1 / 0 / 1
19:22:57:877 1360
19:22:57:893 1360 KLMD(ARK) unloaded successfully

I hope I provided sufficient info. Thanks again.

#4
Richard C

Posted 28 June 2010 - 12:49 AM

Member

Topic Starter
Member
21 posts

I was able to complete the gmer scan successfully. Here is the log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-27 23:48:00
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\RICHAR~1\AppData\Local\Temp\kxtcipod.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E29AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E29104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E293F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E122D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E11898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E291DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E29958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E296F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E29F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2A1A8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x913E0AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x913E08EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x913E0A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E89599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EADF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!ZwLoadDriver 82FE7279 7 Bytes JMP 913E0A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8304EFA7 5 Bytes JMP 913DC536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 83068CA7 5 Bytes JMP 913DDF28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 83076D23 7 Bytes JMP 913E08EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 83120EAA 7 Bytes JMP 913E0ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text peauth.sys 9B636C9D 28 Bytes [55, 2F, 3C, 66, C7, 9B, 93, ...]
.text peauth.sys 9B636CC1 28 Bytes [55, 2F, 3C, 66, C7, 9B, 93, ...]
PAGE peauth.sys 9B63CB9B 72 Bytes [CE, 15, 30, 3A, 28, 64, 90, ...]
PAGE peauth.sys 9B63CBEC 43 Bytes [A7, 9A, 63, 9F, C8, B7, 9C, ...]
PAGE peauth.sys 9B63CC18 67 Bytes [AB, E5, CF, 44, 15, 9E, F4, ...]
PAGE ...

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#5
RKinner

Posted 28 June 2010 - 01:38 AM

Malware Expert

Expert
24,625 posts

Copy the text between the lines of stars by highlighting and Ctrl + c
********************************************************************************

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. found

:Files
C:\Users\Richard Cantu\AppData\Local\Elinikehejonuquc.dat
C:\Users\Richard Cantu\AppData\Local\Xyilujec.bin

:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL (right click and Run As Administrator) and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again (right click and Run As Administrator) and click the Quick Scan button. Post the log it produces in your next reply.

Run Malwarebytes' Anti-Malware

* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Right click on george and Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Rerun TDSSKiller. IT found something the first time but said it need a reboot to fix it.

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

OTL Log
MBAM log
Combofix log
TDSSKiller log

Ron

PS Going to bed now.

Edited by RKinner, 28 June 2010 - 01:39 AM.

#6
Richard C

Posted 28 June 2010 - 03:27 AM

Member

Topic Starter
Member
21 posts

Hi Ron, here are the logs requested:

OTL Log:

OTL logfile created on: 6/28/2010 12:56:25 AM - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Richard Cantu\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.00 Gb Total Space | 54.32 Gb Free Space | 40.53% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.69 Gb Free Space | 71.28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICHARDCANTU-PC
Current User Name: Richard Cantu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/27 23:19:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Richard Cantu\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/07 05:36:10 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/05/07 05:36:08 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/05/06 13:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/04/08 09:14:20 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/03/13 18:16:01 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/10 13:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/10/28 20:14:40 | 000,229,376 | ---- | M] (TODO: <Company name>) -- C:\Windows\System32\TestUnitReady.exe
PRC - [2008/10/27 10:20:16 | 002,179,072 | ---- | M] () -- C:\Windows\System32\MediaButtons.exe
PRC - [2008/08/26 04:57:46 | 006,246,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/08/26 04:57:44 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/07/17 10:16:28 | 000,065,536 | ---- | M] () -- C:\Windows\System32\WinService.exe
PRC - [2008/03/04 08:37:18 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\DELL\DellComms\bin\sprtsvc.exe

========== Modules (SafeList) ==========

MOD - [2010/06/27 23:19:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Richard Cantu\Desktop\OTL.exe
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (DockLoginService)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/07 05:36:10 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/02/27 04:00:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008/11/11 12:20:06 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/26 04:57:44 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/07/17 10:16:28 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WinService.exe -- (DELLODDSrv)
SRV - [2008/03/04 08:37:18 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms)

========== Driver Services (SafeList) ==========

DRV - [2010/06/27 19:24:03 | 000,338,944 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2010/05/06 13:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 13:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 13:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 13:34:10 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/05/06 13:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/04 13:42:58 | 000,277,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/12/11 00:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/23 19:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/07/13 18:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 18:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 18:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 18:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 18:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 18:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 18:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 18:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 18:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 18:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 18:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 18:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 18:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 18:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 18:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 18:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 18:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 18:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 18:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 18:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 18:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 18:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 18:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 18:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 18:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 18:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 18:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 18:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 18:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 18:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 18:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 18:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 18:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 18:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 17:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 17:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 17:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 16:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 16:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 16:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 16:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 16:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 16:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 16:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 16:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 16:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 16:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 16:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 16:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 16:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 16:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 15:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 15:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 15:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 15:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 15:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 15:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 15:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 15:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/03/26 08:00:02 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009/03/06 09:06:02 | 000,140,800 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/08/26 04:57:48 | 002,153,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/08 04:29:38 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/04/16 02:37:44 | 000,014,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DLACPI.sys -- (DLXPDisplayName)
DRV - [2007/04/03 14:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 13:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 13:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616obex.sys -- (s616obex)
DRV - [2007/04/03 13:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 13:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/04/03 13:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...amp;ibd=2081111
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/13 18:16:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/06 19:20:04 | 000,000,000 | ---D | M]

[2010/01/23 15:56:54 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Mozilla\Extensions
[2010/01/23 15:56:54 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2010/06/28 00:52:10 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mystery%20Case%20Files%20-%20Ravenhearst/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Richard Cantu\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Richard Cantu\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{62b4f543-1a8b-11de-a02d-00217039dfcd}\Shell - "" = AutoRun
O33 - MountPoints2\{62b4f543-1a8b-11de-a02d-00217039dfcd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{eeab9cb0-54c3-11df-ac65-00217039dfcd}\Shell - "" = AutoRun
O33 - MountPoints2\{eeab9cb0-54c3-11df-ac65-00217039dfcd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/28 00:52:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/27 23:39:54 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\Desktop\gmer
[2010/06/27 23:19:02 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Richard Cantu\Desktop\OTL.exe
[2010/06/27 15:57:26 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Roaming\Malwarebytes
[2010/06/27 15:57:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/27 15:57:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/27 15:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/27 15:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/27 10:40:18 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Roaming\SUPERAntiSpyware.com
[2010/06/26 21:18:52 | 000,000,000 | ---D | C] -- C:\Program Files\SpyNoMore
[2010/06/26 20:23:24 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/06/26 20:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/06/26 19:42:58 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Roaming\Registry Mechanic
[2010/06/26 16:22:35 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Local\{1F4C84B1-98F3-45F3-B02B-D27F28541F9E}
[2010/06/21 12:45:48 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Roaming\Big Fish Games
[2010/06/21 00:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mystery Case Files - Dire Grove
[2010/06/20 17:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/20 17:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/13 14:09:29 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/06/10 06:28:37 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2010/06/10 06:28:37 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2010/06/10 06:28:36 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2010/06/10 06:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/05/29 15:46:04 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\Documents\My Aion
[2010/05/23 16:49:57 | 000,000,000 | ---D | C] -- C:\Intel
[2010/05/08 17:35:55 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Local\PMB Files
[2010/05/08 17:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/05/08 17:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/05/01 21:08:30 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Local\assembly
[2010/05/01 21:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\NCsoft
[2010/05/01 20:58:28 | 000,000,000 | -HSD | C] -- C:\Users\Richard Cantu\AppData\Roaming\.#
[2010/05/01 20:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2010/04/02 21:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/02 21:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

========== Files - Modified Within 90 Days ==========

[2010/06/28 00:54:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/28 00:54:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/28 00:54:23 | 2610,307,072 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/28 00:53:33 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/28 00:53:33 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/28 00:53:29 | 004,194,304 | ---- | M] () -- C:\Users\Richard Cantu\ntuser.dat
[2010/06/28 00:52:10 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/06/27 23:53:14 | 001,649,489 | -H-- | M] () -- C:\Users\Richard Cantu\AppData\Local\IconCache.db
[2010/06/27 23:19:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Richard Cantu\Desktop\OTL.exe
[2010/06/27 23:12:07 | 343,862,743 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/27 23:08:38 | 000,284,915 | ---- | M] () -- C:\Users\Richard Cantu\Desktop\gmer.zip
[2010/06/27 21:40:09 | 000,524,288 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{11f8eb3a-826d-11df-9767-00217039dfcd}.TMContainer00000000000000000002.regtrans-ms
[2010/06/27 21:40:09 | 000,524,288 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{11f8eb3a-826d-11df-9767-00217039dfcd}.TMContainer00000000000000000001.regtrans-ms
[2010/06/27 21:40:09 | 000,065,536 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{11f8eb3a-826d-11df-9767-00217039dfcd}.TM.blf
[2010/06/27 19:25:18 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/27 19:24:03 | 000,338,944 | ---- | M] () -- C:\Windows\System32\drivers\afd.sys
[2010/06/27 15:57:22 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/26 21:18:59 | 000,001,152 | ---- | M] () -- C:\Windows\System32\windrv.sys
[2010/06/26 21:18:53 | 000,000,951 | ---- | M] () -- C:\Users\Richard Cantu\Desktop\SpyNoMore.lnk
[2010/06/26 20:23:23 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/06/26 20:00:38 | 000,524,288 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{063bf69b-8194-11df-bb9a-00217039dfcd}.TMContainer00000000000000000002.regtrans-ms
[2010/06/26 20:00:38 | 000,524,288 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{063bf69b-8194-11df-bb9a-00217039dfcd}.TMContainer00000000000000000001.regtrans-ms
[2010/06/26 20:00:38 | 000,065,536 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{063bf69b-8194-11df-bb9a-00217039dfcd}.TM.blf
[2010/06/26 19:43:02 | 004,718,592 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat.rmbak
[2010/06/26 17:44:30 | 000,524,288 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{ca4c658f-8182-11df-ba90-00217039dfcd}.TMContainer00000000000000000002.regtrans-ms
[2010/06/26 17:44:30 | 000,524,288 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{ca4c658f-8182-11df-ba90-00217039dfcd}.TMContainer00000000000000000001.regtrans-ms
[2010/06/26 17:44:30 | 000,065,536 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{ca4c658f-8182-11df-ba90-00217039dfcd}.TM.blf
[2010/06/21 13:23:43 | 000,001,158 | ---- | M] () -- C:\Users\Richard Cantu\Desktop\Mystery Case Files - Ravenhearst.lnk
[2010/06/21 00:32:00 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Mystery Case Files - Dire Grove.lnk
[2010/06/20 23:32:00 | 000,001,895 | ---- | M] () -- C:\Users\Richard Cantu\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/06/20 23:32:00 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/06/20 17:20:40 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/14 21:39:39 | 000,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/14 21:39:39 | 000,618,026 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/14 21:39:39 | 000,104,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/10 06:28:37 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2010/06/09 03:21:28 | 000,419,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/01 23:17:18 | 000,000,050 | ---- | M] () -- C:\Windows\cdplayer.ini
[2010/05/23 18:15:24 | 000,000,000 | -H-- | M] () -- C:\Users\Richard Cantu\Documents\Default.rdp
[2010/05/10 17:44:53 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/06 13:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/06 13:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/06 13:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/06 13:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/06 13:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/06 13:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/14 09:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr

========== Files Created - No Company Name ==========

[2010/06/27 23:12:07 | 343,862,743 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/06/27 23:08:35 | 000,284,915 | ---- | C] () -- C:\Users\Richard Cantu\Desktop\gmer.zip
[2010/06/27 21:35:09 | 000,524,288 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{11f8eb3a-826d-11df-9767-00217039dfcd}.TMContainer00000000000000000002.regtrans-ms
[2010/06/27 21:35:09 | 000,524,288 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{11f8eb3a-826d-11df-9767-00217039dfcd}.TMContainer00000000000000000001.regtrans-ms
[2010/06/27 21:35:09 | 000,065,536 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{11f8eb3a-826d-11df-9767-00217039dfcd}.TM.blf
[2010/06/27 15:57:22 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/27 11:48:11 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/26 21:18:59 | 000,001,152 | ---- | C] () -- C:\Windows\System32\windrv.sys
[2010/06/26 21:18:53 | 000,000,951 | ---- | C] () -- C:\Users\Richard Cantu\Desktop\SpyNoMore.lnk
[2010/06/26 19:44:18 | 000,524,288 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{063bf69b-8194-11df-bb9a-00217039dfcd}.TMContainer00000000000000000002.regtrans-ms
[2010/06/26 19:44:18 | 000,524,288 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{063bf69b-8194-11df-bb9a-00217039dfcd}.TMContainer00000000000000000001.regtrans-ms
[2010/06/26 19:44:18 | 000,065,536 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{063bf69b-8194-11df-bb9a-00217039dfcd}.TM.blf
[2010/06/26 19:42:53 | 000,000,000 | -HS- | C] () -- C:\Users\Richard Cantu\S-1-5-21-47504490-1602177544-3041905625-1000.rrr.LOG2
[2010/06/26 19:42:53 | 000,000,000 | -HS- | C] () -- C:\Users\Richard Cantu\S-1-5-21-47504490-1602177544-3041905625-1000.rrr.LOG1
[2010/06/26 17:33:48 | 000,524,288 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{ca4c658f-8182-11df-ba90-00217039dfcd}.TMContainer00000000000000000002.regtrans-ms
[2010/06/26 17:33:48 | 000,524,288 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{ca4c658f-8182-11df-ba90-00217039dfcd}.TMContainer00000000000000000001.regtrans-ms
[2010/06/26 17:33:48 | 000,065,536 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{ca4c658f-8182-11df-ba90-00217039dfcd}.TM.blf
[2010/06/21 13:23:43 | 000,001,158 | ---- | C] () -- C:\Users\Richard Cantu\Desktop\Mystery Case Files - Ravenhearst.lnk
[2010/06/21 00:32:00 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Mystery Case Files - Dire Grove.lnk
[2010/06/20 23:32:00 | 000,001,895 | ---- | C] () -- C:\Users\Richard Cantu\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/06/20 23:32:00 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/06/20 17:20:40 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/01 23:16:42 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/05/23 18:15:24 | 000,000,000 | -H-- | C] () -- C:\Users\Richard Cantu\Documents\Default.rdp
[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/26 22:38:11 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 16:12:38 | 000,338,944 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2009/06/14 16:23:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/11/11 13:40:50 | 000,014,392 | ---- | C] () -- C:\Windows\System32\drivers\DLACPI.sys

========== LOP Check ==========

[2010/05/02 00:25:20 | 000,000,000 | -HSD | M] -- C:\Users\Richard Cantu\AppData\Roaming\.#
[2009/10/26 19:40:43 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Amazon
[2010/06/21 12:45:48 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Big Fish Games
[2010/06/06 08:05:45 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\GetRightToGo
[2009/10/26 19:40:45 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\JGoodies
[2010/06/26 19:42:58 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Registry Mechanic
[2009/08/24 14:23:19 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Skinux
[2009/12/26 17:47:43 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Sony
[2009/12/26 17:46:10 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Sony Setup
[2009/10/26 19:41:12 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\SpinTop
[2010/01/23 15:56:53 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\TomTom
[2010/06/27 19:25:18 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/05/29 08:47:43 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:61A3E318
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D31BE97C
< End of report >

Malwarebytes Log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4248

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/28/2010 1:50:31 AM
mbam-log-2010-06-28 (01-50-31).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 234605
Time elapsed: 49 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix Log:

ComboFix 10-06-27.04 - Richard Cantu 06/28/2010 2:08.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3319.2122 [GMT -7:00]
Running from: c:\users\Richard Cantu\Desktop\George.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Richard Cantu\AppData\Local\{1F4C84B1-98F3-45F3-B02B-D27F28541F9E}
c:\users\Richard Cantu\AppData\Local\{1F4C84B1-98F3-45F3-B02B-D27F28541F9E}\chrome\content\overlay.xul
c:\users\Richard Cantu\AppData\Local\{1F4C84B1-98F3-45F3-B02B-D27F28541F9E}\install.rdf
c:\users\Richard Cantu\AppData\Roaming\.#
c:\windows\xpsp1hfm.log

----- BITS: Possible infected sites -----

hxxp://cagcdn.sonycreativesoftware.com
hxxp://www.dellcomms.dellfix.com
.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-28 )))))))))))))))))))))))))))))))
.

2010-06-28 09:14 . 2010-06-28 09:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-28 09:14 . 2010-06-28 09:14 -------- d-----w- c:\users\Richard Cantu\AppData\Local\temp
2010-06-28 07:52 . 2010-06-28 07:52 -------- d-----w- C:\_OTL
2010-06-27 22:57 . 2010-06-27 22:57 -------- d-----w- c:\users\Richard Cantu\AppData\Roaming\Malwarebytes
2010-06-27 22:57 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-27 22:57 . 2010-06-27 22:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-27 22:57 . 2010-06-27 22:57 -------- d-----w- c:\programdata\Malwarebytes
2010-06-27 22:57 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-27 17:40 . 2010-06-27 17:40 63488 ----a-w- c:\users\Richard Cantu\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-27 17:40 . 2010-06-27 17:40 52224 ----a-w- c:\users\Richard Cantu\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-27 17:40 . 2010-06-27 17:40 117760 ----a-w- c:\users\Richard Cantu\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-27 17:40 . 2010-06-27 17:40 -------- d-----w- c:\users\Richard Cantu\AppData\Roaming\SUPERAntiSpyware.com
2010-06-27 04:18 . 2010-06-27 04:18 1152 ----a-w- c:\windows\system32\windrv.sys
2010-06-27 04:18 . 2010-06-28 00:30 -------- d-----w- c:\program files\SpyNoMore
2010-06-27 03:23 . 2010-06-27 03:23 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-27 03:20 . 2010-06-28 02:29 -------- d-----w- c:\programdata\Lavasoft
2010-06-27 02:42 . 2010-06-27 02:42 -------- d-----w- c:\users\Richard Cantu\AppData\Roaming\Registry Mechanic
2010-06-24 07:43 . 2009-11-25 19:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 07:43 . 2009-11-25 19:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 07:43 . 2009-11-25 19:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 07:43 . 2009-11-25 19:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 07:43 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-21 19:45 . 2010-06-21 19:45 -------- d-----w- c:\users\Richard Cantu\AppData\Roaming\Big Fish Games
2010-06-21 07:30 . 2010-06-21 07:32 -------- d-----w- c:\program files\Mystery Case Files - Dire Grove
2010-06-21 00:20 . 2010-06-21 00:20 -------- d-----w- c:\program files\iPod
2010-06-21 00:18 . 2010-06-21 00:18 -------- d-----w- c:\program files\Bonjour
2010-06-21 00:10 . 2010-06-21 00:10 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-13 21:09 . 2010-06-13 21:09 -------- d-sh--w- c:\windows\ftpcache
2010-06-10 13:28 . 2010-06-10 13:28 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-09 02:55 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 02:55 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 02:55 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 02:43 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 02:43 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 02:24 . 2009-07-13 23:12 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2010-06-22 03:02 . 2010-03-30 01:00 439816 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\setup.exe
2010-06-21 20:28 . 2009-04-12 23:43 -------- d-----w- c:\program files\Mystery Case Files - Madame Fate
2010-06-21 20:25 . 2009-04-13 00:19 -------- d-----w- c:\program files\Mystery Case Files - Ravenhearst
2010-06-21 06:32 . 2009-04-12 23:42 -------- d-----w- c:\program files\bfgclient
2010-06-21 00:20 . 2009-03-27 04:52 -------- d-----w- c:\program files\iTunes
2010-06-21 00:20 . 2009-03-27 04:48 -------- d-----w- c:\program files\Common Files\Apple
2010-06-09 10:05 . 2009-03-27 13:14 -------- d-----w- c:\programdata\Microsoft Help
2010-06-08 14:14 . 2009-04-26 23:00 -------- d-----w- c:\users\Richard Cantu\AppData\Roaming\U3
2010-06-06 15:05 . 2009-10-24 06:02 -------- d-----w- c:\users\Richard Cantu\AppData\Roaming\GetRightToGo
2010-06-05 01:49 . 2009-03-27 13:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 11:34 . 2009-12-05 17:12 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-06-03 11:34 . 2010-05-19 02:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-05-27 01:24 . 2009-12-05 17:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-05-27 01:23 . 2009-10-27 04:14 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-05-27 01:23 . 2010-05-27 01:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-05-27 01:23 . 2009-11-08 11:55 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-05-24 05:28 . 2008-11-11 19:02 -------- d-----w- c:\program files\DELL
2010-05-23 23:47 . 2009-03-29 02:53 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-05-23 00:32 . 2009-09-03 04:08 -------- d-----w- c:\program files\Yahoo!
2010-05-21 21:14 . 2009-10-06 02:57 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-13 06:00 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-09 00:36 . 2010-05-09 00:35 -------- d-----w- c:\programdata\PMB Files
2010-05-09 00:35 . 2010-05-09 00:35 -------- d-----w- c:\program files\Pando Networks
2010-05-08 02:59 . 2010-05-08 02:59 20854256 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\rp\RealPlayerSPGold.exe
2010-05-06 20:59 . 2009-03-27 04:09 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2009-03-27 04:09 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2009-03-27 04:09 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2009-03-27 04:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:34 . 2009-03-27 04:09 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-06 20:33 . 2009-03-27 04:09 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-02 07:27 . 2010-05-02 04:00 -------- d-----w- c:\program files\NCsoft
2010-05-02 04:08 . 2008-11-11 19:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-02 03:58 . 2010-05-02 03:58 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-04-24 01:59 . 2009-10-27 04:15 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-04-23 07:13 . 2010-05-25 18:11 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-20 03:47 . 2010-04-20 03:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-20 03:47 . 2010-04-20 03:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-14 16:47 . 2009-03-27 04:09 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-05 19:49 . 2010-04-05 19:49 79368 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\RUP\vista.exe
2010-04-05 19:49 . 2010-04-05 19:49 64000 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gcapi_dll.dll
2010-04-05 19:49 . 2010-04-05 19:49 52288 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gtapi.dll
2010-04-05 19:49 . 2010-04-05 19:49 50688 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\fftbapi.dll
2010-04-05 19:49 . 2010-04-05 19:49 49152 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\CarboniteCompatibility.dll
2010-04-05 19:49 . 2010-04-05 19:49 118784 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\compat.dll
2010-04-01 13:16 . 2009-10-27 04:14 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-05-07 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-14 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-26 6246400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-04-08 104408]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-11 19:20 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellComms]
2008-03-04 15:37 202544 ----a-w- c:\program files\DELL\DellComms\bin\sprtcmd.exe

R2 DELLODDSrv;DELLODDSrv;c:\windows\System32\WinService.exe [2008-07-17 65536]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1343400]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-08-26 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-08 632792]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-05-08 27648]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files\Dell\DellComms\bin\sprtsvc.exe [2008-03-04 202544]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-05-07 92008]
S3 DLXPDisplayName;DLXPDisplayName;c:\windows\system32\DRIVERS\DLACPI.sys [2008-04-16 14392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
AddRemove-SpyNoMore - c:\program files\SpyNoMore\uninst.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-06-28 02:17:43
ComboFix-quarantined-files.txt 2010-06-28 09:17

Pre-Run: 58,225,401,856 bytes free
Post-Run: 58,141,863,936 bytes free

- - End Of File - - 8A71C7D61884FD9286E7F0B875627C53

TDSS Log:

02:20:47:406 5816 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
02:20:47:406 5816 ================================================================================
02:20:47:406 5816 SystemInfo:

02:20:47:406 5816 OS Version: 6.1.7600 ServicePack: 0.0
02:20:47:406 5816 Product type: Workstation
02:20:47:406 5816 ComputerName: RICHARDCANTU-PC
02:20:47:406 5816 UserName: Richard Cantu
02:20:47:406 5816 Windows directory: C:\Windows
02:20:47:406 5816 Processor architecture: Intel x86
02:20:47:406 5816 Number of processors: 2
02:20:47:406 5816 Page size: 0x1000
02:20:47:406 5816 Boot type: Normal boot
02:20:47:406 5816 ================================================================================
02:20:47:718 5816 Initialize success
02:20:47:718 5816
02:20:47:718 5816 Scanning Services ...
02:20:48:685 5816 Raw services enum returned 468 services
02:20:48:701 5816
02:20:48:701 5816 Scanning Drivers ...
02:20:49:403 5816 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
02:20:49:450 5816 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
02:20:49:465 5816 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
02:20:49:496 5816 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
02:20:49:528 5816 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
02:20:49:543 5816 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
02:20:49:590 5816 AFD (f9703320c908bc65b920f6f56756e81e) C:\Windows\system32\drivers\afd.sys
02:20:49:621 5816 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
02:20:49:652 5816 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
02:20:49:684 5816 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
02:20:49:699 5816 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
02:20:49:746 5816 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
02:20:49:762 5816 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
02:20:49:824 5816 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
02:20:49:855 5816 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
02:20:49:871 5816 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
02:20:49:902 5816 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
02:20:49:964 5816 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
02:20:49:980 5816 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
02:20:50:027 5816 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
02:20:50:058 5816 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:\Windows\system32\drivers\aswFsBlk.sys
02:20:50:089 5816 aswMonFlt (58254e06b36b984e33ae314c0ea8f1a5) C:\Windows\system32\drivers\aswMonFlt.sys
02:20:50:105 5816 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:\Windows\system32\drivers\aswRdr.sys
02:20:50:136 5816 aswSP (d78b644816db540e103d0b0766fd9967) C:\Windows\system32\drivers\aswSP.sys
02:20:50:167 5816 aswTdi (606d731008d98b6ef946730c597c1642) C:\Windows\system32\drivers\aswTdi.sys
02:20:50:183 5816 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
02:20:50:230 5816 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
02:20:50:276 5816 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
02:20:50:323 5816 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
02:20:50:354 5816 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
02:20:50:370 5816 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
02:20:50:401 5816 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
02:20:50:417 5816 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:20:50:448 5816 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:20:50:495 5816 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
02:20:50:526 5816 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
02:20:50:557 5816 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:20:50:588 5816 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
02:20:50:604 5816 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
02:20:50:713 5816 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
02:20:50:744 5816 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
02:20:50:776 5816 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
02:20:50:822 5816 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
02:20:50:854 5816 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
02:20:50:869 5816 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
02:20:50:916 5816 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
02:20:50:947 5816 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
02:20:50:978 5816 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
02:20:50:994 5816 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
02:20:51:041 5816 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
02:20:51:056 5816 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
02:20:51:072 5816 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
02:20:51:119 5816 DLXPDisplayName (251be1d81cecb8a3aef509631ea40522) C:\Windows\system32\DRIVERS\DLACPI.sys
02:20:51:166 5816 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
02:20:51:197 5816 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
02:20:51:212 5816 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
02:20:51:259 5816 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
02:20:51:322 5816 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
02:20:51:478 5816 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
02:20:51:556 5816 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
02:20:51:571 5816 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
02:20:51:602 5816 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
02:20:51:634 5816 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
02:20:51:649 5816 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
02:20:51:680 5816 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
02:20:51:696 5816 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
02:20:51:727 5816 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
02:20:51:758 5816 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
02:20:51:790 5816 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
02:20:51:805 5816 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
02:20:51:836 5816 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
02:20:51:868 5816 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:20:51:914 5816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:20:51:946 5816 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
02:20:51:977 5816 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:20:52:008 5816 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
02:20:52:039 5816 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
02:20:52:070 5816 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
02:20:52:086 5816 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
02:20:52:133 5816 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
02:20:52:180 5816 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
02:20:52:226 5816 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
02:20:52:242 5816 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
02:20:52:273 5816 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
02:20:52:445 5816 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
02:20:52:492 5816 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
02:20:52:601 5816 IntcAzAudAddService (32abc54d0dde1a8885c9439537dd3bad) C:\Windows\system32\drivers\RTKVHDA.sys
02:20:52:663 5816 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
02:20:52:679 5816 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
02:20:52:710 5816 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:20:52:726 5816 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
02:20:52:757 5816 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
02:20:52:772 5816 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
02:20:52:804 5816 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
02:20:52:835 5816 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
02:20:52:850 5816 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
02:20:52:882 5816 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
02:20:52:913 5816 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
02:20:52:928 5816 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
02:20:52:991 5816 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
02:20:53:006 5816 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
02:20:53:038 5816 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:20:53:053 5816 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:20:53:069 5816 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:20:53:100 5816 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:20:53:116 5816 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
02:20:53:147 5816 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
02:20:53:178 5816 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
02:20:53:209 5816 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
02:20:53:256 5816 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
02:20:53:272 5816 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
02:20:53:287 5816 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
02:20:53:318 5816 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
02:20:53:334 5816 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
02:20:53:365 5816 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
02:20:53:396 5816 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
02:20:53:428 5816 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:20:53:459 5816 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:20:53:490 5816 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:20:53:537 5816 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
02:20:53:568 5816 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
02:20:53:599 5816 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
02:20:53:615 5816 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
02:20:53:646 5816 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
02:20:53:677 5816 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
02:20:53:693 5816 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
02:20:53:708 5816 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
02:20:53:740 5816 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
02:20:53:771 5816 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
02:20:53:802 5816 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
02:20:53:833 5816 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
02:20:53:849 5816 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
02:20:53:896 5816 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
02:20:53:942 5816 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
02:20:53:974 5816 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
02:20:53:989 5816 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
02:20:54:005 5816 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
02:20:54:052 5816 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
02:20:54:067 5816 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
02:20:54:098 5816 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
02:20:54:130 5816 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
02:20:54:161 5816 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
02:20:54:176 5816 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
02:20:54:192 5816 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
02:20:54:254 5816 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
02:20:54:301 5816 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
02:20:54:332 5816 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
02:20:54:348 5816 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
02:20:54:379 5816 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
02:20:54:410 5816 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
02:20:54:426 5816 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
02:20:54:457 5816 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
02:20:54:488 5816 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
02:20:54:520 5816 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
02:20:54:566 5816 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
02:20:54:598 5816 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
02:20:54:613 5816 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
02:20:54:660 5816 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
02:20:54:707 5816 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
02:20:54:738 5816 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
02:20:54:769 5816 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
02:20:54:800 5816 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
02:20:54:863 5816 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
02:20:54:910 5816 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
02:20:54:910 5816 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
02:20:54:941 5816 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
02:20:54:988 5816 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:20:55:003 5816 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:20:55:034 5816 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
02:20:55:050 5816 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
02:20:55:081 5816 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
02:20:55:112 5816 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
02:20:55:112 5816 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:20:55:144 5816 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
02:20:55:159 5816 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
02:20:55:190 5816 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
02:20:55:206 5816 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
02:20:55:237 5816 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
02:20:55:284 5816 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
02:20:55:331 5816 RTL8169 (912c0a8c7e9b2467cf6dae1b64b72779) C:\Windows\system32\DRIVERS\Rtlh86.sys
02:20:55:362 5816 RtNdPt60 (7f8d15ee000577be703537849d4f9397) C:\Windows\system32\DRIVERS\RtNdPt60.sys
02:20:55:378 5816 RTSTOR (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
02:20:55:424 5816 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys
02:20:55:456 5816 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys
02:20:55:502 5816 s616bus (ef4b5a8d53f15cb269469dd4e4bb0109) C:\Windows\system32\DRIVERS\s616bus.sys
02:20:55:518 5816 s616mdfl (96187731eefcf83e844bc1ce6617aaeb) C:\Windows\system32\DRIVERS\s616mdfl.sys
02:20:55:534 5816 s616mdm (d2dd87368bfecfa099e50dc120f3f513) C:\Windows\system32\DRIVERS\s616mdm.sys
02:20:55:580 5816 s616mgmt (5f0be24e4d4fa134b0b2fef35d3a9d90) C:\Windows\system32\DRIVERS\s616mgmt.sys
02:20:55:596 5816 s616nd5 (b9b507fcc67e204ef38e05ffd4176345) C:\Windows\system32\DRIVERS\s616nd5.sys
02:20:55:643 5816 s616obex (f123a1f2a04a0e8dba80b64f0072475a) C:\Windows\system32\DRIVERS\s616obex.sys
02:20:55:674 5816 s616unic (e7e55048ebd5c17bfa791b4a6ec3d54b) C:\Windows\system32\DRIVERS\s616unic.sys
02:20:55:721 5816 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
02:20:55:752 5816 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
02:20:55:783 5816 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
02:20:55:814 5816 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
02:20:55:830 5816 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
02:20:55:861 5816 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
02:20:55:892 5816 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
02:20:55:908 5816 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
02:20:55:939 5816 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
02:20:55:955 5816 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
02:20:55:986 5816 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
02:20:56:017 5816 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:20:56:048 5816 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
02:20:56:064 5816 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
02:20:56:095 5816 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
02:20:56:142 5816 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
02:20:56:189 5816 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
02:20:56:220 5816 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
02:20:56:251 5816 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
02:20:56:282 5816 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
02:20:56:345 5816 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
02:20:56:407 5816 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
02:20:56:438 5816 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
02:20:56:454 5816 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
02:20:56:470 5816 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
02:20:56:485 5816 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
02:20:56:501 5816 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
02:20:56:532 5816 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:20:56:548 5816 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
02:20:56:579 5816 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
02:20:56:610 5816 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
02:20:56:657 5816 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
02:20:56:704 5816 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
02:20:56:735 5816 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
02:20:56:766 5816 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
02:20:56:797 5816 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
02:20:56:813 5816 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
02:20:56:844 5816 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
02:20:56:875 5816 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
02:20:56:906 5816 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
02:20:56:922 5816 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
02:20:56:969 5816 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
02:20:57:000 5816 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:20:57:016 5816 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
02:20:57:047 5816 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
02:20:57:062 5816 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
02:20:57:078 5816 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
02:20:57:094 5816 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
02:20:57:125 5816 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
02:20:57:140 5816 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
02:20:57:156 5816 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
02:20:57:172 5816 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
02:20:57:203 5816 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
02:20:57:234 5816 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
02:20:57:265 5816 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
02:20:57:296 5816 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
02:20:57:312 5816 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
02:20:57:343 5816 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
02:20:57:343 5816 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
02:20:57:374 5816 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
02:20:57:406 5816 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
02:20:57:452 5816 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
02:20:57:484 5816 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
02:20:57:515 5816 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
02:20:57:530 5816 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
02:20:57:562 5816 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
02:20:57:593 5816 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
02:20:57:624 5816 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:20:57:624 5816
02:20:57:624 5816 Completed
02:20:57:624 5816
02:20:57:624 5816 Results:
02:20:57:624 5816 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
02:20:57:624 5816 File objects infected / cured / cured on reboot: 0 / 0 / 0
02:20:57:624 5816
02:20:57:640 5816 KLMD(ARK) unloaded successfully

Thank you!

#7
RKinner

Posted 28 June 2010 - 09:52 AM

Malware Expert

Expert
24,625 posts

Delete your old TDSSKiller and its log and run it again as follows

Go to this page and Download TDSSKiller.zip to your Desktop.
Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
Vista Start logo >All Programs> Accessories> RIGHT-click on Command Prompt and Select Run As Administrator. Copy/paste the following bolded command and hit Enter.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Are you still getting redirected?

Avast did not install correctly. Download a new copy and save it to your desktop, then uninstall the old one and reboot then install the new. Make sure you right click and Run As Administrator when you install it.

