Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Horse SHeur3.CDGB and svchost.exe using up 100% CPU


  • This topic is locked This topic is locked

#1
Piros

Piros

    Member

  • Member
  • PipPip
  • 28 posts
The main things I know are that I have the SHeur3.CDGB trojan and that after my computer is on for a few minutes svchost.exe starts sapping all my CPU time and everything runs sluggishly as a result.

I found the Sheur3 trojan after I started having increased problems a few days ago with sluggishness with my computer in general. I cleared a lot of things out of my computer including modifying the startup processes. I found a startup process called ifoludej.dll and I turned it off. Upon restart I started getting virus protection warnings from AVG and PC Tools Internet Security which quickly removed ifoludej.dll when it tried to turn itself back on, but failed with a file called "C:\Windows\Temp\adus\setup.exe" because it couldn't be found... every time setup tries to do something the 4 letters "adus" are different. Among other things, SETUP tries to access the internet and open such sites as "www.findstuff.com", "ads.randomletters.com" and "tags.randomletters.com". I say tries because PC Tools stops it most times. This is much more noticeable than the Google redirect problem I've had off and on no matter what I try for months now, because it tries to access the internet even when no browser is open.

My other main problem is that inevitably svchost.exe starts monopolizing my computer's CPU time after it has been on a short while. The instance of svchost.exe in question is one that handles a number of things. I ran "Tasklist \SVC" in the command prompt right now and it came back with about 2 dozen services using the one process. The process in question is PID 308, svchost.exe, with the services being: "AudioSrv, BITS, CryptSvc, Dhcp, dmserver, EventSystem, FastUserSwitchingCapability, helpsvc, HidServ, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, SENS, SharedAccess, ShellHWDetection, TapiSrv, Themes, TrkWks, winmgmt, wscsvc, wuauserv, WZCSVC".

To try and get rid of the problems, first I ran my main anti-virus, PC Tools Internet Security 2011, a few times on full scan and removed an obfuscated Trojan and a bunch of malware/spyware/adware. Then, I ran AVG Free 2011's full scan 2x and its rootkit scan once and it removed a few objects on the full scan and didnt even find the trojan until it tried to do something actively. Last, I ran Malwarebytes 2-3x and it found 2 objects and removed them.

I added PC Tools to my antiviruses a few months ago when I tried to get rid of the Google redirect on my computer. At that time I tried AVG, Malwarebytes, and some specialty programs by Microsoft and other vendors that were supposed to target the rootkit responsible... but they didnt help... PC Tools helped about 90% I think.

Anyway, I think that about covers it. Here's my OTL report and thanks in advance for any help.

Report:

"OTL logfile created on: 6/12/2011 9:38:51 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Mr Smith\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.33 Gb Available Physical Memory | 16.71% Memory free
6.35 Gb Paging File | 4.26 Gb Available in Paging File | 67.12% Paging File free
Paging file location(s): C:\pagefile.sys 4608 4608 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 83.24 Gb Total Space | 10.61 Gb Free Space | 12.74% Space Free | Partition Type: NTFS
Drive H: | 87.89 Gb Total Space | 81.32 Gb Free Space | 92.52% Space Free | Partition Type: NTFS

Computer Name: IAINPC | User Name: Mr Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/02/24 01:13:52 | 002,314,048 | ---- | M] (Maxthon International ltd.) -- C:\Program Files\Maxthon3\Bin\Maxthon.exe
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2011/01/07 14:54:12 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\FGuard.exe
PRC - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2011/01/07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 02:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/07 02:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/01/06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe
PRC - [2010/12/05 17:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 17:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 05:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2009/10/22 01:23:14 | 001,577,984 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2008/07/21 12:37:06 | 000,086,016 | ---- | M] (Nektra S.A.) -- C:\Program Files\Common Files\PC Tools\Outlook Express API\launcher.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/14 05:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/03/14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/05/03 14:12:14 | 002,061,816 | ---- | M] (AT&T) -- C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2002/10/15 18:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe


========== Modules (SafeList) ==========

MOD - [2011/01/11 04:27:10 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
MOD - [2010/12/31 09:36:32 | 000,406,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\TFEngine\TFWAH.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - File not found [Disabled | Stopped] -- -- (NetTcpPortSharing)
SRV - File not found [On_Demand | Stopped] -- -- (LiveTurbineNetworkService)
SRV - File not found [On_Demand | Stopped] -- -- (LiveTurbineMessageService)
SRV - File not found [Auto | Stopped] -- -- (itlperf)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/06/03 12:39:00 | 003,116,380 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/03/14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2006/12/02 06:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2011/01/17 09:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/01/12 11:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/12/31 09:36:40 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/12/31 09:36:38 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/12/31 09:36:36 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/16 08:46:04 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/12/10 16:57:26 | 000,160,448 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/10 17:58:50 | 000,056,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdisMP)
DRV - [2010/08/10 17:58:50 | 000,056,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdis)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2009/10/01 18:41:44 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/09/04 12:46:04 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/04 12:46:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/06/01 13:11:13 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 03:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 03:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/01/23 16:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/09/27 15:46:12 | 000,048,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\JmtFltr.sys -- (JmtFltr)
DRV - [2007/09/19 18:01:06 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vhidmini.sys -- (vhidmini)
DRV - [2007/09/04 19:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2005/09/29 23:52:22 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/09/29 23:52:20 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/08/18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/07/23 14:16:48 | 000,022,821 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcgame.sys -- (bcgame)
DRV - [2002/11/18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 1B F2 E6 9C A7 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.wowhead.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.8
FF - prefs.js..extensions.enabledItems: {469CEB59-8266-438b-91D9-82F56D595E15}:1.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.21.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.0.20
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {F9EFC5C2-7787-49CE-A0D4-7C9280995F0A}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.9.8
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.300
FF - prefs.js..extensions.enabledItems: {6BD345A9-782E-4516-B177-E733784A1FBB}:1.9.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: {50931610-3d8e-11dd-ae16-0800200c9a66}:1.0
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118

FF - HKLM\software\mozilla\Firefox\extensions\\{F9EFC5C2-7787-49CE-A0D4-7C9280995F0A}: C:\Documents and Settings\Mr Smith\Local Settings\Application Data\{F9EFC5C2-7787-49CE-A0D4-7C9280995F0A} [2010/05/31 19:34:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{D34AFABD-3FBC-4747-A8F9-85F14B97AF96}: C:\Documents and Settings\other\Local Settings\Application Data\{D34AFABD-3FBC-4747-A8F9-85F14B97AF96}\
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/06/29 20:32:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/30 03:01:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/01 11:10:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/01 11:10:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/03/21 04:47:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6BD345A9-782E-4516-B177-E733784A1FBB}: C:\Documents and Settings\Mr Smith\Local Settings\Application Data\{6BD345A9-782E-4516-B177-E733784A1FBB} [2011/06/10 06:45:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/11 05:38:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/11 02:47:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/11 02:47:33 | 000,000,000 | ---D | M]

[2010/02/05 01:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Extensions
[2010/02/05 01:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Extensions\[email protected]
[2011/06/12 08:07:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions
[2010/10/15 06:15:42 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/04/14 06:33:50 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2008/06/18 19:08:24 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2010/03/17 13:01:41 | 000,000,000 | ---D | M] (FoxyTunes Skin - OnyxOrbs) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{469CEB59-8266-438b-91D9-82F56D595E15}
[2009/07/07 22:28:40 | 000,000,000 | ---D | M] (zblack) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2011/02/18 13:23:57 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2009/11/30 20:34:19 | 000,000,000 | ---D | M] ("Profile Manager and Synchronizer") -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{69f6e5ea-e975-4d70-a983-1e5c094ded79}
[2011/05/25 06:49:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/22 21:11:05 | 000,000,000 | ---D | M] (Tiny Menu) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
[2011/06/11 09:53:10 | 000,000,000 | ---D | M] (Extended Statusbar) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
[2011/05/31 08:32:18 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/20 01:55:30 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/06/11 09:53:09 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/04/14 06:51:44 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]
[2011/05/10 06:11:58 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]
[2008/11/23 23:32:04 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]
[2010/06/08 17:46:24 | 000,000,000 | ---D | M] (Solid State ION) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]
[2009/08/05 17:21:13 | 000,000,000 | ---D | M] ("YoYo Games InstantPlay") -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]
[2009/11/30 20:37:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\qhd75kbb.Iain\extensions
[2009/11/30 20:37:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\qhd75kbb.Iain\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/14 01:28:57 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\qhd75kbb.Iain\extensions\[email protected]
[2007/12/27 15:11:00 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\searchplugins\aolsearch.xml
[2008/06/21 15:52:34 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\searchplugins\winamp-search.xml
[2011/06/12 08:07:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/14 00:23:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/06/10 06:45:23 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\MR SMITH\LOCAL SETTINGS\APPLICATION DATA\{6BD345A9-782E-4516-B177-E733784A1FBB}
[2010/05/31 19:34:30 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\MR SMITH\LOCAL SETTINGS\APPLICATION DATA\{F9EFC5C2-7787-49CE-A0D4-7C9280995F0A}
[2011/06/11 05:38:40 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/01/01 11:10:38 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/01/01 11:10:39 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2009/04/23 13:10:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/21 04:47:26 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX
[2009/09/01 23:28:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/02/19 16:59:07 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

Hosts file not found
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O4 - HKLM..\Run: [Adadelijosifaduj] File not found
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [ISW.exe] C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (AT&T)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [Nektra OEAPI] C:\Program Files\Common Files\PC Tools\Outlook Express API\launcher.exe (Nektra S.A.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS\System32\systray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T [2010/06/16 16:58:19 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Mr Smith\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %windir%\resources\Themes\RedTheme.theme
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: aol.com ([music] https in Trusted sites)
O15 - HKCU\..Trusted Domains: shoutcast.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: winamp.com ([]https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mr Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mr Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/23 16:51:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d805c8f1-6020-11dc-b94e-0016e6dd225c}\Shell\AutoRun\command - "" = F:\Autorun.exe /run
O33 - MountPoints2\{d805c8f1-6020-11dc-b94e-0016e6dd225c}\Shell\Shell00\Command - "" = F:\Autorun.exe /run
O33 - MountPoints2\{d805c8f1-6020-11dc-b94e-0016e6dd225c}\Shell\Shell01\Command - "" = F:\Autorun.exe /action
O33 - MountPoints2\{d805c8f1-6020-11dc-b94e-0016e6dd225c}\Shell\Shell02\Command - "" = F:\Autorun.exe /uninstall
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O36 - AppCertDlls: autol386 - (C:\WINDOWS\system32\pxinrcp.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/12 07:27:15 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mr Smith\Desktop\random.exe
[2011/06/11 06:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/11 05:38:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/06/11 03:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Smith\Start Menu\Programs\Internet
[2011/06/11 03:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Internet
[2011/06/11 00:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/06/11 00:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/06/10 21:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/06/10 06:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/06/10 06:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/06/10 06:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/06/10 06:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\{6BD345A9-782E-4516-B177-E733784A1FBB}
[2011/05/26 05:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\Comical
[2011/05/25 06:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\cYo
[2011/05/25 06:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Smith\Application Data\cYo
[31 C:\*.tmp files -> C:\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/12 07:33:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/12 07:27:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr Smith\Desktop\random.exe
[2011/06/12 07:19:13 | 000,013,736 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/12 07:13:51 | 000,272,073 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/06/12 07:13:45 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\mbnj.job
[2011/06/12 07:13:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/12 07:13:39 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/11 05:35:26 | 117,987,023 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/11 05:07:50 | 000,481,752 | ---- | M] () -- C:\Documents and Settings\Mr Smith\My Documents\The Poet.epub
[2011/06/11 04:48:45 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2011/06/11 03:36:43 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/11 03:34:54 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ddetiyov.dat
[2011/06/11 01:22:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Uwalucoruwuy.bin
[2011/06/10 21:02:15 | 000,166,400 | RHS- | M] () -- C:\WINDOWS\System32\ntmsoprq6.dll
[2011/06/10 06:33:00 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Mr Smith\Application Data\h9ngajrf.bat
[2011/06/10 06:01:06 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Mr Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/26 07:49:16 | 000,510,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/26 07:49:16 | 000,098,712 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[31 C:\*.tmp files -> C:\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/11 05:08:40 | 000,481,752 | ---- | C] () -- C:\Documents and Settings\Mr Smith\My Documents\The Poet.epub
[2011/06/10 21:02:15 | 000,166,400 | RHS- | C] () -- C:\WINDOWS\System32\ntmsoprq6.dll
[2011/06/10 21:02:15 | 000,000,308 | -HS- | C] () -- C:\WINDOWS\tasks\mbnj.job
[2011/06/10 06:33:00 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Mr Smith\Application Data\h9ngajrf.bat
[2011/03/21 04:47:25 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/03/18 00:39:06 | 000,017,308 | -HS- | C] () -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\2440507339
[2011/03/18 00:39:06 | 000,017,308 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2440507339
[2011/03/18 00:18:19 | 000,017,396 | -HS- | C] () -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\1368123653
[2011/03/18 00:18:19 | 000,017,396 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1368123653
[2010/06/29 23:26:16 | 000,705,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/31 19:34:31 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ddetiyov.dat
[2010/05/31 19:34:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Uwalucoruwuy.bin
[2010/05/31 19:32:41 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Mr Smith\Application Data\vqdlkr.dat
[2010/05/10 00:09:09 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/04/30 20:52:46 | 000,024,256 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/22 18:51:19 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/04/01 05:47:17 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SI.bin
[2010/03/31 16:24:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/28 16:29:03 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\mk4vc60.dll
[2010/03/23 13:33:27 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/10/24 19:40:05 | 000,000,020 | ---- | C] () -- C:\WINDOWS\prefs_zb.dll
[2009/10/13 11:56:52 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2009/10/02 13:06:33 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\fusioncache.dat
[2009/08/09 19:21:32 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/07/26 21:42:33 | 000,066,936 | -HS- | C] () -- C:\WINDOWS\slinfo_0.drv
[2009/07/26 21:41:14 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2009/07/26 21:41:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\diabswun.exe
[2009/05/26 19:18:59 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/02/15 15:10:57 | 000,048,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\JmtFltr.sys
[2008/12/25 09:49:56 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Mr Smith\Application Data\PnkBstrK.sys
[2008/12/14 10:00:38 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{3D55D1F4-1059-11DC-B281-197056D89593}
[2008/12/13 14:50:03 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/05 00:46:04 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/12/04 19:26:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/09/09 16:41:55 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/08/31 13:53:19 | 000,000,172 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/14 03:57:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/06/13 20:15:16 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008/06/09 18:14:43 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/06/01 13:49:52 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/06/01 13:49:52 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/06/01 13:49:52 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/12/08 16:44:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/11/29 19:55:54 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/06 00:14:31 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\PUTTY.RND
[2007/06/28 23:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/06/14 02:40:27 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2007/06/09 15:59:22 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/06/04 02:20:33 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/16 14:24:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/05/16 14:21:55 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2007/05/16 14:21:40 | 000,003,073 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/05/16 14:06:31 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2007/05/16 13:27:20 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2007/04/23 16:52:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/04/23 16:48:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/04/23 09:36:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/23 09:35:24 | 000,112,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/03/12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2006/08/11 23:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 23:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,510,800 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,098,712 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/11/19 15:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2002/11/19 15:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2001/11/08 02:27:00 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/06/11 01:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/12/08 13:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009/12/08 15:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar
[2011/06/11 05:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/09/30 09:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/22 20:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2007/06/23 16:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/06/11 02:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2010/09/30 10:31:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/06/01 17:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DinsCurse
[2009/05/26 19:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2010/05/13 21:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamerizon
[2010/09/30 09:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/09 07:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/06/08 22:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/05/26 18:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/08/31 13:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2011/06/12 09:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/02 12:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine
[2007/10/29 01:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/08/05 17:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2010/04/30 20:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/20 11:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/07/14 03:50:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8227D5D4-E2F9-4B81-98FA-54E4E78F5238}
[2009/04/28 22:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/11/09 02:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\.BitZip
[2010/08/13 07:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\.minecraft
[2009/06/21 19:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Amazon
[2009/12/08 13:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\AT&T
[2009/12/08 13:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\ATTToolbar
[2010/10/12 12:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\AVG
[2010/09/30 10:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\AVG10
[2010/03/29 01:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Azgard
[2011/05/25 08:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Azureus
[2007/05/18 13:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\BitTorrent
[2010/03/23 13:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Braid
[2011/03/15 01:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\calibre
[2007/08/18 18:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\CiscoCAA
[2011/01/17 02:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2010/08/26 10:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\crawl
[2011/05/25 06:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\cYo
[2008/06/01 13:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\DAEMON Tools
[2009/05/19 14:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\dota-allstars.71E01812711E1682B196CE418CDA466F24682743.1
[2009/05/19 14:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\dota_allstars
[2008/12/13 14:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\FileZilla
[2009/05/21 17:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\FOG Downloader
[2008/11/15 14:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Galcon
[2011/03/18 01:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\GetRightToGo
[2009/04/06 19:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\gtk-2.0
[2010/12/11 11:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\IceChat
[2009/04/01 15:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Inkscape
[2007/05/16 13:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Leadertech
[2011/01/01 11:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Local
[2010/04/24 22:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2011/03/06 07:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Maxthon3
[2010/03/21 00:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Mind Control Software
[2011/02/02 12:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\n52te
[2011/03/09 07:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\NCH Swift Sound
[2011/06/11 03:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Notepad++
[2011/03/21 04:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\PCToolsFirewallPlus
[2008/11/27 01:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Pi Eye Games
[2010/03/21 00:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\PlayFirst
[2010/05/13 22:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\runic games
[2007/11/01 20:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Screaming Bee
[2008/12/08 06:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\SmartDraw
[2008/12/14 07:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\smc
[2011/03/18 01:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Spam Monitor
[2008/08/07 00:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\SystemRequirementsLab
[2008/12/14 10:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Tandem Games
[2007/11/04 14:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Uniblue
[2011/06/12 06:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\uTorrent
[2009/07/18 18:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Wizards of the Coast
[2007/08/10 11:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\WowAceUpdater
[2011/03/28 00:34:03 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\doxillionShakeIcon.job
[2011/06/12 07:13:45 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\Tasks\mbnj.job
[2011/03/12 07:34:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 517 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:3E748A0BD09161C9
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEE39B00
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5160F090

< End of report >"
  • 0

Advertisements


#2
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hello Piros and welcome to G2G. :)

We need to see fresh logs before we can begin removing all seen malwares.


1. Please run another OTL scan and post the new report for my review.


2. Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.

  • 0

#3
Piros

Piros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Alright. First, here's the new OTL.txt

OTL logfile created on: 6/17/2011 12:01:57 PM - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Mr Smith\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.21 Gb Available Physical Memory | 10.27% Memory free
6.35 Gb Paging File | 3.64 Gb Available in Paging File | 57.37% Paging File free
Paging file location(s): C:\pagefile.sys 4608 4608 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 83.24 Gb Total Space | 10.51 Gb Free Space | 12.63% Space Free | Partition Type: NTFS
Drive H: | 87.89 Gb Total Space | 81.32 Gb Free Space | 92.52% Space Free | Partition Type: NTFS