Ron

#8
Richard C

Posted 28 June 2010 - 10:56 AM

Member

Topic Starter
Member
21 posts

Hi Ron. Okay, I did like you asked, deleted the old TDSS killer, installed the new one to the desktop, extracted it to the desktop, ran the program as administrator, pasted the command provided. The log however was not saved to the desktop; it was saved under C:\. Here is the log:

TDSS Log:

09:15:03:048 5052 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
09:15:03:048 5052 ================================================================================
09:15:03:048 5052 SystemInfo:

09:15:03:048 5052 OS Version: 6.1.7600 ServicePack: 0.0
09:15:03:048 5052 Product type: Workstation
09:15:03:048 5052 ComputerName: RICHARDCANTU-PC
09:15:03:048 5052 UserName: Richard Cantu
09:15:03:048 5052 Windows directory: C:\Windows
09:15:03:064 5052 Processor architecture: Intel x86
09:15:03:064 5052 Number of processors: 2
09:15:03:064 5052 Page size: 0x1000
09:15:03:064 5052 Boot type: Normal boot
09:15:03:064 5052 ================================================================================
09:15:03:360 5052 Initialize success
09:15:03:360 5052
09:15:03:360 5052 Scanning Services ...
09:15:05:295 5052 Raw services enum returned 468 services
09:15:05:310 5052
09:15:05:310 5052 Scanning Drivers ...
09:15:06:293 5052 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
09:15:06:324 5052 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
09:15:06:355 5052 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
09:15:06:387 5052 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:15:06:433 5052 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:15:06:465 5052 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:15:06:511 5052 AFD (f9703320c908bc65b920f6f56756e81e) C:\Windows\system32\drivers\afd.sys
09:15:06:558 5052 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
09:15:06:589 5052 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:15:06:605 5052 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
09:15:06:636 5052 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
09:15:06:652 5052 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
09:15:06:683 5052 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:15:06:714 5052 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:15:06:730 5052 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
09:15:06:761 5052 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:15:06:792 5052 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
09:15:06:823 5052 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
09:15:06:839 5052 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:15:06:870 5052 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:15:06:886 5052 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:\Windows\system32\drivers\aswFsBlk.sys
09:15:06:917 5052 aswMonFlt (58254e06b36b984e33ae314c0ea8f1a5) C:\Windows\system32\drivers\aswMonFlt.sys
09:15:06:933 5052 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:\Windows\system32\drivers\aswRdr.sys
09:15:06:964 5052 aswSP (d78b644816db540e103d0b0766fd9967) C:\Windows\system32\drivers\aswSP.sys
09:15:06:995 5052 aswTdi (606d731008d98b6ef946730c597c1642) C:\Windows\system32\drivers\aswTdi.sys
09:15:07:026 5052 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:15:07:057 5052 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
09:15:07:104 5052 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:15:07:135 5052 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:15:07:167 5052 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:15:07:182 5052 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:15:07:213 5052 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
09:15:07:229 5052 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:15:07:245 5052 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:15:07:276 5052 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:15:07:291 5052 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:15:07:307 5052 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:15:07:338 5052 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:15:07:354 5052 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:15:07:479 5052 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:15:07:510 5052 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
09:15:07:541 5052 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:15:07:588 5052 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:15:07:619 5052 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:15:07:666 5052 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
09:15:07:759 5052 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
09:15:07:822 5052 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:15:07:853 5052 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:15:07:900 5052 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:15:07:931 5052 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
09:15:07:993 5052 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:15:08:040 5052 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:15:08:087 5052 DLXPDisplayName (251be1d81cecb8a3aef509631ea40522) C:\Windows\system32\DRIVERS\DLACPI.sys
09:15:08:134 5052 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
09:15:08:165 5052 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:15:08:181 5052 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
09:15:08:227 5052 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:15:08:290 5052 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
09:15:08:415 5052 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:15:08:555 5052 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:15:08:602 5052 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
09:15:08:633 5052 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:15:08:664 5052 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:15:08:695 5052 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:15:08:711 5052 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:15:08:742 5052 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:15:08:758 5052 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:15:08:789 5052 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:15:08:820 5052 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:15:08:836 5052 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
09:15:08:867 5052 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
09:15:08:898 5052 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:15:08:945 5052 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:15:08:976 5052 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:15:09:007 5052 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:15:09:039 5052 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:15:09:070 5052 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:15:09:101 5052 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:15:09:132 5052 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
09:15:09:148 5052 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
09:15:09:195 5052 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
09:15:09:226 5052 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
09:15:09:241 5052 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
09:15:09:273 5052 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
09:15:09:444 5052 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:15:09:585 5052 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:15:09:694 5052 IntcAzAudAddService (32abc54d0dde1a8885c9439537dd3bad) C:\Windows\system32\drivers\RTKVHDA.sys
09:15:09:756 5052 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
09:15:09:772 5052 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:15:09:803 5052 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:15:09:819 5052 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:15:09:850 5052 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:15:09:881 5052 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:15:09:912 5052 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
09:15:09:943 5052 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
09:15:09:975 5052 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:15:09:990 5052 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
09:15:10:021 5052 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
09:15:10:068 5052 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
09:15:10:115 5052 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
09:15:10:146 5052 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:15:10:177 5052 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:15:10:209 5052 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:15:10:224 5052 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:15:10:255 5052 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:15:10:287 5052 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:15:10:302 5052 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:15:10:333 5052 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:15:10:365 5052 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:15:10:411 5052 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:15:10:443 5052 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
09:15:10:458 5052 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:15:10:505 5052 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
09:15:10:536 5052 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
09:15:10:552 5052 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:15:10:599 5052 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
09:15:10:630 5052 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:15:10:661 5052 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:15:10:723 5052 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:15:10:770 5052 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
09:15:10:833 5052 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
09:15:10:864 5052 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:15:10:895 5052 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:15:10:926 5052 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
09:15:10:973 5052 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:15:11:020 5052 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:15:11:035 5052 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:15:11:067 5052 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:15:11:082 5052 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
09:15:11:129 5052 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:15:11:160 5052 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:15:11:191 5052 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:15:11:223 5052 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:15:11:269 5052 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
09:15:11:332 5052 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:15:11:363 5052 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:15:11:379 5052 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
09:15:11:410 5052 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
09:15:11:425 5052 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
09:15:11:457 5052 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:15:11:488 5052 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
09:15:11:519 5052 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:15:11:535 5052 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:15:11:550 5052 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:15:11:613 5052 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
09:15:11:691 5052 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:15:11:722 5052 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
09:15:11:769 5052 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
09:15:11:815 5052 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
09:15:11:831 5052 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
09:15:11:862 5052 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:15:11:893 5052 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
09:15:11:925 5052 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:15:11:956 5052 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
09:15:12:018 5052 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
09:15:12:065 5052 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:15:12:096 5052 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:15:12:127 5052 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:15:12:159 5052 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:15:12:174 5052 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:15:12:190 5052 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:15:12:237 5052 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
09:15:12:299 5052 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:15:12:377 5052 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:15:12:408 5052 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:15:12:424 5052 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:15:12:471 5052 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:15:12:502 5052 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:15:12:517 5052 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:15:12:549 5052 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:15:12:580 5052 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
09:15:12:611 5052 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:15:12:627 5052 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:15:12:642 5052 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:15:12:658 5052 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:15:12:689 5052 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
09:15:12:705 5052 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
09:15:12:736 5052 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:15:12:814 5052 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
09:15:12:845 5052 RTL8169 (912c0a8c7e9b2467cf6dae1b64b72779) C:\Windows\system32\DRIVERS\Rtlh86.sys
09:15:12:907 5052 RtNdPt60 (7f8d15ee000577be703537849d4f9397) C:\Windows\system32\DRIVERS\RtNdPt60.sys
09:15:12:923 5052 RTSTOR (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
09:15:12:970 5052 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys
09:15:13:017 5052 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys
09:15:13:063 5052 s616bus (ef4b5a8d53f15cb269469dd4e4bb0109) C:\Windows\system32\DRIVERS\s616bus.sys
09:15:13:079 5052 s616mdfl (96187731eefcf83e844bc1ce6617aaeb) C:\Windows\system32\DRIVERS\s616mdfl.sys
09:15:13:110 5052 s616mdm (d2dd87368bfecfa099e50dc120f3f513) C:\Windows\system32\DRIVERS\s616mdm.sys
09:15:13:157 5052 s616mgmt (5f0be24e4d4fa134b0b2fef35d3a9d90) C:\Windows\system32\DRIVERS\s616mgmt.sys
09:15:13:219 5052 s616nd5 (b9b507fcc67e204ef38e05ffd4176345) C:\Windows\system32\DRIVERS\s616nd5.sys
09:15:13:251 5052 s616obex (f123a1f2a04a0e8dba80b64f0072475a) C:\Windows\system32\DRIVERS\s616obex.sys
09:15:13:297 5052 s616unic (e7e55048ebd5c17bfa791b4a6ec3d54b) C:\Windows\system32\DRIVERS\s616unic.sys
09:15:13:344 5052 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
09:15:13:375 5052 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
09:15:13:407 5052 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:15:13:438 5052 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:15:13:453 5052 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:15:13:485 5052 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:15:13:516 5052 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
09:15:13:531 5052 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:15:13:563 5052 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:15:13:578 5052 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:15:13:609 5052 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
09:15:13:641 5052 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:15:13:656 5052 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:15:13:687 5052 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:15:13:703 5052 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:15:13:765 5052 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
09:15:13:797 5052 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
09:15:13:843 5052 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
09:15:13:859 5052 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:15:13:906 5052 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
09:15:13:984 5052 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
09:15:14:077 5052 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
09:15:14:140 5052 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
09:15:14:187 5052 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
09:15:14:202 5052 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
09:15:14:233 5052 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
09:15:14:249 5052 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
09:15:14:265 5052 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:15:14:296 5052 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
09:15:14:327 5052 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:15:14:358 5052 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
09:15:14:389 5052 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
09:15:14:421 5052 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
09:15:14:452 5052 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:15:14:499 5052 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
09:15:14:530 5052 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
09:15:14:545 5052 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
09:15:14:577 5052 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
09:15:14:608 5052 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
09:15:14:639 5052 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
09:15:14:655 5052 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:15:14:686 5052 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
09:15:14:717 5052 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:15:14:748 5052 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
09:15:14:779 5052 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
09:15:14:795 5052 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:15:14:826 5052 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:15:14:857 5052 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
09:15:14:873 5052 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
09:15:14:904 5052 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:15:14:920 5052 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
09:15:14:951 5052 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
09:15:14:967 5052 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:15:15:013 5052 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
09:15:15:060 5052 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:15:15:076 5052 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
09:15:15:107 5052 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:15:15:138 5052 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
09:15:15:154 5052 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
09:15:15:169 5052 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:15:15:216 5052 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:15:15:247 5052 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:15:15:279 5052 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:15:15:310 5052 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
09:15:15:341 5052 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:15:15:372 5052 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:15:15:388 5052 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
09:15:15:419 5052 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:15:15:435 5052
09:15:15:435 5052 Completed
09:15:15:435 5052
09:15:15:435 5052 Results:
09:15:15:435 5052 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
09:15:15:435 5052 File objects infected / cured / cured on reboot: 0 / 0 / 0
09:15:15:435 5052
09:15:15:435 5052 KLMD(ARK) unloaded successfully

I also uninstalled avast like you asked and reinstalled according to your instructions.

The redirecting seems to have stopped, I am currently testing out the IE browser and I havent' had any redirecting problems thus far.

My concern now is that avast is recognizing 3 infected files. I have attached the scan results in the image attached.
Does this mean I am still infected although the redirecting has stopped? Please let me know if you cannot view the image.

Thank you.

Attached Thumbnails

#9
RKinner

Posted 28 June 2010 - 12:34 PM

Malware Expert

Expert
24,625 posts

afd.sys is an important file. The backup file is also on the bad list so if you quarantine it you may not be able to get on the internet.