Computer Name: IAINPC | User Name: Mr Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/12 07:27:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr Smith\Desktop\random.exe
PRC - [2011/02/24 01:13:52 | 002,314,048 | ---- | M] (Maxthon International ltd.) -- C:\Program Files\Maxthon3\Bin\Maxthon.exe
PRC - [2011/02/24 01:13:52 | 000,614,720 | ---- | M] (Maxthon International ltd.) -- C:\Program Files\Maxthon3\Bin\MxDownloader.exe
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2011/01/07 14:54:12 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\FGuard.exe
PRC - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2011/01/07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 02:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/07 02:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/01/06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe
PRC - [2010/12/05 17:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 17:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/11/02 10:48:49 | 000,328,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 05:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2009/10/22 01:23:14 | 001,577,984 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2008/07/21 12:37:06 | 000,086,016 | ---- | M] (Nektra S.A.) -- C:\Program Files\Common Files\PC Tools\Outlook Express API\launcher.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/14 05:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/03/14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/05/03 14:12:14 | 002,061,816 | ---- | M] (AT&T) -- C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2002/10/15 18:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/12 07:27:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr Smith\Desktop\random.exe
MOD - [2011/01/11 04:27:10 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
MOD - [2010/12/31 09:36:32 | 000,406,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\TFEngine\TFWAH.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - File not found [Disabled | Stopped] -- -- (NetTcpPortSharing)
SRV - File not found [On_Demand | Stopped] -- -- (LiveTurbineNetworkService)
SRV - File not found [On_Demand | Stopped] -- -- (LiveTurbineMessageService)
SRV - File not found [Auto | Stopped] -- -- (itlperf)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/06/03 12:39:00 | 003,116,380 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/03/14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2006/12/02 06:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/01/17 09:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/01/12 11:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/12/31 09:36:40 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/12/31 09:36:38 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/12/31 09:36:36 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/16 08:46:04 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/12/10 16:57:26 | 000,160,448 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/10 17:58:50 | 000,056,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdisMP)
DRV - [2010/08/10 17:58:50 | 000,056,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdis)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2009/10/01 18:41:44 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/09/04 12:46:04 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/04 12:46:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/06/01 13:11:13 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 03:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 03:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/01/23 16:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/09/27 15:46:12 | 000,048,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\JmtFltr.sys -- (JmtFltr)
DRV - [2007/09/19 18:01:06 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vhidmini.sys -- (vhidmini)
DRV - [2007/09/04 19:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2005/09/29 23:52:22 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/09/29 23:52:20 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/08/18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/07/23 14:16:48 | 000,022,821 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcgame.sys -- (bcgame)
DRV - [2002/11/18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 1B F2 E6 9C A7 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.wowhead.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.8
FF - prefs.js..extensions.enabledItems: {469CEB59-8266-438b-91D9-82F56D595E15}:1.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.21.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.0.20
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {F9EFC5C2-7787-49CE-A0D4-7C9280995F0A}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.9.8
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.300
FF - prefs.js..extensions.enabledItems: {6BD345A9-782E-4516-B177-E733784A1FBB}:1.9.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: {50931610-3d8e-11dd-ae16-0800200c9a66}:1.0
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118

FF - HKLM\software\mozilla\Firefox\extensions\\{F9EFC5C2-7787-49CE-A0D4-7C9280995F0A}: C:\Documents and Settings\Mr Smith\Local Settings\Application Data\{F9EFC5C2-7787-49CE-A0D4-7C9280995F0A} [2010/05/31 19:34:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{D34AFABD-3FBC-4747-A8F9-85F14B97AF96}: C:\Documents and Settings\other\Local Settings\Application Data\{D34AFABD-3FBC-4747-A8F9-85F14B97AF96}\
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/06/29 20:32:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/30 03:01:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/01 11:10:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/01 11:10:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/03/21 04:47:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6BD345A9-782E-4516-B177-E733784A1FBB}: C:\Documents and Settings\Mr Smith\Local Settings\Application Data\{6BD345A9-782E-4516-B177-E733784A1FBB} [2011/06/10 06:45:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/11 05:38:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/11 02:47:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/11 02:47:33 | 000,000,000 | ---D | M]

[2010/02/05 01:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Extensions
[2010/02/05 01:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Extensions\[email protected]
[2011/06/17 06:57:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions
[2010/10/15 06:15:42 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/04/14 06:33:50 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2008/06/18 19:08:24 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2010/03/17 13:01:41 | 000,000,000 | ---D | M] (FoxyTunes Skin - OnyxOrbs) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{469CEB59-8266-438b-91D9-82F56D595E15}
[2009/07/07 22:28:40 | 000,000,000 | ---D | M] (zblack) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2011/02/18 13:23:57 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2009/11/30 20:34:19 | 000,000,000 | ---D | M] ("Profile Manager and Synchronizer") -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{69f6e5ea-e975-4d70-a983-1e5c094ded79}
[2011/05/25 06:49:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/22 21:11:05 | 000,000,000 | ---D | M] (Tiny Menu) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
[2011/06/11 09:53:10 | 000,000,000 | ---D | M] (Extended Statusbar) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
[2011/05/31 08:32:18 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/20 01:55:30 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/06/11 09:53:09 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/04/14 06:51:44 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]
[2011/05/10 06:11:58 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]
[2008/11/23 23:32:04 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]
[2010/06/08 17:46:24 | 000,000,000 | ---D | M] (Solid State ION) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]
[2009/08/05 17:21:13 | 000,000,000 | ---D | M] ("YoYo Games InstantPlay") -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]
[2009/11/30 20:37:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\qhd75kbb.Iain\extensions
[2009/11/30 20:37:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\qhd75kbb.Iain\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/14 01:28:57 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\qhd75kbb.Iain\extensions\[email protected]
[2007/12/27 15:11:00 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\searchplugins\aolsearch.xml
[2008/06/21 15:52:34 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\searchplugins\winamp-search.xml
[2011/06/16 07:31:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/14 00:23:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/06/10 06:45:23 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\MR SMITH\LOCAL SETTINGS\APPLICATION DATA\{6BD345A9-782E-4516-B177-E733784A1FBB}
[2010/05/31 19:34:30 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\MR SMITH\LOCAL SETTINGS\APPLICATION DATA\{F9EFC5C2-7787-49CE-A0D4-7C9280995F0A}
[2011/06/11 05:38:40 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/01/01 11:10:38 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/01/01 11:10:39 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2009/04/23 13:10:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/21 04:47:26 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX
[2009/09/01 23:28:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/02/19 16:59:07 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

Hosts file not found
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O4 - HKLM..\Run: [Adadelijosifaduj] File not found
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [ISW.exe] C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (AT&T)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [Nektra OEAPI] C:\Program Files\Common Files\PC Tools\Outlook Express API\launcher.exe (Nektra S.A.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS\System32\systray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T [2010/06/16 16:58:19 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Mr Smith\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %windir%\resources\Themes\RedTheme.theme
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: aol.com ([music] https in Trusted sites)
O15 - HKCU\..Trusted Domains: shoutcast.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: winamp.com ([]https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mr Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mr Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/23 16:51:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d805c8f1-6020-11dc-b94e-0016e6dd225c}\Shell\AutoRun\command - "" = F:\Autorun.exe /run
O33 - MountPoints2\{d805c8f1-6020-11dc-b94e-0016e6dd225c}\Shell\Shell00\Command - "" = F:\Autorun.exe /run
O33 - MountPoints2\{d805c8f1-6020-11dc-b94e-0016e6dd225c}\Shell\Shell01\Command - "" = F:\Autorun.exe /action
O33 - MountPoints2\{d805c8f1-6020-11dc-b94e-0016e6dd225c}\Shell\Shell02\Command - "" = F:\Autorun.exe /uninstall
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O36 - AppCertDlls: autol386 - (C:\WINDOWS\system32\pxinrcp.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/15 00:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\awesome
[2011/06/15 00:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\awesome
[2011/06/14 22:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Smith\Desktop\chklnks
[2011/06/14 22:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Smith\Desktop\ProcessExplorer
[2011/06/13 00:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/06/12 20:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/06/12 11:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/12 11:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/06/12 07:27:15 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mr Smith\Desktop\random.exe
[2011/06/11 06:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/11 05:38:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/06/11 03:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Smith\Start Menu\Programs\Internet
[2011/06/11 03:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Internet
[2011/06/11 00:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/06/11 00:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/06/10 21:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/06/10 06:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/06/10 06:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/06/10 06:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/06/10 06:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\{6BD345A9-782E-4516-B177-E733784A1FBB}
[2011/05/26 05:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\Comical
[2011/05/25 06:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\cYo
[2011/05/25 06:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Smith\Application Data\cYo
[31 C:\*.tmp files -> C:\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/17 12:00:57 | 001,309,375 | ---- | M] () -- C:\Documents and Settings\Mr Smith\Desktop\tdsskiller.zip
[2011/06/17 05:52:55 | 000,013,736 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/17 05:47:45 | 000,272,073 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/06/17 05:47:38 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\mbnj.job
[2011/06/17 05:47:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/17 05:47:33 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/16 07:59:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/14 06:19:54 | 000,735,498 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/12 07:27:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr Smith\Desktop\random.exe
[2011/06/11 05:35:26 | 117,987,023 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/11 05:07:50 | 000,481,752 | ---- | M] () -- C:\Documents and Settings\Mr Smith\My Documents\The Poet.epub
[2011/06/11 04:48:45 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2011/06/11 03:36:43 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/11 03:34:54 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ddetiyov.dat
[2011/06/11 01:22:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Uwalucoruwuy.bin
[2011/06/10 21:02:15 | 000,166,400 | RHS- | M] () -- C:\WINDOWS\System32\ntmsoprq6.dll
[2011/06/10 06:33:00 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Mr Smith\Application Data\h9ngajrf.bat
[2011/06/10 06:01:06 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Mr Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/26 07:49:16 | 000,510,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/26 07:49:16 | 000,098,712 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[31 C:\*.tmp files -> C:\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/17 12:00:52 | 001,309,375 | ---- | C] () -- C:\Documents and Settings\Mr Smith\Desktop\tdsskiller.zip
[2011/06/11 05:08:40 | 000,481,752 | ---- | C] () -- C:\Documents and Settings\Mr Smith\My Documents\The Poet.epub
[2011/06/10 21:02:15 | 000,166,400 | RHS- | C] () -- C:\WINDOWS\System32\ntmsoprq6.dll
[2011/06/10 21:02:15 | 000,000,308 | -HS- | C] () -- C:\WINDOWS\tasks\mbnj.job
[2011/06/10 06:33:00 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Mr Smith\Application Data\h9ngajrf.bat
[2011/03/21 04:47:25 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/03/18 00:39:06 | 000,017,308 | -HS- | C] () -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\2440507339
[2011/03/18 00:39:06 | 000,017,308 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2440507339
[2011/03/18 00:18:19 | 000,017,396 | -HS- | C] () -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\1368123653
[2011/03/18 00:18:19 | 000,017,396 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1368123653
[2010/06/29 23:26:16 | 000,705,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/31 19:34:31 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ddetiyov.dat
[2010/05/31 19:34:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Uwalucoruwuy.bin
[2010/05/31 19:32:41 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Mr Smith\Application Data\vqdlkr.dat
[2010/05/10 00:09:09 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/04/30 20:52:46 | 000,024,256 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/22 18:51:19 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/04/01 05:47:17 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SI.bin
[2010/03/31 16:24:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/28 16:29:03 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\mk4vc60.dll
[2010/03/23 13:33:27 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/10/24 19:40:05 | 000,000,020 | ---- | C] () -- C:\WINDOWS\prefs_zb.dll
[2009/10/13 11:56:52 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2009/10/02 13:06:33 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\fusioncache.dat
[2009/08/09 19:21:32 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/07/26 21:42:33 | 000,066,936 | -HS- | C] () -- C:\WINDOWS\slinfo_0.drv
[2009/07/26 21:41:14 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2009/07/26 21:41:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\diabswun.exe
[2009/05/26 19:18:59 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/02/15 15:10:57 | 000,048,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\JmtFltr.sys
[2008/12/25 09:49:56 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Mr Smith\Application Data\PnkBstrK.sys
[2008/12/14 10:00:38 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{3D55D1F4-1059-11DC-B281-197056D89593}
[2008/12/13 14:50:03 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/05 00:46:04 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/12/04 19:26:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/09/09 16:41:55 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/08/31 13:53:19 | 000,000,172 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/14 03:57:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/06/13 20:15:16 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008/06/09 18:14:43 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/06/01 13:49:52 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/06/01 13:49:52 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/06/01 13:49:52 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/12/08 16:44:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/11/29 19:55:54 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/06 00:14:31 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\PUTTY.RND
[2007/06/28 23:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/06/14 02:40:27 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2007/06/09 15:59:22 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/06/04 02:20:33 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/16 14:24:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/05/16 14:21:55 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2007/05/16 14:21:40 | 000,003,073 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/05/16 14:06:31 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2007/05/16 13:27:20 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2007/04/23 16:52:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/04/23 16:48:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/04/23 09:36:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/23 09:35:24 | 000,112,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/03/12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2006/08/11 23:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 23:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,510,800 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,098,712 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/11/19 15:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2002/11/19 15:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2001/11/08 02:27:00 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/06/11 01:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/12/08 13:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009/12/08 15:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar
[2011/06/11 05:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/09/30 09:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/22 20:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2007/06/23 16:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/06/11 02:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2010/09/30 10:31:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/06/01 17:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DinsCurse
[2009/05/26 19:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2010/05/13 21:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamerizon
[2010/09/30 09:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/09 07:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/06/08 22:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/05/26 18:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/08/31 13:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2011/06/17 06:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/02 12:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine
[2007/10/29 01:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/08/05 17:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2010/04/30 20:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/20 11:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/07/14 03:50:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8227D5D4-E2F9-4B81-98FA-54E4E78F5238}
[2009/04/28 22:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/11/09 02:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\.BitZip
[2010/08/13 07:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\.minecraft
[2009/06/21 19:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Amazon
[2009/12/08 13:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\AT&T
[2009/12/08 13:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\ATTToolbar
[2010/10/12 12:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\AVG
[2010/09/30 10:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\AVG10
[2010/03/29 01:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Azgard
[2011/05/25 08:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Azureus
[2007/05/18 13:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\BitTorrent
[2010/03/23 13:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Braid
[2011/03/15 01:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\calibre
[2007/08/18 18:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\CiscoCAA
[2011/01/17 02:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2010/08/26 10:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\crawl
[2011/05/25 06:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\cYo
[2008/06/01 13:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\DAEMON Tools
[2009/05/19 14:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\dota-allstars.71E01812711E1682B196CE418CDA466F24682743.1
[2009/05/19 14:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\dota_allstars
[2008/12/13 14:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\FileZilla
[2009/05/21 17:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\FOG Downloader
[2008/11/15 14:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Galcon
[2011/03/18 01:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\GetRightToGo
[2009/04/06 19:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\gtk-2.0
[2010/12/11 11:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\IceChat
[2009/04/01 15:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Inkscape
[2007/05/16 13:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Leadertech
[2011/01/01 11:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Local
[2010/04/24 22:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2011/03/06 07:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Maxthon3
[2010/03/21 00:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Mind Control Software
[2011/02/02 12:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\n52te
[2011/03/09 07:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\NCH Swift Sound
[2011/06/11 03:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Notepad++
[2011/03/21 04:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\PCToolsFirewallPlus
[2008/11/27 01:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Pi Eye Games
[2010/03/21 00:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\PlayFirst
[2010/05/13 22:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\runic games
[2007/11/01 20:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Screaming Bee
[2008/12/08 06:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\SmartDraw
[2008/12/14 07:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\smc
[2011/03/18 01:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Spam Monitor
[2008/08/07 00:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\SystemRequirementsLab
[2008/12/14 10:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Tandem Games
[2007/11/04 14:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Uniblue
[2011/06/17 12:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\uTorrent
[2009/07/18 18:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Wizards of the Coast
[2007/08/10 11:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\WowAceUpdater
[2011/03/28 00:34:03 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\doxillionShakeIcon.job
[2011/06/17 05:47:38 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\Tasks\mbnj.job
[2011/03/12 07:34:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 517 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:3E748A0BD09161C9
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEE39B00
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5160F090