Try and submit the file to http://virustotal.com

Go to the site, hit the Browse button and paste in

c:\windows\system32\drivers\afd.sys

Open then Submit.

We can also look with otl.

Copy the next 3 lines:

/md5start
afd.sys
/md5stop

Run OTL, paste the above into the Custom Scan box then hit Quick Scan. Post the log you get.

The file might also be replaced if you update windows to the latest Service Pack.

Ron

#10
Richard C

Posted 28 June 2010 - 01:08 PM

Member

Topic Starter
Member
21 posts

Hi Ron, here is the virustotal log:

Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.06.28 -
AhnLab-V3 2010.06.27.01 2010.06.27 -
AntiVir 8.2.4.2 2010.06.28 -
Antiy-AVL 2.0.3.7 2010.06.25 -
Authentium 5.2.0.5 2010.06.28 -
Avast 4.8.1351.0 2010.06.28 Win32:Alureon-FZ
Avast5 5.0.332.0 2010.06.28 Win32:Alureon-FZ
AVG 9.0.0.836 2010.06.28 -
BitDefender 7.2 2010.06.28 -
CAT-QuickHeal 10.00 2010.06.28 -
ClamAV 0.96.0.3-git 2010.06.28 -
Comodo 5246 2010.06.28 -
DrWeb 5.0.2.03300 2010.06.28 -
eSafe 7.0.17.0 2010.06.28 -
eTrust-Vet 36.1.7671 2010.06.28 -
F-Prot 4.6.1.107 2010.06.28 -
F-Secure 9.0.15370.0 2010.06.28 -
Fortinet 4.1.133.0 2010.06.27 -
GData 21 2010.06.28 Win32:Alureon-FZ
Ikarus T3.1.1.84.0 2010.06.28 -
Jiangmin 13.0.900 2010.06.27 -
Kaspersky 7.0.0.125 2010.06.28 -
McAfee 5.400.0.1158 2010.06.28 -
McAfee-GW-Edition 2010.1 2010.06.28 -
Microsoft 1.5902 2010.06.28 -
NOD32 5235 2010.06.28 -
Norman 6.05.10 2010.06.28 -
nProtect 2010-06-28.01 2010.06.28 -
Panda 10.0.2.7 2010.06.28 -
PCTools 7.0.3.5 2010.06.28 -
Rising 22.54.00.04 2010.06.28 -
Sophos 4.54.0 2010.06.28 -
Sunbelt 6517 2010.06.28 -
Symantec 20101.1.0.89 2010.06.28 -
TheHacker 6.5.2.0.304 2010.06.28 -
TrendMicro 9.120.0.1004 2010.06.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.28 -
VBA32 3.12.12.5 2010.06.28 -
ViRobot 2010.6.26.3907 2010.06.26 -
VirusBuster 5.0.27.0 2010.06.28 -
Additional information
File size: 338944 bytes
MD5...: f9703320c908bc65b920f6f56756e81e
SHA1..: 4dc468a4b1a17f22dd915a6bb67b329d09325354
SHA256: 00de8359bfa0c376b521aaf584496cd89a929a017d7e8a96184d2a2999b8a330
ssdeep: 6144:KK49enPKqKGP9wqIEhDAep/gEubrw4pmDh9jNfQJR/1l+7UuWNKH/jzIRkQ
MdWim:0enPKqKGFwdEXpYrVpmt9jy1l+7xWsHK

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4463d
timedatestamp.....: 0x4a5bbf62 (Mon Jul 13 23:12:34 2009)
machinetype.......: 0x14c (I386)

( 11 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xd334 0xd400 6.54 e490490e1f6787ceda5e88a80594ce53
.rdata 0xf000 0x1dc4 0x1e00 4.74 7bb77796ce888f4afefd5393c0ecf4c2
.data 0x11000 0xf20 0x200 2.65 e67dae562ade022d37496fd2a1bad6bc
PAGE 0x12000 0xe880 0xea00 6.56 ebc84cf440e7b83d1719c483a38dd628
PAGEAFD 0x21000 0x1a567 0x1a600 6.59 ce2142154e720af5b9cc61f0a91c5dff
PAGESAN 0x3c000 0x27b6 0x2800 6.45 4e9fc4604fc354b5f57761342cb72c8b
PAGEWTDI 0x3f000 0x3812 0x3a00 6.35 a10c45aa54c24b22d6c893798e3d0838
PAGEDAT1 0x43000 0x188 0x200 2.43 a58042d421e9ca264508b55a6523abcc
INIT 0x44000 0x3098 0x3200 6.08 8c30738aa9465ec65a3bbc11e367b93b
.rsrc 0x48000 0xd710 0xd800 3.92 102fea9158544271792f48783f8d279b
.reloc 0x56000 0x341c 0x3600 6.71 0e9f4ec2a54d174035c39a38393eaacc

( 5 imports )
> ntoskrnl.exe: memcpy, KeResetEvent, KeWaitForSingleObject, KeInitializeEvent, memset, ObDereferenceSecurityDescriptor, IoFreeIrp, PsReturnPoolQuota, IoCreateFile, PsChargeProcessPoolQuota, RtlCopyUnicodeString, ExAllocatePoolWithTagPriority, RtlCompareUnicodeString, MmResetDriverPaging, ExAcquireResourceExclusiveLite, ExReleaseResourceLite, EtwWriteTransfer, PsGetCurrentProcessId, EtwActivityIdControl, MmSizeOfMdl, MmBuildMdlForNonPagedPool, IoInitializeIrp, ExRaiseStatus, PsGetProcessExitTime, IoSetIoCompletion, SeUnlockSubjectContext, SeFreePrivileges, SeAppendPrivileges, SeAccessCheck, SeLockSubjectContext, RtlMapGenericMask, IoGetFileObjectGenericMapping, ObLogSecurityDescriptor, SeAssignSecurity, RtlEqualString, RtlInitString, IoAllocateIrp, IoBuildDeviceIoControlRequest, KeSetEvent, ProbeForWrite, ExEventObjectType, ExGetPreviousMode, ExRaiseAccessViolation, ExInitializeResourceLite, ExDeleteResourceLite, ZwOpenKey, ZwCreateKey, ZwQueryValueKey, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, SeExports, ObReleaseObjectSecurity, SeSetSecurityDescriptorInfo, ExAllocatePoolWithTag, RtlLengthSecurityDescriptor, RtlSetDaclSecurityDescriptor, ObGetObjectSecurity, IoDeleteDevice, ExDeleteNPagedLookasideList, ExUnregisterCallback, IoQueueWorkItem, ZwNotifyChangeKey, IoFreeWorkItem, ExInitializeNPagedLookasideList, IoAllocateWorkItem, IoCreateDevice, MmUserProbeAddress, KeLeaveCriticalRegion, KeEnterCriticalRegion, KePulseEvent, MmAdvanceMdl, DbgPrint, ExInterlockedFlushSList, KeFlushQueuedDpcs, _aulldiv, KeSetCoalescableTimer, KeInitializeDpc, KeInitializeTimer, MmLockPagableDataSection, ObCloseHandle, SeDeleteAccessState, SeCreateAccessState, SeQuerySecurityDescriptorInfo, KeReadStateEvent, MmUnlockPagableImageSection, KeRemoveQueueDpc, KeCancelTimer, _alldiv, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, _allmul, KeInitializeTimerEx, ExAcquireResourceSharedLite, KeSetTimer, PsGetCurrentProcess, MmUnmapLockedPages, FsRtlMdlReadComplete, IoCancelIrp, KeDetachProcess, FsRtlMdlRead, KeAttachProcess, IoGetRequestorProcess, FsRtlCopyRead, IoQueryFileInformation, _aullrem, ObFindHandleForObject, ObOpenObjectByName, ObGetObjectType, MmSystemRangeStart, IoThreadToProcess, KeQueryActiveProcessorCountEx, IoReuseIrp, RtlIntegerToUnicode, ObReferenceSecurityDescriptor, RtlAppendUnicodeStringToString, KeDelayExecutionThread, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoWMIWriteEvent, EtwRegister, EtwUnregister, IoGetDeviceAttachmentBaseRef, DbgPrintEx, KeWaitForMultipleObjects, ZwOpenEvent, PsDereferenceImpersonationToken, PsReferenceImpersonationToken, _vsnwprintf, towlower, KeTickCount, RtlUnwind, RtlEqualUnicodeString, RtlPrefixUnicodeString, RtlAppendUnicodeToString, ExAllocatePoolWithQuotaTag, FsRtlAllocateExtraCreateParameterList, FsRtlAllocateExtraCreateParameter, FsRtlFreeExtraCreateParameterList, FsRtlInsertExtraCreateParameter, IoSetTopLevelIrp, IoCreateFileEx, ObOpenObjectByPointer, ZwClose, RtlInitUnicodeString, ExCreateCallback, ExEnterCriticalRegionAndAcquireResourceExclusive, ExRegisterCallback, KeGetCurrentThread, ExEnterCriticalRegionAndAcquireResourceShared, ExReleaseResourceAndLeaveCriticalRegion, RtlCompareMemory, IoGetTopLevelIrp, FsRtlFindExtraCreateParameter, KeGetRecommendedSharedDataAlignment, MmQuerySystemSize, MmIsThisAnNtAsSystem, RtlCreateSecurityDescriptor, MmProbeAndLockPages, MmUnlockPages, IoAllocateMdl, MmMapLockedPages, InterlockedPopEntrySList, KeQueryInterruptTime, IoBuildPartialMdl, IoGetRelatedDeviceObject, IoFileObjectType, IofCallDriver, KeInitializeApc, KeInsertQueueApc, ExQueueWorkItem, KeAcquireInStackQueuedSpinLockAtDpcLevel, KeReleaseInStackQueuedSpinLockFromDpcLevel, ObfReferenceObject, memmove, ExFreePoolWithTag, IoAcquireCancelSpinLock, IoReleaseCancelSpinLock, ExInitializeLookasideListEx, ExDeleteLookasideListEx, KeQueryMaximumProcessorCountEx, InterlockedExchange, SeReleaseSubjectContext, PsDereferencePrimaryToken, SeTokenType, PsRevertToSelf, SeImpersonateClientEx, SeCreateClientSecurityFromSubjectContext, SeCaptureSubjectContextEx, IofCompleteRequest, MmMapLockedPagesSpecifyCache, IoFreeMdl, ObfDereferenceObject, IoGetCurrentProcess, EtwWrite, KeGetCurrentProcessorNumberEx, ObReferenceObjectByHandle, ExRaiseDatatypeMisalignment, KeBugCheckEx, InterlockedPushEntrySList
> HAL.dll: KeReleaseInStackQueuedSpinLock, KeAcquireInStackQueuedSpinLock, KeGetCurrentIrql, KfLowerIrql, KfRaiseIrql, KeReleaseQueuedSpinLock, KeAcquireQueuedSpinLock, KfReleaseSpinLock, KfAcquireSpinLock
> TDI.SYS: TdiRegisterPnPHandlers, TdiDeregisterPnPHandlers, TdiMatchPdoWithChainedReceiveContext, TdiReturnChainedReceives, TdiCopyBufferToMdl, TdiCopyMdlToBuffer
> NETIO.SYS: NetioInitializeWorkQueue, NetioInsertWorkQueue, NetioShutdownWorkQueue, NmrProviderDetachClientComplete, NmrRegisterProvider, NmrDeregisterProvider, NmrWaitForProviderDeregisterComplete, NmrClientAttachProvider, NmrClientDetachProviderComplete, NmrRegisterClient, NmrDeregisterClient, NmrWaitForClientDeregisterComplete, NsiAllocateAndGetTable, NsiFreeTable, NsiRegisterChangeNotification, NsiDeregisterChangeNotification, NsiGetAllParameters, RtlInitializeTimerWheel, RtlUpdateCurrentTimerWheelTick, RtlGetNextExpiredTimerWheelEntry, RtlReturnTimerWheelEntry, RtlIndicateTimerWheelEntryTimerStart, RtlCleanupTimerWheelEntry, RtlInitializeTimerWheelEntry, RtlSuspendTimerWheel, RtlCleanupTimerWheel, RtlCopyMdlToMdl, RtlCopyMdlToBuffer
> msrpc.sys: RpcAsyncInitializeHandle, RpcBindingFree, RpcBindingSetOption, RpcBindingCreateW, RpcBindingBind, RpcBindingUnbind, RpcAsyncCancelCall, RpcAsyncCompleteCall, RpcExceptionFilter, NdrAsyncClientCall