< End of report >
  • 0

#4
Piros

Piros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I was gonna paste the new extras.txt for otl, but there doesn't seem to be a new one, just the old one. Anyway, here's the TDSSKiller log.

2011/06/17 12:22:05.0593 10024 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/17 12:22:07.0609 10024 ================================================================================
2011/06/17 12:22:07.0609 10024 SystemInfo:
2011/06/17 12:22:07.0609 10024
2011/06/17 12:22:07.0609 10024 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/17 12:22:07.0609 10024 Product type: Workstation
2011/06/17 12:22:07.0609 10024 ComputerName: IAINPC
2011/06/17 12:22:07.0609 10024 UserName: Mr Smith
2011/06/17 12:22:07.0609 10024 Windows directory: C:\WINDOWS
2011/06/17 12:22:07.0609 10024 System windows directory: C:\WINDOWS
2011/06/17 12:22:07.0609 10024 Processor architecture: Intel x86
2011/06/17 12:22:07.0609 10024 Number of processors: 2
2011/06/17 12:22:07.0609 10024 Page size: 0x1000
2011/06/17 12:22:07.0609 10024 Boot type: Normal boot
2011/06/17 12:22:07.0609 10024 ================================================================================
2011/06/17 12:22:18.0171 10024 Initialize success
2011/06/17 12:22:27.0812 3388 ================================================================================
2011/06/17 12:22:27.0812 3388 Scan started
2011/06/17 12:22:27.0812 3388 Mode: Manual;
2011/06/17 12:22:27.0812 3388 ================================================================================
2011/06/17 12:22:28.0031 3388 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/17 12:22:28.0078 3388 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/17 12:22:28.0125 3388 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/17 12:22:28.0187 3388 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/17 12:22:28.0312 3388 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/06/17 12:22:28.0375 3388 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/17 12:22:28.0546 3388 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/17 12:22:28.0578 3388 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/17 12:22:28.0640 3388 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/17 12:22:28.0687 3388 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/17 12:22:28.0750 3388 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/06/17 12:22:28.0828 3388 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/06/17 12:22:28.0859 3388 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/06/17 12:22:28.0937 3388 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/06/17 12:22:29.0000 3388 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/06/17 12:22:29.0062 3388 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/06/17 12:22:29.0109 3388 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/06/17 12:22:29.0187 3388 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/06/17 12:22:29.0250 3388 bcgame (694a022f3ca43ba0a75ab85a7223cf6c) C:\WINDOWS\system32\drivers\bcgame.sys
2011/06/17 12:22:29.0312 3388 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/17 12:22:29.0406 3388 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/17 12:22:29.0437 3388 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/17 12:22:29.0484 3388 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/17 12:22:29.0515 3388 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/17 12:22:29.0609 3388 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys
2011/06/17 12:22:29.0734 3388 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/17 12:22:29.0781 3388 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/17 12:22:29.0828 3388 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/17 12:22:29.0843 3388 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/17 12:22:29.0875 3388 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/17 12:22:29.0937 3388 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/17 12:22:30.0031 3388 e2d79ca0 (5aa8837abe926c671159a397821e23ed) C:\WINDOWS\TEMP\199.tmp
2011/06/17 12:22:30.0187 3388 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/17 12:22:30.0218 3388 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/17 12:22:30.0250 3388 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/17 12:22:30.0281 3388 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/17 12:22:30.0312 3388 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/17 12:22:30.0343 3388 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/17 12:22:30.0375 3388 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/17 12:22:30.0406 3388 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/06/17 12:22:30.0484 3388 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/06/17 12:22:30.0546 3388 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/06/17 12:22:30.0593 3388 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/17 12:22:30.0625 3388 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/17 12:22:30.0718 3388 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/17 12:22:30.0796 3388 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/17 12:22:30.0890 3388 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/17 12:22:30.0984 3388 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/17 12:22:31.0015 3388 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/17 12:22:31.0046 3388 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/17 12:22:31.0093 3388 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/17 12:22:31.0125 3388 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/17 12:22:31.0171 3388 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/17 12:22:31.0203 3388 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/17 12:22:31.0312 3388 JmtFltr (78cc22326e584d2c02e1ab8b38dbb00f) C:\WINDOWS\system32\Drivers\JmtFltr.sys
2011/06/17 12:22:31.0359 3388 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/17 12:22:31.0390 3388 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/17 12:22:31.0421 3388 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/17 12:22:31.0484 3388 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/17 12:22:31.0546 3388 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/06/17 12:22:31.0625 3388 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2011/06/17 12:22:31.0703 3388 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/06/17 12:22:31.0765 3388 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/06/17 12:22:31.0796 3388 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2011/06/17 12:22:31.0828 3388 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2011/06/17 12:22:31.0890 3388 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/06/17 12:22:31.0953 3388 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/17 12:22:32.0031 3388 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/17 12:22:32.0062 3388 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/17 12:22:32.0093 3388 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/17 12:22:32.0125 3388 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/17 12:22:32.0234 3388 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/06/17 12:22:32.0296 3388 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/06/17 12:22:32.0328 3388 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/17 12:22:32.0375 3388 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/17 12:22:32.0484 3388 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/17 12:22:32.0515 3388 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/17 12:22:32.0531 3388 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/17 12:22:32.0562 3388 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/17 12:22:32.0593 3388 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/17 12:22:32.0640 3388 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/17 12:22:32.0718 3388 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/17 12:22:32.0765 3388 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/17 12:22:32.0796 3388 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/17 12:22:32.0828 3388 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/17 12:22:32.0875 3388 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/17 12:22:32.0906 3388 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/17 12:22:32.0937 3388 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/17 12:22:33.0000 3388 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/17 12:22:33.0031 3388 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/17 12:22:33.0078 3388 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/17 12:22:33.0140 3388 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/17 12:22:33.0406 3388 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/17 12:22:33.0640 3388 nvata (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys
2011/06/17 12:22:33.0671 3388 NVENETFD (a545df28f75bcb109a3aadbb07552b12) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/06/17 12:22:33.0718 3388 nvnetbus (ea41f641420f3d8271804d287c1ef461) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/06/17 12:22:33.0781 3388 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\WINDOWS\nvoclock.sys
2011/06/17 12:22:33.0984 3388 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/17 12:22:34.0031 3388 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/17 12:22:34.0093 3388 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/17 12:22:34.0140 3388 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/17 12:22:34.0171 3388 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/17 12:22:34.0218 3388 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/17 12:22:34.0234 3388 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/17 12:22:34.0296 3388 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/17 12:22:34.0390 3388 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/17 12:22:34.0437 3388 PCTAppEvent (238d3211ecf5ec32a2d78dbada197dfe) C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2011/06/17 12:22:34.0500 3388 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/06/17 12:22:34.0546 3388 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
2011/06/17 12:22:34.0593 3388 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
2011/06/17 12:22:34.0656 3388 PCTFW-PacketFilter (60af5fa418efe284fb81dbbf5a0391fb) C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
2011/06/17 12:22:34.0734 3388 pctgntdi (5be722c8c9bba995693c8cd524d83b27) C:\WINDOWS\system32\drivers\pctgntdi.sys
2011/06/17 12:22:34.0812 3388 pctNdis (32d0dcb9bc33d5c0b29243e3d783b9e6) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
2011/06/17 12:22:34.0828 3388 pctNdisMP (32d0dcb9bc33d5c0b29243e3d783b9e6) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
2011/06/17 12:22:34.0875 3388 pctplfw (fe6803af91ddb32ff8edf5d6c0d370af) C:\WINDOWS\system32\drivers\pctplfw.sys
2011/06/17 12:22:34.0921 3388 pctplsg (1ea4b41d30f28ff5e186a49b4a1d36d9) C:\WINDOWS\system32\drivers\pctplsg.sys
2011/06/17 12:22:35.0125 3388 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/17 12:22:35.0187 3388 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/17 12:22:35.0234 3388 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/17 12:22:35.0265 3388 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/17 12:22:35.0312 3388 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/17 12:22:35.0421 3388 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/17 12:22:35.0453 3388 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/17 12:22:35.0500 3388 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/17 12:22:35.0515 3388 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/17 12:22:35.0546 3388 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/17 12:22:35.0578 3388 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/17 12:22:35.0625 3388 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/17 12:22:35.0671 3388 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/17 12:22:35.0734 3388 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/17 12:22:35.0875 3388 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/17 12:22:35.0937 3388 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/17 12:22:35.0953 3388 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/17 12:22:36.0000 3388 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/17 12:22:36.0078 3388 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/17 12:22:36.0187 3388 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/06/17 12:22:36.0187 3388 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/06/17 12:22:36.0203 3388 sptd - detected LockedFile.Multi.Generic (1)
2011/06/17 12:22:36.0281 3388 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/17 12:22:36.0343 3388 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/17 12:22:36.0406 3388 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/17 12:22:36.0437 3388 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/17 12:22:36.0562 3388 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/17 12:22:36.0609 3388 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
2011/06/17 12:22:36.0718 3388 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys
2011/06/17 12:22:36.0843 3388 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/17 12:22:36.0890 3388 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/17 12:22:36.0921 3388 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/17 12:22:37.0000 3388 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/17 12:22:37.0046 3388 TfFsMon (1c7be4e77d42a93e6cd82ef742a50524) C:\WINDOWS\system32\drivers\TfFsMon.sys
2011/06/17 12:22:37.0078 3388 TfNetMon (40d1ad5741204ea83661e1b4d3d0d0c5) C:\WINDOWS\system32\drivers\TfNetMon.sys
2011/06/17 12:22:37.0125 3388 TfSysMon (5d30e224ac2183357cb478b5cb73bd31) C:\WINDOWS\system32\drivers\TfSysMon.sys
2011/06/17 12:22:37.0218 3388 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/17 12:22:37.0328 3388 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/06/17 12:22:37.0453 3388 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/17 12:22:37.0515 3388 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/17 12:22:37.0562 3388 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/17 12:22:37.0593 3388 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/17 12:22:37.0625 3388 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/17 12:22:37.0656 3388 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/17 12:22:37.0671 3388 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/17 12:22:37.0703 3388 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/17 12:22:37.0750 3388 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/17 12:22:37.0796 3388 vhidmini (dffab3374f554977c4bb1b575a7b6502) C:\WINDOWS\system32\DRIVERS\vhidmini.sys
2011/06/17 12:22:37.0906 3388 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/17 12:22:37.0953 3388 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/17 12:22:38.0015 3388 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/06/17 12:22:38.0093 3388 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/17 12:22:38.0234 3388 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/17 12:22:38.0343 3388 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/17 12:22:38.0390 3388 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/17 12:22:38.0484 3388 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
2011/06/17 12:22:38.0546 3388 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/06/17 12:22:38.0546 3388 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/17 12:22:38.0546 3388 ================================================================================
2011/06/17 12:22:38.0546 3388 Scan finished
2011/06/17 12:22:38.0546 3388 ================================================================================
2011/06/17 12:22:38.0562 10224 Detected object count: 2
2011/06/17 12:22:38.0562 10224 Actual detected object count: 2
2011/06/17 12:23:25.0281 10224 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/17 12:23:25.0296 10224 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Skip
  • 0