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Symantec Reputation Network: Suspicious.Insight http://www.symantec....-021223-0550-99
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

And here is the OTL log:

OTL logfile created on: 6/28/2010 12:03:22 PM - Run 3
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Richard Cantu\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.00 Gb Total Space | 53.33 Gb Free Space | 39.80% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.69 Gb Free Space | 71.28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICHARDCANTU-PC
Current User Name: Richard Cantu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/27 23:19:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Richard Cantu\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/07 05:36:10 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/05/07 05:36:08 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/05/06 13:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/04/08 09:14:20 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/03/13 18:16:01 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/10 13:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/10/28 20:14:40 | 000,229,376 | ---- | M] (TODO: <Company name>) -- C:\Windows\System32\TestUnitReady.exe
PRC - [2008/10/27 10:20:16 | 002,179,072 | ---- | M] () -- C:\Windows\System32\MediaButtons.exe
PRC - [2008/08/26 04:57:46 | 006,246,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/08/26 04:57:44 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/07/17 10:16:28 | 000,065,536 | ---- | M] () -- C:\Windows\System32\WinService.exe
PRC - [2008/03/04 08:37:18 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\DELL\DellComms\bin\sprtsvc.exe

========== Modules (SafeList) ==========

MOD - [2010/06/27 23:19:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Richard Cantu\Desktop\OTL.exe
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (DockLoginService)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/07 05:36:10 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/02/27 04:00:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008/11/11 12:20:06 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/26 04:57:44 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/07/17 10:16:28 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WinService.exe -- (DELLODDSrv)
SRV - [2008/03/04 08:37:18 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms)

========== Driver Services (SafeList) ==========

DRV - [2010/06/27 19:24:03 | 000,338,944 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2010/05/06 13:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 13:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 13:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 13:34:10 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/05/06 13:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/04 13:42:58 | 000,277,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/12/11 00:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/23 19:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/07/13 18:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 18:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 18:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 18:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 18:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 18:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 18:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 18:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 18:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 18:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 18:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 18:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 18:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 18:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 18:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 18:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 18:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 18:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 18:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 18:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 18:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 18:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 18:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 18:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 18:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 18:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 18:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 18:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 18:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 18:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 18:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 18:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 18:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 18:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 17:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 17:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 17:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 16:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 16:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 16:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 16:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 16:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 16:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 16:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 16:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 16:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 16:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 16:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 16:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 16:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 16:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 15:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 15:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 15:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 15:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 15:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 15:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 15:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 15:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/03/26 08:00:02 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009/03/06 09:06:02 | 000,140,800 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/08/26 04:57:48 | 002,153,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/08 04:29:38 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/04/16 02:37:44 | 000,014,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DLACPI.sys -- (DLXPDisplayName)
DRV - [2007/04/03 14:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 13:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 13:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616obex.sys -- (s616obex)
DRV - [2007/04/03 13:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 13:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/04/03 13:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/13 18:16:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/06 19:20:04 | 000,000,000 | ---D | M]

[2010/01/23 15:56:54 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Mozilla\Extensions
[2010/01/23 15:56:54 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2010/06/28 02:14:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mystery%20Case%20Files%20-%20Ravenhearst/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Richard Cantu\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Richard Cantu\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/28 09:34:06 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/06/28 09:34:05 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/06/28 09:34:01 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/06/28 09:33:58 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/06/28 09:33:55 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/06/28 09:33:41 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/06/28 09:33:41 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/06/28 09:13:58 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\Desktop\tdsskiller
[2010/06/28 02:17:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/06/28 02:17:44 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Local\temp
[2010/06/28 02:07:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/06/28 02:07:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/06/28 02:07:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/06/28 02:07:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/28 02:07:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/28 02:06:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/06/28 02:06:53 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/06/28 00:52:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/27 23:39:54 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\Desktop\gmer
[2010/06/27 23:19:02 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Richard Cantu\Desktop\OTL.exe
[2010/06/27 15:57:26 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Roaming\Malwarebytes
[2010/06/27 15:57:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/27 15:57:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/27 15:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/27 15:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/27 10:40:18 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Roaming\SUPERAntiSpyware.com
[2010/06/26 21:18:52 | 000,000,000 | ---D | C] -- C:\Program Files\SpyNoMore
[2010/06/26 20:23:24 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/06/26 20:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/06/26 19:42:58 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Roaming\Registry Mechanic
[2010/06/21 12:45:48 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Roaming\Big Fish Games
[2010/06/21 00:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mystery Case Files - Dire Grove
[2010/06/20 17:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/20 17:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/13 14:09:29 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/06/10 06:28:37 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2010/06/10 06:28:37 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2010/06/10 06:28:36 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2010/06/10 06:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/05/31 10:41:12 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Users\Richard Cantu\Desktop\TDSSKiller.exe
[2010/05/29 15:46:04 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\Documents\My Aion
[2010/05/23 16:49:57 | 000,000,000 | ---D | C] -- C:\Intel
[2010/05/08 17:35:55 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Local\PMB Files
[2010/05/08 17:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/05/08 17:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/05/01 21:08:30 | 000,000,000 | ---D | C] -- C:\Users\Richard Cantu\AppData\Local\assembly
[2010/05/01 21:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\NCsoft
[2010/05/01 20:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2010/04/02 21:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/02 21:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

========== Files - Modified Within 90 Days ==========

[2010/06/28 12:05:16 | 004,194,304 | ---- | M] () -- C:\Users\Richard Cantu\ntuser.dat
[2010/06/28 09:39:13 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/28 09:39:13 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/28 09:34:07 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/06/28 09:33:54 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/06/28 09:31:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/28 09:31:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/28 09:31:44 | 2610,307,072 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/28 09:30:45 | 001,675,923 | -H-- | M] () -- C:\Users\Richard Cantu\AppData\Local\IconCache.db
[2010/06/28 09:18:09 | 052,566,928 | ---- | M] () -- C:\Users\Richard Cantu\Desktop\setup_av_free.exe
[2010/06/28 09:14:04 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Users\Richard Cantu\Desktop\TDSSKiller.exe
[2010/06/28 09:13:37 | 000,966,213 | ---- | M] () -- C:\Users\Richard Cantu\Desktop\tdsskiller.zip
[2010/06/28 02:14:41 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/06/28 02:14:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/06/28 02:04:54 | 003,722,395 | R--- | M] () -- C:\Users\Richard Cantu\Desktop\George.exe
[2010/06/27 23:19:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Richard Cantu\Desktop\OTL.exe
[2010/06/27 23:12:07 | 343,862,743 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/27 23:08:38 | 000,284,915 | ---- | M] () -- C:\Users\Richard Cantu\Desktop\gmer.zip
[2010/06/27 21:40:09 | 000,524,288 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{11f8eb3a-826d-11df-9767-00217039dfcd}.TMContainer00000000000000000002.regtrans-ms
[2010/06/27 21:40:09 | 000,524,288 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{11f8eb3a-826d-11df-9767-00217039dfcd}.TMContainer00000000000000000001.regtrans-ms
[2010/06/27 21:40:09 | 000,065,536 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{11f8eb3a-826d-11df-9767-00217039dfcd}.TM.blf
[2010/06/27 19:24:03 | 000,338,944 | ---- | M] () -- C:\Windows\System32\drivers\afd.sys
[2010/06/27 15:57:22 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/26 21:18:59 | 000,001,152 | ---- | M] () -- C:\Windows\System32\windrv.sys
[2010/06/26 21:18:53 | 000,000,951 | ---- | M] () -- C:\Users\Richard Cantu\Desktop\SpyNoMore.lnk
[2010/06/26 20:23:23 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/06/26 20:00:38 | 000,524,288 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{063bf69b-8194-11df-bb9a-00217039dfcd}.TMContainer00000000000000000002.regtrans-ms
[2010/06/26 20:00:38 | 000,524,288 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{063bf69b-8194-11df-bb9a-00217039dfcd}.TMContainer00000000000000000001.regtrans-ms
[2010/06/26 20:00:38 | 000,065,536 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{063bf69b-8194-11df-bb9a-00217039dfcd}.TM.blf
[2010/06/26 19:43:02 | 004,718,592 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat.rmbak
[2010/06/26 17:44:30 | 000,524,288 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{ca4c658f-8182-11df-ba90-00217039dfcd}.TMContainer00000000000000000002.regtrans-ms
[2010/06/26 17:44:30 | 000,524,288 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{ca4c658f-8182-11df-ba90-00217039dfcd}.TMContainer00000000000000000001.regtrans-ms
[2010/06/26 17:44:30 | 000,065,536 | -HS- | M] () -- C:\Users\Richard Cantu\ntuser.dat{ca4c658f-8182-11df-ba90-00217039dfcd}.TM.blf
[2010/06/21 13:23:43 | 000,001,158 | ---- | M] () -- C:\Users\Richard Cantu\Desktop\Mystery Case Files - Ravenhearst.lnk
[2010/06/21 00:32:00 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Mystery Case Files - Dire Grove.lnk
[2010/06/20 23:32:00 | 000,001,895 | ---- | M] () -- C:\Users\Richard Cantu\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/06/20 23:32:00 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/06/20 17:20:40 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/14 21:39:39 | 000,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/14 21:39:39 | 000,618,026 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/14 21:39:39 | 000,104,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/10 06:28:37 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2010/06/09 03:21:28 | 000,419,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/01 23:17:18 | 000,000,050 | ---- | M] () -- C:\Windows\cdplayer.ini
[2010/05/23 18:15:24 | 000,000,000 | -H-- | M] () -- C:\Users\Richard Cantu\Documents\Default.rdp
[2010/05/06 13:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/05/06 13:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/06 13:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/06 13:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/06 13:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/06 13:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/06 13:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe

========== Files Created - No Company Name ==========

[2010/06/28 09:34:07 | 000,002,015 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/06/28 09:18:09 | 052,566,928 | ---- | C] () -- C:\Users\Richard Cantu\Desktop\setup_av_free.exe
[2010/06/28 09:13:26 | 000,966,213 | ---- | C] () -- C:\Users\Richard Cantu\Desktop\tdsskiller.zip
[2010/06/28 02:07:35 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/06/28 02:07:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/06/28 02:07:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/06/28 02:07:35 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/06/28 02:07:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/06/28 02:04:44 | 003,722,395 | R--- | C] () -- C:\Users\Richard Cantu\Desktop\George.exe
[2010/06/27 23:12:07 | 343,862,743 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/06/27 23:08:35 | 000,284,915 | ---- | C] () -- C:\Users\Richard Cantu\Desktop\gmer.zip
[2010/06/27 21:35:09 | 000,524,288 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{11f8eb3a-826d-11df-9767-00217039dfcd}.TMContainer00000000000000000002.regtrans-ms
[2010/06/27 21:35:09 | 000,524,288 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{11f8eb3a-826d-11df-9767-00217039dfcd}.TMContainer00000000000000000001.regtrans-ms
[2010/06/27 21:35:09 | 000,065,536 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{11f8eb3a-826d-11df-9767-00217039dfcd}.TM.blf
[2010/06/27 15:57:22 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/26 21:18:59 | 000,001,152 | ---- | C] () -- C:\Windows\System32\windrv.sys
[2010/06/26 21:18:53 | 000,000,951 | ---- | C] () -- C:\Users\Richard Cantu\Desktop\SpyNoMore.lnk
[2010/06/26 19:44:18 | 000,524,288 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{063bf69b-8194-11df-bb9a-00217039dfcd}.TMContainer00000000000000000002.regtrans-ms
[2010/06/26 19:44:18 | 000,524,288 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{063bf69b-8194-11df-bb9a-00217039dfcd}.TMContainer00000000000000000001.regtrans-ms
[2010/06/26 19:44:18 | 000,065,536 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{063bf69b-8194-11df-bb9a-00217039dfcd}.TM.blf
[2010/06/26 19:42:53 | 000,000,000 | -HS- | C] () -- C:\Users\Richard Cantu\S-1-5-21-47504490-1602177544-3041905625-1000.rrr.LOG2
[2010/06/26 19:42:53 | 000,000,000 | -HS- | C] () -- C:\Users\Richard Cantu\S-1-5-21-47504490-1602177544-3041905625-1000.rrr.LOG1
[2010/06/26 17:33:48 | 000,524,288 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{ca4c658f-8182-11df-ba90-00217039dfcd}.TMContainer00000000000000000002.regtrans-ms
[2010/06/26 17:33:48 | 000,524,288 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{ca4c658f-8182-11df-ba90-00217039dfcd}.TMContainer00000000000000000001.regtrans-ms
[2010/06/26 17:33:48 | 000,065,536 | -HS- | C] () -- C:\Users\Richard Cantu\ntuser.dat{ca4c658f-8182-11df-ba90-00217039dfcd}.TM.blf
[2010/06/21 13:23:43 | 000,001,158 | ---- | C] () -- C:\Users\Richard Cantu\Desktop\Mystery Case Files - Ravenhearst.lnk
[2010/06/21 00:32:00 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Mystery Case Files - Dire Grove.lnk
[2010/06/20 23:32:00 | 000,001,895 | ---- | C] () -- C:\Users\Richard Cantu\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/06/20 23:32:00 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/06/20 17:20:40 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/01 23:16:42 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/05/23 18:15:24 | 000,000,000 | -H-- | C] () -- C:\Users\Richard Cantu\Documents\Default.rdp
[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/26 22:38:11 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 16:12:38 | 000,338,944 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2009/06/14 16:23:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/11/11 13:40:50 | 000,014,392 | ---- | C] () -- C:\Windows\System32\drivers\DLACPI.sys

========== LOP Check ==========

[2009/10/26 19:40:43 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Amazon
[2010/06/21 12:45:48 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Big Fish Games
[2010/06/06 08:05:45 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\GetRightToGo
[2009/10/26 19:40:45 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\JGoodies
[2010/06/26 19:42:58 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Registry Mechanic
[2009/08/24 14:23:19 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Skinux
[2009/12/26 17:47:43 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Sony
[2009/12/26 17:46:10 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\Sony Setup
[2009/10/26 19:41:12 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\SpinTop
[2010/01/23 15:56:53 | 000,000,000 | ---D | M] -- C:\Users\Richard Cantu\AppData\Roaming\TomTom
[2010/05/29 08:47:43 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: AFD.SYS >
[2010/06/27 19:24:03 | 000,338,944 | ---- | M] () MD5=F9703320C908BC65B920F6F56756E81E -- C:\Windows\System32\drivers\afd.sys
[2010/06/27 19:24:03 | 000,338,944 | ---- | M] () MD5=F9703320C908BC65B920F6F56756E81E -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:61A3E318
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D31BE97C
< End of report >

I should probably leave these files alone then and not quarentine with avast?

#11
RKinner

Posted 28 June 2010 - 06:53 PM

Malware Expert

Expert
24,625 posts

We need to replace them. Avast is right. They are dirty but if we let Avast eat them then I think you will lose Internet connectivity. I will send you another file afd.zip via a PM. Unzip it the file (afd.txt) and put it at C:\
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

FCopy::
c:\afd.txt | C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys
c:\afd.txt | C:\windows\system32\drivers\afd.sys

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

Ron

#12
Richard C

Posted 28 June 2010 - 08:07 PM

Member

Topic Starter
Member
21 posts

Hi Ron, here is the new log. When I dragged to script to George, it started but then asked to update since there was one available. I clicked 'Yes' and the program updated, then restarted. I'm not sure if it ran the CFScript after that.

ComboFix 10-06-27.06 - Richard Cantu 06/28/2010 18:36:43.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3319.2081 [GMT -7:00]
Running from: c:\users\Richard Cantu\Desktop\George.exe
Command switches used :: c:\users\Richard Cantu\Desktop\CFScript.txt.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-29 )))))))))))))))))))))))))))))))
.

2010-06-29 02:00 . 2010-06-29 02:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-28 07:52 . 2010-06-28 07:52 -------- d-----w- C:\_OTL
2010-06-27 22:57 . 2010-06-27 22:57 -------- d-----w- c:\users\Richard Cantu\AppData\Roaming\Malwarebytes
2010-06-27 22:57 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-27 22:57 . 2010-06-27 22:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-27 22:57 . 2010-06-27 22:57 -------- d-----w- c:\programdata\Malwarebytes
2010-06-27 22:57 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-27 17:40 . 2010-06-27 17:40 63488 ----a-w- c:\users\Richard Cantu\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-27 17:40 . 2010-06-27 17:40 52224 ----a-w- c:\users\Richard Cantu\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-27 17:40 . 2010-06-27 17:40 117760 ----a-w- c:\users\Richard Cantu\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-27 17:40 . 2010-06-27 17:40 -------- d-----w- c:\users\Richard Cantu\AppData\Roaming\SUPERAntiSpyware.com
2010-06-27 04:18 . 2010-06-27 04:18 1152 ----a-w- c:\windows\system32\windrv.sys
2010-06-27 04:18 . 2010-06-28 00:30 -------- d-----w- c:\program files\SpyNoMore
2010-06-27 03:23 . 2010-06-27 03:23 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-27 03:20 . 2010-06-28 02:29 -------- d-----w- c:\programdata\Lavasoft
2010-06-27 02:42 . 2010-06-27 02:42 -------- d-----w- c:\users\Richard Cantu\AppData\Roaming\Registry Mechanic
2010-06-24 07:43 . 2009-11-25 19:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 07:43 . 2009-11-25 19:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 07:43 . 2009-11-25 19:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 07:43 . 2009-11-25 19:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 07:43 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-21 19:45 . 2010-06-21 19:45 -------- d-----w- c:\users\Richard Cantu\AppData\Roaming\Big Fish Games
2010-06-21 07:30 . 2010-06-21 07:32 -------- d-----w- c:\program files\Mystery Case Files - Dire Grove
2010-06-21 00:20 . 2010-06-21 00:20 -------- d-----w- c:\program files\iPod
2010-06-21 00:18 . 2010-06-21 00:18 -------- d-----w- c:\program files\Bonjour
2010-06-21 00:10 . 2010-06-21 00:10 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-13 21:09 . 2010-06-13 21:09 -------- d-sh--w- c:\windows\ftpcache
2010-06-10 13:28 . 2010-06-10 13:28 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-09 02:55 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 02:55 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 02:55 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 02:43 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 02:43 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 01:24 . 2010-06-29 01:24 140721 ----a-w- C:\afd.zip
2010-06-28 02:24 . 2009-07-13 23:12 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2010-06-22 03:02 . 2010-03-30 01:00 439816 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\setup.exe
2010-06-21 20:28 . 2009-04-12 23:43 -------- d-----w- c:\program files\Mystery Case Files - Madame Fate
2010-06-21 20:25 . 2009-04-13 00:19 -------- d-----w- c:\program files\Mystery Case Files - Ravenhearst
2010-06-21 06:32 . 2009-04-12 23:42 -------- d-----w- c:\program files\bfgclient
2010-06-21 00:20 . 2009-03-27 04:52 -------- d-----w- c:\program files\iTunes
2010-06-21 00:20 . 2009-03-27 04:48 -------- d-----w- c:\program files\Common Files\Apple
2010-06-09 10:05 . 2009-03-27 13:14 -------- d-----w- c:\programdata\Microsoft Help
2010-06-08 14:14 . 2009-04-26 23:00 -------- d-----w- c:\users\Richard Cantu\AppData\Roaming\U3
2010-06-06 15:05 . 2009-10-24 06:02 -------- d-----w- c:\users\Richard Cantu\AppData\Roaming\GetRightToGo
2010-06-05 01:49 . 2009-03-27 13:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 11:34 . 2009-12-05 17:12 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-06-03 11:34 . 2010-05-19 02:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-05-27 01:24 . 2009-12-05 17:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-05-27 01:23 . 2009-10-27 04:14 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-05-27 01:23 . 2010-05-27 01:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-05-27 01:23 . 2009-11-08 11:55 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-05-24 05:28 . 2008-11-11 19:02 -------- d-----w- c:\program files\DELL
2010-05-23 23:47 . 2009-03-29 02:53 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-05-23 00:32 . 2009-09-03 04:08 -------- d-----w- c:\program files\Yahoo!
2010-05-21 21:14 . 2009-10-06 02:57 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-13 06:00 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-09 00:36 . 2010-05-09 00:35 -------- d-----w- c:\programdata\PMB Files
2010-05-09 00:35 . 2010-05-09 00:35 -------- d-----w- c:\program files\Pando Networks
2010-05-08 02:59 . 2010-05-08 02:59 20854256 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\rp\RealPlayerSPGold.exe
2010-05-06 20:59 . 2010-06-28 16:33 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2010-06-28 16:33 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-06-28 16:33 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-06-28 16:34 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-06-28 16:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:34 . 2010-06-28 16:33 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-06 20:33 . 2010-06-28 16:34 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-02 07:27 . 2010-05-02 04:00 -------- d-----w- c:\program files\NCsoft
2010-05-02 04:08 . 2008-11-11 19:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-02 03:58 . 2010-05-02 03:58 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-04-24 01:59 . 2009-10-27 04:15 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-04-23 07:13 . 2010-05-25 18:11 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-20 03:47 . 2010-04-20 03:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-20 03:47 . 2010-04-20 03:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-05 19:49 . 2010-04-05 19:49 79368 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\RUP\vista.exe
2010-04-05 19:49 . 2010-04-05 19:49 64000 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gcapi_dll.dll
2010-04-05 19:49 . 2010-04-05 19:49 52288 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gtapi.dll
2010-04-05 19:49 . 2010-04-05 19:49 50688 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\fftbapi.dll
2010-04-05 19:49 . 2010-04-05 19:49 49152 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\CarboniteCompatibility.dll
2010-04-05 19:49 . 2010-04-05 19:49 118784 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\compat.dll
2010-04-01 13:16 . 2009-10-27 04:14 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-06-28_09.14.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-27 05:26 . 2010-06-28 16:34 41948 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-06-28 16:34 39780 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-27 05:39 . 2010-06-28 16:34 12902 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-47504490-1602177544-3041905625-1000_UserData.bin
- 2009-10-27 05:39 . 2010-06-28 07:51 12902 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-47504490-1602177544-3041905625-1000_UserData.bin
+ 2009-10-27 02:23 . 2010-06-29 00:40 81920 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-27 02:23 . 2010-06-28 07:55 81920 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:41 . 2010-06-28 07:55 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-06-29 00:40 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-27 03:32 . 2010-06-28 16:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-27 03:32 . 2010-06-28 07:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-27 03:32 . 2010-06-28 16:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-27 03:32 . 2010-06-28 07:55 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-27 03:32 . 2010-06-28 16:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-27 03:32 . 2010-06-28 07:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-27 03:32 . 2010-06-28 16:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-27 03:32 . 2010-06-28 07:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-27 04:14 . 2010-06-29 01:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-27 04:14 . 2010-06-28 09:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-27 04:14 . 2010-06-28 09:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-10-27 04:14 . 2010-06-29 01:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-10-27 04:14 . 2010-06-28 09:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-10-27 04:14 . 2010-06-29 01:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-10-27 03:32 . 2010-06-29 01:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-27 03:32 . 2010-06-28 09:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-27 03:32 . 2010-06-28 07:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-27 03:32 . 2010-06-28 16:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-28 16:31 . 2010-06-28 16:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-06-28 07:54 . 2010-06-28 07:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-06-28 16:31 . 2010-06-28 16:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-06-28 07:54 . 2010-06-28 07:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-27 02:23 . 2010-06-28 07:55 917504 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-27 02:23 . 2010-06-29 00:40 917504 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:03 . 2010-06-28 08:08 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:03 . 2010-06-28 23:35 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-05-07 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-14 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-26 6246400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-04-08 104408]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-11 19:20 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellComms]
2008-03-04 15:37 202544 ----a-w- c:\program files\DELL\DellComms\bin\sprtcmd.exe

R2 DELLODDSrv;DELLODDSrv;c:\windows\System32\WinService.exe [2008-07-17 65536]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1343400]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-08-26 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-08 632792]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-05-08 27648]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files\Dell\DellComms\bin\sprtsvc.exe [2008-03-04 202544]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-05-07 92008]
S3 DLXPDisplayName;DLXPDisplayName;c:\windows\system32\DRIVERS\DLACPI.sys [2008-04-16 14392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-06-28 19:04:38
ComboFix-quarantined-files.txt 2010-06-29 02:04
ComboFix2.txt 2010-06-28 09:17

Pre-Run: 56,749,989,888 bytes free
Post-Run: 56,526,852,096 bytes free

- - End Of File - - 88D509B27319FAFA40A8E2A12625CE50

#13
Richard C

Posted 28 June 2010 - 08:10 PM

Member

Topic Starter
Member
21 posts

I also wasnt sure if I had to add the file extension .txt to the files I was saving. I named the script file "CFSCript.txt" and the afd file "aft.txt"

Thank you.