#5
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

Please post the contents of extras.txt.

You have multiple anti virus program installed and running at the same time, before we start removing all seen malwares, we first need to settle this to avoid some unnecessary problems.


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The following anti virus products are installed on your system:

  • AVG
  • PC Tools Internet Security
  • AT&T Internet Security
The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please uninstall two of the three anti virus products, let me know in your next post what AV program you choose to keep so that I can adjust my instructions accordingly.
  • 0

#6
Piros

Piros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I removed AVG and AT&T and kept PC Tools Internet Security. I ran a 3rd OTL Scan to get an extras.txt log, since a new one never saved on the 2nd run, but none saved on the 3rd run either, even after putting the 1st log into the recycling bin,sp I'm just gonna have to post the 1st one I guess. Hope that works.

On a slightly unrelated note, the containing folder for AT&T Internet Security Wizard has been opening itself in File Explorer on startup for about a week now; I was hoping uninstalling it would stop that but it hasn't. Also I get a rundll error on startup for ifoludej.dll, that virus dll I had to delete last week. I assume I have to remove something from somewhere to fix that but it's been awhile.

Anyway, extras.txt:

OTL Extras logfile created on: 6/12/2011 9:38:53 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Mr Smith\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.33 Gb Available Physical Memory | 16.71% Memory free
6.35 Gb Paging File | 4.26 Gb Available in Paging File | 67.12% Paging File free
Paging file location(s): C:\pagefile.sys 4608 4608 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 83.24 Gb Total Space | 10.61 Gb Free Space | 12.74% Space Free | Partition Type: NTFS
Drive H: | 87.89 Gb Total Space | 81.32 Gb Free Space | 92.52% Space Free | Partition Type: NTFS

Computer Name: IAINPC | User Name: Mr Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Max3.Association.HTML] -- C:\Program Files\Maxthon3\Bin\Maxthon.exe (Maxthon International ltd.)
.url [@ = InternetShortcut] -- C:\Program Files\Maxthon3\Bin\Maxthon.exe (Maxthon International ltd.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Maxthon3\Bin\Maxthon.exe" "%1" (Maxthon International ltd.)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- "C:\Program Files\Maxthon3\Bin\Maxthon.exe" "%1" (Maxthon International ltd.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57574:TCP" = 57574:TCP:*:Enabled:Pando Media Booster
"57574:UDP" = 57574:UDP:*:Enabled:Pando Media Booster
"56459:TCP" = 56459:TCP:*:Enabled:Pando Media Booster
"56459:UDP" = 56459:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"6881:TCP" = 6881:TCP:*:Enabled:Blizzard Downloader
"6882:TCP" = 6882:TCP:*:Enabled:Blizzard Downloader
"6883:TCP" = 6883:TCP:*:Enabled:Blizzard Downloader
"8086:TCP" = 8086:TCP:*:Enabled:WoW
"8087:TCP" = 8087:TCP:*:Enabled:WoW
"9081:TCP" = 9081:TCP:*:Enabled:WoW
"9090:TCP" = 9090:TCP:*:Enabled:WoW
"9097:TCP" = 9097:TCP:*:Enabled:WoW
"9100:TCP" = 9100:TCP:*:Enabled:WoW
"6885:TCP" = 6885:TCP:*:Enabled:Blizzard Downloader
"6886:TCP" = 6886:TCP:*:Enabled:Blizzard Downloader
"6887:TCP" = 6887:TCP:*:Enabled:Blizzard Downloader
"6889:TCP" = 6889:TCP:*:Enabled:Blizzard Downloader
"6890:TCP" = 6890:TCP:*:Enabled:Blizzard Downloader
"6891:TCP" = 6891:TCP:*:Enabled:Blizzard Downloader
"6892:TCP" = 6892:TCP:*:Enabled:Blizzard Downloader
"6893:TCP" = 6893:TCP:*:Enabled:Blizzard Downloader
"6895:TCP" = 6895:TCP:*:Enabled:Blizzard Downloader
"6896:TCP" = 6896:TCP:*:Enabled:Blizzard Downloader
"6897:TCP" = 6897:TCP:*:Enabled:Blizzard Downloader
"6899:TCP" = 6899:TCP:*:Enabled:Blizzard Downloader
"35608:TCP" = 35608:TCP:*:Enabled:Limewire
"18230:UDP" = 18230:UDP:*:Enabled:uTorrent
"5000:TCP" = 5000:TCP:*:Enabled:Vent
"5000:UDP" = 5000:UDP:*:Enabled:Vent
"6100:TCP" = 6100:TCP:*:Enabled:Vent
"6100:UDP" = 6100:UDP:*:Enabled:Vent
"1380:TCP" = 1380:TCP:*:Enabled:WAR
"10622:TCP" = 10622:TCP:*:Enabled:WAR
"57574:TCP" = 57574:TCP:*:Enabled:Pando Media Booster
"57574:UDP" = 57574:UDP:*:Enabled:Pando Media Booster
"34983:TCP" = 34983:TCP:*:Enabled:uTorrentPortTCP
"34983:UDP" = 34983:UDP:*:Enabled:uTorrentPortUDP
"6667:UDP" = 6667:UDP:*:Enabled:IceChat
"56459:TCP" = 56459:TCP:*:Enabled:Pando Media Booster
"56459:UDP" = 56459:UDP:*:Enabled:Pando Media Booster
"8376:TCP" = 8376:TCP:*:Enabled:League of Legends Launcher
"8376:UDP" = 8376:UDP:*:Enabled:League of Legends Launcher
"6967:TCP" = 6967:TCP:*:Enabled:League of Legends Launcher
"6967:UDP" = 6967:UDP:*:Enabled:League of Legends Launcher
"8377:TCP" = 8377:TCP:*:Enabled:League of Legends Launcher
"8377:UDP" = 8377:UDP:*:Enabled:League of Legends Launcher
"6958:TCP" = 6958:TCP:*:Enabled:League of Legends Launcher
"6958:UDP" = 6958:UDP:*:Enabled:League of Legends Launcher
"4000:TCP" = 4000:TCP:*:Enabled:Diablo 2
"15397:TCP" = 15397:TCP:*:Enabled:spport
"14022:TCP" = 14022:TCP:*:Enabled:spport
"29848:TCP" = 29848:TCP:*:Enabled:spport