#14
RKinner

Posted 28 June 2010 - 09:04 PM

Malware Expert

Expert
24,625 posts

Notepad will add the .txt to CFScript automatically.

You need to Save the afd.zip file somewhere then double click on it and then right click on the afd.txt file and Copy it then move to C:\ and right click and Paste it.

Or you can Right click on it and Extract ALL which will create a folder in the same directory. Inside the folder will be the afd.txt which you can drag to C:\

Looks like you just saved the afd.zip to C:\.

Please make sure the unzipped afd.txt file is at C:\ then run the CFScript again.

Ron

#15
Richard C

Posted 28 June 2010 - 09:47 PM

Member

Topic Starter
Member
21 posts

Hi Ron, here is the ComboFix log:

ComboFix 10-06-27.06 - Richard Cantu 06/28/2010 20:16:10.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3319.2127 [GMT -7:00]
Running from: c:\users\Richard Cantu\Desktop\George.exe
Command switches used :: c:\users\Richard Cantu\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\afd.txt --> c:\windows\system32\drivers\afd.sys
.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-29 )))))))))))))))))))))))))))))))
.

2010-06-29 03:41 . 2010-06-29 03:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-29 03:41 . 2010-06-29 03:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-29 03:14 . 2010-06-29 03:14 -------- d-----w- C:\32788R22FWJFW
2010-06-29 03:10 . 2010-06-29 03:11 -------- d-----w- C:\afd
2010-06-29 01:24 . 2010-06-29 01:24 140721 ----a-w- C:\afd.zip
2010-06-28 16:34 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 16:34 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 16:34 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 16:33 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 16:33 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 16:33 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-28 16:33 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 09:17 . 2010-06-29 03:41 -------- d-----w- c:\users\Richard Cantu\AppData\Local\temp
2010-06-28 07:52 . 2010-06-28 07:52 -------- d-----w- C:\_OTL
2010-06-27 22:57 . 2010-06-27 22:57 -------- d-----w- c:\users\Richard Cantu\AppData\Roaming\Malwarebytes
2010-06-27 22:57 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-27 22:57 . 2010-06-27 22:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-27 22:57 . 2010-06-27 22:57 -------- d-----w- c:\programdata\Malwarebytes
2010-06-27 22:57 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-27 17:40 . 2010-06-27 17:40 63488 ----a-w- c:\users\Richard Cantu\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-27 17:40 . 2010-06-27 17:40 52224 ----a-w- c:\users\Richard Cantu\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-27 17:40 . 2010-06-27 17:40 117760 ----a-w- c:\users\Richard Cantu\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-27 17:40 . 2010-06-27 17:40 -------- d-----w- c:\users\Richard Cantu\AppData\Roaming\SUPERAntiSpyware.com
2010-06-27 04:18 . 2010-06-27 04:18 1152 ----a-w- c:\windows\system32\windrv.sys
2010-06-27 04:18 . 2010-06-28 00:30 -------- d-----w- c:\program files\SpyNoMore
2010-06-27 03:23 . 2010-06-27 03:23 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-27 03:20 . 2010-06-28 02:29 -------- d-----w- c:\programdata\Lavasoft
2010-06-27 02:42 . 2010-06-27 02:42 -------- d-----w- c:\users\Richard Cantu\AppData\Roaming\Registry Mechanic
2010-06-24 07:43 . 2009-11-25 19:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 07:43 . 2009-11-25 19:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 07:43 . 2009-11-25 19:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 07:43 . 2009-11-25 19:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 07:43 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-21 19:45 . 2010-06-21 19:45 -------- d-----w- c:\users\Richard Cantu\AppData\Roaming\Big Fish Games
2010-06-21 07:30 . 2010-06-21 07:32 -------- d-----w- c:\program files\Mystery Case Files - Dire Grove
2010-06-21 00:20 . 2010-06-21 00:20 -------- d-----w- c:\program files\iPod
2010-06-21 00:18 . 2010-06-21 00:18 -------- d-----w- c:\program files\Bonjour
2010-06-21 00:10 . 2010-06-21 00:10 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-13 21:09 . 2010-06-13 21:09 -------- d-sh--w- c:\windows\ftpcache
2010-06-10 13:28 . 2010-06-10 13:28 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-09 02:55 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 02:55 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 02:55 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 02:43 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 02:43 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 03:10 . 2009-07-13 23:12 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2010-06-22 03:02 . 2010-03-30 01:00 439816 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\setup.exe
2010-06-21 20:28 . 2009-04-12 23:43 -------- d-----w- c:\program files\Mystery Case Files - Madame Fate
2010-06-21 20:25 . 2009-04-13 00:19 -------- d-----w- c:\program files\Mystery Case Files - Ravenhearst
2010-06-21 06:32 . 2009-04-12 23:42 -------- d-----w- c:\program files\bfgclient
2010-06-21 00:20 . 2009-03-27 04:52 -------- d-----w- c:\program files\iTunes
2010-06-21 00:20 . 2009-03-27 04:48 -------- d-----w- c:\program files\Common Files\Apple
2010-06-09 10:05 . 2009-03-27 13:14 -------- d-----w- c:\programdata\Microsoft Help
2010-06-08 14:14 . 2009-04-26 23:00 -------- d-----w- c:\users\Richard Cantu\AppData\Roaming\U3
2010-06-06 15:05 . 2009-10-24 06:02 -------- d-----w- c:\users\Richard Cantu\AppData\Roaming\GetRightToGo
2010-06-05 01:49 . 2009-03-27 13:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 11:34 . 2009-12-05 17:12 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-06-03 11:34 . 2010-05-19 02:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-05-27 01:24 . 2009-12-05 17:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-05-27 01:23 . 2009-10-27 04:14 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-05-27 01:23 . 2010-05-27 01:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-05-27 01:23 . 2009-11-08 11:55 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-05-24 05:28 . 2008-11-11 19:02 -------- d-----w- c:\program files\DELL
2010-05-23 23:47 . 2009-03-29 02:53 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-05-23 00:32 . 2009-09-03 04:08 -------- d-----w- c:\program files\Yahoo!
2010-05-21 21:14 . 2009-10-06 02:57 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-13 06:00 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-09 00:36 . 2010-05-09 00:35 -------- d-----w- c:\programdata\PMB Files
2010-05-09 00:35 . 2010-05-09 00:35 -------- d-----w- c:\program files\Pando Networks
2010-05-08 02:59 . 2010-05-08 02:59 20854256 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\rp\RealPlayerSPGold.exe
2010-05-02 07:27 . 2010-05-02 04:00 -------- d-----w- c:\program files\NCsoft
2010-05-02 04:08 . 2008-11-11 19:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-02 03:58 . 2010-05-02 03:58 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-04-24 01:59 . 2009-10-27 04:15 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-04-23 07:13 . 2010-05-25 18:11 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-20 03:47 . 2010-04-20 03:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-20 03:47 . 2010-04-20 03:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-05 19:49 . 2010-04-05 19:49 79368 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\RUP\vista.exe
2010-04-05 19:49 . 2010-04-05 19:49 64000 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gcapi_dll.dll
2010-04-05 19:49 . 2010-04-05 19:49 52288 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gtapi.dll
2010-04-05 19:49 . 2010-04-05 19:49 50688 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\fftbapi.dll
2010-04-05 19:49 . 2010-04-05 19:49 49152 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\CarboniteCompatibility.dll
2010-04-05 19:49 . 2010-04-05 19:49 118784 ----a-w- c:\users\Richard Cantu\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\compat.dll
2010-04-01 13:16 . 2009-10-27 04:14 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-06-28_09.14.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-27 05:26 . 2010-06-28 16:34 41948 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-06-28 16:34 39780 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-27 05:39 . 2010-06-28 16:34 12902 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-47504490-1602177544-3041905625-1000_UserData.bin
- 2009-10-27 05:39 . 2010-06-28 07:51 12902 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-47504490-1602177544-3041905625-1000_UserData.bin
+ 2009-10-27 02:23 . 2010-06-29 02:05 81920 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-27 02:23 . 2010-06-28 07:55 81920 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:41 . 2010-06-28 07:55 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-06-29 02:05 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-27 03:32 . 2010-06-28 16:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-27 03:32 . 2010-06-28 07:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-27 03:32 . 2010-06-28 16:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-27 03:32 . 2010-06-28 07:55 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-27 03:32 . 2010-06-28 16:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-27 03:32 . 2010-06-28 07:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-27 03:32 . 2010-06-28 16:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-27 03:32 . 2010-06-28 07:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-27 04:14 . 2010-06-29 03:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-27 04:14 . 2010-06-28 09:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-27 04:14 . 2010-06-28 09:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-10-27 04:14 . 2010-06-29 03:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-10-27 04:14 . 2010-06-28 09:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-10-27 04:14 . 2010-06-29 03:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-10-27 03:32 . 2010-06-29 03:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-27 03:32 . 2010-06-28 09:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-27 03:32 . 2010-06-28 07:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-27 03:32 . 2010-06-28 16:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-28 16:31 . 2010-06-28 16:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-06-28 07:54 . 2010-06-28 07:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-06-28 16:31 . 2010-06-28 16:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-06-28 07:54 . 2010-06-28 07:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-27 02:23 . 2010-06-28 07:55 917504 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-27 02:23 . 2010-06-29 02:05 917504 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:03 . 2010-06-28 08:08 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:03 . 2010-06-28 23:35 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-05-07 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-14 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-26 6246400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-04-08 104408]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-11 19:20 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellComms]
2008-03-04 15:37 202544 ----a-w- c:\program files\DELL\DellComms\bin\sprtcmd.exe

R2 DELLODDSrv;DELLODDSrv;c:\windows\System32\WinService.exe [2008-07-17 65536]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1343400]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-08-26 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-08 632792]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-05-08 27648]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files\Dell\DellComms\bin\sprtsvc.exe [2008-03-04 202544]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-05-07 92008]
S3 DLXPDisplayName;DLXPDisplayName;c:\windows\system32\DRIVERS\DLACPI.sys [2008-04-16 14392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-06-28 20:45:23
ComboFix-quarantined-files.txt 2010-06-29 03:45
ComboFix2.txt 2010-06-29 02:04
ComboFix3.txt 2010-06-28 09:17

Pre-Run: 56,575,238,144 bytes free
Post-Run: 56,525,410,304 bytes free

- - End Of File - - E8C7F042C49C385451A812382A09B6A6