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\IceChat7\IceChat7.exe" = C:\Program Files\IceChat7\IceChat7.exe:*:Enabled:Internet Relay Chat Client -- (IceChat Networks)
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"H:\Program Files\Steam\Steam.exe" = H:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\ATT-HSI\McciBrowser.exe" = C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Alcatel-Lucent)
"C:\Program Files\World of Warcraft\Temp\wow-4.0.0.2104-enUS-tools-downloader.exe" = C:\Program Files\World of Warcraft\Temp\wow-4.0.0.2104-enUS-tools-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Documents and Settings\Mr Smith\Local Settings\Apps\2.0\T6O6J9JJ.GKY\NO8EDCJ8.NA5\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe" = C:\Documents and Settings\Mr Smith\Local Settings\Apps\2.0\T6O6J9JJ.GKY\NO8EDCJ8.NA5\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe:*:Enabled:Curse Client 4.0
"C:\Program Files\World of Warcraft\Blizzard Downloader.exe" = C:\Program Files\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Temp\wow-4.0.1.2120-enUS-tools-downloader.exe" = C:\Program Files\World of Warcraft\Temp\wow-4.0.1.2120-enUS-tools-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0AC8162B-5175-41D7-B963-8307A40BD456}" = n52te Editor
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}" = Java DB 10.2.2.0
"{0F3A1C5A-DA6A-4536-A058-CBB857CAC20C}" = Nostromo Array Programming Software
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 5.1.0
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{6527051E-8939-4639-9690-800B3442E610}" = PC Tools Anti-Spam Toolbar
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A731356-4835-4C6A-B83B-E402191665F8}" = SkinStudio
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{83729FE3-6785-476A-91F1-312D427B4522}" = League of Legends
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{91D2C605-AD2B-44C8-A0A1-9B116B3C91CB}" = AVG 2011
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3AEF776-7FFF-4C50-A402-9119E3849EE0}" = AVG 2011
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DEE843A0-33C6-404C-90A4-1136F8BD38A2}" = calibre
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E3E3C2C5-B78F-560D-01C0-A9F11945D17B}" = Pandora
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
"{EDB32FFB-FC1C-414B-BF8E-4645217E9AF2}" = League of Legends
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0D91165CEEB2095316E8A04A59CDF0AE4B957C61" = Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"ATT-SST" = AT&T Self Support Tool
"ATTToolbar" = AT&T Toolbar
"AVG" = AVG 2011
"B3F2F39D9A48AD78A74BA5D236210A6E48B1333C" = Windows Driver Package - Belkin (HidUsb) HIDClass (01/11/2007 1.0)
"BLOCKSUM_is1" = Uninstall BLOCKSUM
"Browser Defender_is1" = Browser Defender 3.0
"Bytescout XLS Viewer_is1" = Bytescout XLS Viewer 2.30a (FREEWARE)
"Cacheman 5.50" = Cacheman 5.50
"com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora
"Comical_is1" = Comical 0.8
"DivX Setup.divx.com" = DivX Setup
"doPDF 6 printer_is1" = doPDF 6.0 printer
"Doxillion" = Doxillion Document Converter
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"IceChat_is1" = IceChat 7.63 (Build 20080417)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Maxthon3" = Maxthon 3
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PCI Audio Driver" = PCI Audio Driver
"RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11
"RocketDock_is1" = RocketDock 1.3.5
"SkinStudio" = SkinStudio
"Snapshot Viewer" = Snapshot Viewer
"Spyware Doctor" = PC Tools Internet Security 8.0
"SpywareGuard_is1" = SpywareGuard v2.2
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"Theme Manager" = Theme Manager
"Tweak UI 2.10" = Tweak UI
"Unlocker" = Unlocker 1.8.7
"uTorrent" = µTorrent
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Wik and the Fable of Souls_is1" = Wik and the Fable of Souls
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.0.5
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"wxPython2.8-ansi-py25_is1" = wxPython 2.8.0.1 (ansi) for Python 2.5
"wxWidgets_is1" = wxWidgets 2.8.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Super Fun Block Game" = Super Fun Block Game

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/12/2011 7:51:27 AM | Computer Name = IAINPC | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in process #316. Just-In-Time
debugging this exception failed with the following error: The remote procedure
call failed. Check the documentation index for 'Just-in-time debugging, errors' for
more information.

Error - 6/12/2011 7:51:28 AM | Computer Name = IAINPC | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in process #316. Just-In-Time
debugging this exception failed with the following error: The remote procedure
call failed. Check the documentation index for 'Just-in-time debugging, errors' for
more information.

Error - 6/12/2011 7:51:31 AM | Computer Name = IAINPC | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in process #316. Just-In-Time
debugging this exception failed with the following error: The remote procedure
call failed. Check the documentation index for 'Just-in-time debugging, errors' for
more information.

Error - 6/12/2011 7:51:34 AM | Computer Name = IAINPC | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in process #316. Just-In-Time
debugging this exception failed with the following error: The remote procedure
call failed. Check the documentation index for 'Just-in-time debugging, errors' for
more information.

Error - 6/12/2011 7:51:38 AM | Computer Name = IAINPC | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in process #316. Just-In-Time
debugging this exception failed with the following error: The remote procedure
call failed. Check the documentation index for 'Just-in-time debugging, errors' for
more information.

Error - 6/12/2011 7:51:41 AM | Computer Name = IAINPC | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in process #316. Just-In-Time
debugging this exception failed with the following error: The remote procedure
call failed. Check the documentation index for 'Just-in-time debugging, errors' for
more information.

Error - 6/12/2011 7:51:41 AM | Computer Name = IAINPC | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in process #316. Just-In-Time
debugging this exception failed with the following error: The remote procedure
call failed. Check the documentation index for 'Just-in-time debugging, errors' for
more information.

Error - 6/12/2011 7:51:43 AM | Computer Name = IAINPC | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in process #316. Just-In-Time
debugging this exception failed with the following error: The remote procedure
call failed. Check the documentation index for 'Just-in-time debugging, errors' for
more information.

Error - 6/12/2011 7:51:46 AM | Computer Name = IAINPC | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in process #316. Just-In-Time
debugging this exception failed with the following error: The remote procedure
call failed. Check the documentation index for 'Just-in-time debugging, errors' for
more information.

Error - 6/12/2011 7:51:48 AM | Computer Name = IAINPC | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in process #316. Just-In-Time
debugging this exception failed with the following error: The remote procedure
call failed. Check the documentation index for 'Just-in-time debugging, errors' for
more information.

[ System Events ]
Error - 6/12/2011 7:51:08 AM | Computer Name = IAINPC | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 6/12/2011 7:51:09 AM | Computer Name = IAINPC | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%5

Error - 6/12/2011 7:51:10 AM | Computer Name = IAINPC | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 6/12/2011 7:51:10 AM | Computer Name = IAINPC | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%5

Error - 6/12/2011 7:55:24 AM | Computer Name = IAINPC | Source = Service Control Manager | ID = 7023
Description = The Intel CPU service terminated with the following error: %%126

Error - 6/12/2011 7:56:46 AM | Computer Name = IAINPC | Source = Service Control Manager | ID = 7022
Description = The AVGIDSAgent service hung on starting.

Error - 6/12/2011 7:59:49 AM | Computer Name = IAINPC | Source = Service Control Manager | ID = 7022
Description = The PC Tools Security Service service hung on starting.

Error - 6/12/2011 8:14:42 AM | Computer Name = IAINPC | Source = Service Control Manager | ID = 7023
Description = The Intel CPU service terminated with the following error: %%126

Error - 6/12/2011 8:19:12 AM | Computer Name = IAINPC | Source = Service Control Manager | ID = 7022
Description = The PC Tools Security Service service hung on starting.

Error - 6/12/2011 12:07:37 PM | Computer Name = IAINPC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056


< End of report >
  • 0

#7
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Let's nuke the main infection first.

  • Close all other running programs.
  • Please run TDSSKiller.exe again and start the scan.
  • Do not change any setting after the scan and let it Cure any infections found.
  • Follow the prompts and reboot the computer when ask.
  • Once completed.. It will generate a report located at C:\TDSSKiller.Version_Date_Time_log.txt.
  • Please post the contents of that log when you reply.

  • 0

#8
Piros

Piros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
2011/06/19 05:50:36.0625 3572 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/19 05:50:37.0015 3572 ================================================================================
2011/06/19 05:50:37.0015 3572 SystemInfo:
2011/06/19 05:50:37.0015 3572
2011/06/19 05:50:37.0015 3572 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/19 05:50:37.0015 3572 Product type: Workstation
2011/06/19 05:50:37.0015 3572 ComputerName: IAINPC
2011/06/19 05:50:37.0015 3572 UserName: Mr Smith
2011/06/19 05:50:37.0015 3572 Windows directory: C:\WINDOWS
2011/06/19 05:50:37.0015 3572 System windows directory: C:\WINDOWS
2011/06/19 05:50:37.0015 3572 Processor architecture: Intel x86
2011/06/19 05:50:37.0015 3572 Number of processors: 2
2011/06/19 05:50:37.0015 3572 Page size: 0x1000
2011/06/19 05:50:37.0015 3572 Boot type: Normal boot
2011/06/19 05:50:37.0015 3572 ================================================================================
2011/06/19 05:50:37.0953 3572 Initialize success
2011/06/19 05:50:41.0734 3948 ================================================================================
2011/06/19 05:50:41.0734 3948 Scan started
2011/06/19 05:50:41.0734 3948 Mode: Manual;
2011/06/19 05:50:41.0734 3948 ================================================================================
2011/06/19 05:50:42.0187 3948 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/19 05:50:42.0218 3948 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/19 05:50:42.0265 3948 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/19 05:50:42.0328 3948 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/19 05:50:42.0468 3948 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/06/19 05:50:42.0609 3948 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/19 05:50:42.0718 3948 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/19 05:50:42.0765 3948 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/19 05:50:42.0812 3948 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/19 05:50:42.0843 3948 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/19 05:50:42.0953 3948 bcgame (694a022f3ca43ba0a75ab85a7223cf6c) C:\WINDOWS\system32\drivers\bcgame.sys
2011/06/19 05:50:42.0968 3948 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/19 05:50:43.0031 3948 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/19 05:50:43.0062 3948 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/19 05:50:43.0093 3948 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/19 05:50:43.0125 3948 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/19 05:50:43.0203 3948 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys
2011/06/19 05:50:43.0359 3948 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/19 05:50:43.0406 3948 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/19 05:50:43.0437 3948 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/19 05:50:43.0453 3948 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/19 05:50:43.0484 3948 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/19 05:50:43.0546 3948 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/19 05:50:43.0656 3948 e2d79ca0 (5aa8837abe926c671159a397821e23ed) C:\WINDOWS\TEMP\199.tmp
2011/06/19 05:50:43.0828 3948 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/19 05:50:43.0890 3948 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/19 05:50:43.0921 3948 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/19 05:50:43.0937 3948 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/19 05:50:43.0953 3948 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/19 05:50:43.0984 3948 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/19 05:50:44.0015 3948 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/19 05:50:44.0062 3948 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/06/19 05:50:44.0093 3948 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/06/19 05:50:44.0125 3948 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/06/19 05:50:44.0187 3948 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/19 05:50:44.0203 3948 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/19 05:50:44.0281 3948 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/19 05:50:44.0359 3948 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/19 05:50:44.0421 3948 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/19 05:50:44.0500 3948 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/19 05:50:44.0562 3948 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/19 05:50:44.0593 3948 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/19 05:50:44.0640 3948 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/19 05:50:44.0671 3948 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/19 05:50:44.0703 3948 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/19 05:50:44.0750 3948 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/19 05:50:44.0859 3948 JmtFltr (78cc22326e584d2c02e1ab8b38dbb00f) C:\WINDOWS\system32\Drivers\JmtFltr.sys
2011/06/19 05:50:44.0890 3948 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/19 05:50:44.0906 3948 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/19 05:50:44.0937 3948 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/19 05:50:44.0984 3948 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/19 05:50:45.0046 3948 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/06/19 05:50:45.0109 3948 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2011/06/19 05:50:45.0171 3948 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/06/19 05:50:45.0250 3948 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/06/19 05:50:45.0265 3948 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2011/06/19 05:50:45.0296 3948 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2011/06/19 05:50:45.0406 3948 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/06/19 05:50:45.0468 3948 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/19 05:50:45.0500 3948 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/19 05:50:45.0531 3948 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/19 05:50:45.0578 3948 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/19 05:50:45.0656 3948 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/19 05:50:45.0750 3948 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/06/19 05:50:45.0812 3948 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/06/19 05:50:45.0859 3948 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/19 05:50:45.0953 3948 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/19 05:50:46.0000 3948 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/19 05:50:46.0046 3948 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/19 05:50:46.0062 3948 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/19 05:50:46.0078 3948 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/19 05:50:46.0109 3948 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/19 05:50:46.0156 3948 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/19 05:50:46.0171 3948 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/19 05:50:46.0203 3948 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/19 05:50:46.0234 3948 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/19 05:50:46.0250 3948 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/19 05:50:46.0281 3948 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/19 05:50:46.0296 3948 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/19 05:50:46.0343 3948 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/19 05:50:46.0390 3948 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/19 05:50:46.0421 3948 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/19 05:50:46.0500 3948 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/19 05:50:46.0562 3948 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/19 05:50:46.0796 3948 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/19 05:50:47.0015 3948 nvata (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys
2011/06/19 05:50:47.0062 3948 NVENETFD (a545df28f75bcb109a3aadbb07552b12) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/06/19 05:50:47.0078 3948 nvnetbus (ea41f641420f3d8271804d287c1ef461) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/06/19 05:50:47.0125 3948 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\WINDOWS\nvoclock.sys
2011/06/19 05:50:47.0578 3948 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/19 05:50:47.0625 3948 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/19 05:50:47.0671 3948 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/19 05:50:47.0703 3948 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/19 05:50:47.0718 3948 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/19 05:50:47.0734 3948 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/19 05:50:47.0765 3948 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/19 05:50:47.0859 3948 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/19 05:50:47.0906 3948 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/19 05:50:47.0968 3948 PCTAppEvent (238d3211ecf5ec32a2d78dbada197dfe) C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2011/06/19 05:50:48.0000 3948 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/06/19 05:50:48.0093 3948 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
2011/06/19 05:50:48.0203 3948 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
2011/06/19 05:50:48.0250 3948 PCTFW-PacketFilter (60af5fa418efe284fb81dbbf5a0391fb) C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
2011/06/19 05:50:48.0328 3948 pctgntdi (5be722c8c9bba995693c8cd524d83b27) C:\WINDOWS\system32\drivers\pctgntdi.sys
2011/06/19 05:50:48.0359 3948 pctNdis (32d0dcb9bc33d5c0b29243e3d783b9e6) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
2011/06/19 05:50:48.0359 3948 pctNdisMP (32d0dcb9bc33d5c0b29243e3d783b9e6) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
2011/06/19 05:50:48.0453 3948 pctplfw (fe6803af91ddb32ff8edf5d6c0d370af) C:\WINDOWS\system32\drivers\pctplfw.sys
2011/06/19 05:50:48.0484 3948 pctplsg (1ea4b41d30f28ff5e186a49b4a1d36d9) C:\WINDOWS\system32\drivers\pctplsg.sys
2011/06/19 05:50:48.0656 3948 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/19 05:50:48.0687 3948 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/19 05:50:48.0718 3948 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/19 05:50:48.0734 3948 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/19 05:50:48.0765 3948 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/19 05:50:48.0875 3948 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/19 05:50:48.0937 3948 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/19 05:50:48.0968 3948 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/19 05:50:48.0984 3948 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/19 05:50:49.0031 3948 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/19 05:50:49.0062 3948 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/19 05:50:49.0093 3948 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/19 05:50:49.0125 3948 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/19 05:50:49.0156 3948 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/19 05:50:49.0343 3948 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/19 05:50:49.0375 3948 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/19 05:50:49.0406 3948 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/19 05:50:49.0437 3948 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/19 05:50:49.0515 3948 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/19 05:50:49.0609 3948 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/06/19 05:50:49.0609 3948 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/06/19 05:50:49.0609 3948 sptd - detected LockedFile.Multi.Generic (1)
2011/06/19 05:50:49.0734 3948 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/19 05:50:49.0781 3948 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/19 05:50:49.0812 3948 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/19 05:50:49.0843 3948 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/19 05:50:49.0937 3948 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/19 05:50:49.0984 3948 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
2011/06/19 05:50:50.0093 3948 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys
2011/06/19 05:50:50.0140 3948 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/19 05:50:50.0187 3948 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/19 05:50:50.0203 3948 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/19 05:50:50.0218 3948 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/19 05:50:50.0265 3948 TfFsMon (1c7be4e77d42a93e6cd82ef742a50524) C:\WINDOWS\system32\drivers\TfFsMon.sys
2011/06/19 05:50:50.0281 3948 TfNetMon (40d1ad5741204ea83661e1b4d3d0d0c5) C:\WINDOWS\system32\drivers\TfNetMon.sys
2011/06/19 05:50:50.0328 3948 TfSysMon (5d30e224ac2183357cb478b5cb73bd31) C:\WINDOWS\system32\drivers\TfSysMon.sys
2011/06/19 05:50:50.0437 3948 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/19 05:50:50.0546 3948 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/06/19 05:50:50.0609 3948 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/19 05:50:50.0671 3948 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/19 05:50:50.0734 3948 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/19 05:50:50.0765 3948 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/19 05:50:50.0781 3948 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/19 05:50:50.0812 3948 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/19 05:50:50.0828 3948 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/19 05:50:50.0890 3948 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/19 05:50:50.0921 3948 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/19 05:50:50.0984 3948 vhidmini (dffab3374f554977c4bb1b575a7b6502) C:\WINDOWS\system32\DRIVERS\vhidmini.sys
2011/06/19 05:50:51.0015 3948 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/19 05:50:51.0078 3948 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/19 05:50:51.0125 3948 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/06/19 05:50:51.0171 3948 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/19 05:50:51.0296 3948 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/19 05:50:51.0390 3948 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/19 05:50:51.0453 3948 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/19 05:50:51.0546 3948 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
2011/06/19 05:50:51.0609 3948 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/06/19 05:50:51.0609 3948 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/19 05:50:51.0625 3948 ================================================================================
2011/06/19 05:50:51.0625 3948 Scan finished
2011/06/19 05:50:51.0625 3948 ================================================================================
2011/06/19 05:50:51.0640 3980 Detected object count: 2
2011/06/19 05:50:51.0640 3980 Actual detected object count: 2
2011/06/19 05:51:11.0078 3980 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/19 05:51:11.0109 3980 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/19 05:51:11.0109 3980 \Device\Harddisk0\DR0 - ok
2011/06/19 05:51:11.0109 3980 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/19 05:51:17.0390 3552 Deinitialize success
  • 0

#9
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
That's a good start, let's take care of the rest.

P2P Warning:

uTorrent
Azureus


Your log(s) show that you are using so called peer-to-peer or file-sharing programmes .

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


==================================


1. Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    FF - prefs.js..extensions.enabledItems: {6BD345A9-782E-4516-B177-E733784A1FBB}:1.9.1
    FF - prefs.js..extensions.enabledItems: {F9EFC5C2-7787-49CE-A0D4-7C9280995F0A}:1.9.1
    FF - HKLM\software\mozilla\Firefox\extensions\\{6BD345A9-782E-4516-B177-E733784A1FBB}: C:\Documents and Settings\Mr Smith\Local Settings\Application Data\{6BD345A9-782E-4516-B177-E733784A1FBB} [2011/06/10 06:45:23 | 000,000,000 | ---D | M]
    [2011/06/10 06:45:23 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\MR SMITH\LOCAL SETTINGS\APPLICATION DATA\{6BD345A9-782E-4516-B177-E733784A1FBB}
    [2010/05/31 19:34:30 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\MR SMITH\LOCAL SETTINGS\APPLICATION DATA\{F9EFC5C2-7787-49CE-A0D4-7C9280995F0A}
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 8118
    FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
    FF - prefs.js..network.proxy.ssl: "127.0.0.1"
    FF - prefs.js..network.proxy.ssl_port: 8118
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [Adadelijosifaduj] File not found
    O36 - AppCertDlls: autol386 - (C:\WINDOWS\system32\pxinrcp.dll) - File not found
    [2011/06/10 21:02:15 | 000,166,400 | RHS- | M] () -- C:\WINDOWS\System32\ntmsoprq6.dll
    [2011/06/10 06:33:00 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Mr Smith\Application Data\h9ngajrf.bat
    [2011/06/10 06:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\{6BD345A9-782E-4516-B177-E733784A1FBB}
    [2011/06/11 03:34:54 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ddetiyov.dat
    [2011/06/11 01:22:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Uwalucoruwuy.bin
    [2011/06/10 06:33:00 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Mr Smith\Application Data\h9ngajrf.bat
    [2011/06/10 21:02:15 | 000,166,400 | RHS- | C] () -- C:\WINDOWS\System32\ntmsoprq6.dll
    [2011/06/10 21:02:15 | 000,000,308 | -HS- | C] () -- C:\WINDOWS\tasks\mbnj.jo
    [2011/03/18 00:39:06 | 000,017,308 | -HS- | C] () -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\2440507339
    [2011/03/18 00:39:06 | 000,017,308 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2440507339
    [2011/03/18 00:18:19 | 000,017,396 | -HS- | C] () -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\1368123653
    [2011/03/18 00:18:19 | 000,017,396 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1368123653
    
    :Commands
    [CREATERESTOREPOINT] 
    [REBOOT] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.


2. Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


  • 0

#10
Piros

Piros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I ran the OTL fix. I had to run it 2x because my anti-virus stopped it midway the first time and I had to disable it. Upon reboot I didnt get a fix log popup tho.

The ifoludej.dll error on startup seems to be gone tho.

Also, thank you for the info on P2P clients, but I'm not really in the habit of downloading music and movies. I occasionally use it to download games, when the publisher suggests it, since I do most of my purchases online. I get most of my music from online radio and tv from online streaming video.
  • 0

Advertisements


#11
Piros

Piros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Here is the fix log, I found its hidden directory location online. I think most of the fixes say not found because they occurred on the first interrupted fix that froze my computer due to anti-virus. Anyway:

========== OTL ==========
Prefs.js: {6BD345A9-782E-4516-B177-E733784A1FBB}:1.9.1 removed from extensions.enabledItems
Prefs.js: {F9EFC5C2-7787-49CE-A0D4-7C9280995F0A}:1.9.1 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6BD345A9-782E-4516-B177-E733784A1FBB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BD345A9-782E-4516-B177-E733784A1FBB}\ not found.
File C:\Documents and Settings\Mr Smith\Local Settings\Application Data\{6BD345A9-782E-4516-B177-E733784A1FBB} not found.
Folder C:\DOCUMENTS AND SETTINGS\MR SMITH\LOCAL SETTINGS\APPLICATION DATA\{6BD345A9-782E-4516-B177-E733784A1FBB}\ not found.
Folder C:\DOCUMENTS AND SETTINGS\MR SMITH\LOCAL SETTINGS\APPLICATION DATA\{F9EFC5C2-7787-49CE-A0D4-7C9280995F0A}\ not found.
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 8118 removed from network.proxy.http_port
Prefs.js: "127.0.0.1" removed from network.proxy.no_proxies_on
Prefs.js: "127.0.0.1" removed from network.proxy.ssl
Prefs.js: 8118 removed from network.proxy.ssl_port
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adadelijosifaduj not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\autol386 not found.
File C:\WINDOWS\System32\ntmsoprq6.dll not found.
File C:\Documents and Settings\Mr Smith\Application Data\h9ngajrf.bat not found.
Folder C:\Documents and Settings\Mr Smith\Local Settings\Application Data\{6BD345A9-782E-4516-B177-E733784A1FBB}\ not found.
File C:\WINDOWS\Ddetiyov.dat not found.
File C:\WINDOWS\Uwalucoruwuy.bin not found.
File C:\Documents and Settings\Mr Smith\Application Data\h9ngajrf.bat not found.
File C:\WINDOWS\System32\ntmsoprq6.dll not found.
File C:\WINDOWS\tasks\mbnj.jo not found.
File C:\Documents and Settings\Mr Smith\Local Settings\Application Data\2440507339 not found.
File C:\Documents and Settings\All Users\Application Data\2440507339 not found.
File C:\Documents and Settings\Mr Smith\Local Settings\Application Data\1368123653 not found.
File C:\Documents and Settings\All Users\Application Data\1368123653 not found.
========== COMMANDS ==========
Unable to start service SrService!

OTL by OldTimer - Version 3.2.24.0 log created on 06192011_083201
  • 0

#12
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi Piros,

How about the Combofix run?
  • 0

#13
Piros

Piros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I just finished running ComboFix. When I ran it it said there was an active Anti-virus called Internet Security Anti-virus. I tried to turn it off when it gave me a chance, but the only running process resembling an anti-virus program was pctsAux.exe, something to do with PC Tools Internet Security. I ended that process and continued and ComboFix said Internet Security Anti-virus was still running and was gonna continue at my own risk. My best guess is that that was something relating to the fake anti-virus software trojan I removed last week, SecurityShield/Zefarch, while waiting for your first response.

Anyway, here is the log: I looked at it and awesome is just what I called MBAM setup when I was removing Zefarch, and random.exe is OTL.exe because I had some trouble running it initially last week.

The log:

ComboFix 11-06-17.04 - Mr Smith 06/19/2011 10:01:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1552 [GMT -5:00]
Running from: c:\documents and settings\Mr Smith\Desktop\ComboFix.exe
AV: Internet Security Anti-Virus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Internet Security Firewall *Enabled* {2BF21FEC-A5BE-424D-BDD7-3229CC84ED22}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mr Smith\Application Data\Adobe\plugs
c:\documents and settings\Mr Smith\Application Data\Adobe\shed
c:\documents and settings\Mr Smith\Application Data\Local
c:\documents and settings\Mr Smith\System
c:\documents and settings\Mr Smith\System\win_qs8.jqx
c:\documents and settings\Mr Smith\WINDOWS
C:\install.exe
C:\LOG104.tmp
C:\LOG17.tmp
C:\LOG1E5.tmp
C:\LOG2.tmp
C:\LOG20.tmp
C:\LOG22.tmp
C:\LOG23C.tmp
C:\LOG2E.tmp
C:\LOG3.tmp
C:\LOG3D.tmp
C:\LOG3E.tmp
C:\LOG3F.tmp
C:\LOG4.tmp
C:\LOG40.tmp
C:\LOG5.tmp
C:\LOG57.tmp
C:\LOG5E.tmp
C:\LOG6.tmp
C:\LOG61.tmp
C:\LOG65.tmp
C:\LOG7.tmp
C:\LOG8.tmp
C:\LOG9.tmp
C:\LOGA.tmp
C:\LOGB.tmp
C:\LOGC.tmp
C:\LOGC6.tmp
C:\LOGD.tmp
C:\LOGD8.tmp
C:\LOGE.tmp
C:\LOGF.tmp
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\ST6UNST.000
H:\install.exe
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_ITLPERF
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-05-19 to 2011-06-19 )))))))))))))))))))))))))))))))
.
.
2011-06-19 13:20 . 2011-06-19 13:20 -------- d-----w- C:\_OTL
2011-06-15 05:17 . 2011-06-15 05:17 -------- d-----w- c:\program files\awesome
2011-06-13 05:23 . 2011-06-13 05:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-06-11 05:20 . 2011-06-18 17:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-06-11 05:20 . 2011-06-11 05:20 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-06-11 05:20 . 2011-06-11 05:20 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer
2011-06-11 05:18 . 2011-06-11 05:20 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2011-05-26 10:39 . 2011-05-26 10:39 -------- d-----w- c:\program files\Comical
2011-05-25 11:36 . 2011-05-25 11:36 -------- d-----w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo
2011-05-25 11:36 . 2011-05-25 11:36 -------- d-----w- c:\documents and settings\Mr Smith\Application Data\cYo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 14:11 . 2011-03-18 07:49 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2011-03-18 07:49 22712 -c--a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2010-04-23 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
"Nektra OEAPI"="c:\program files\Common Files\PC Tools\Outlook Express API\Launcher.exe" [2008-07-21 86016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\documents and settings\Mr Smith\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-26 805392]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T
AT&T Self Support Tool.lnk - c:\program files\ATT-SST\McciBrowser.exe [2009-12-8 1048576]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T\AT&T Internet Security Wizard
Preferences.lnk - c:\program files\AT&T\Internet Security Wizard\ISW.exe [N/A]
Start AT&T Internet Security Wizard.lnk - c:\program files\AT&T\Internet Security Wizard\ISW.exe [N/A]
Stop AT&T Internet Security Wizard.lnk - c:\program files\AT&T\Internet Security Wizard\ISW.exe [N/A]
Uninstall.lnk - c:\program files\AT&T\Internet Security Wizard\unins000.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Loadout Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Loadout Manager.lnk
backup=c:\windows\pss\Loadout Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Mr Smith^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Mr Smith\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]
2010-03-24 21:26 243544 ----a-w- c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jomantha]
2008-06-13 17:19 159744 ----a-w- c:\program files\n52te\n52teHid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2008-03-14 10:00 136512 ----a-w- c:\program files\McAfee\Common Framework\UdaterUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-12-24 14:06 1242448 ----a-w- h:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-04-01 18:49 36352 -c--a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"HssTrayService"=3 (0x3)
"HssSrv"=2 (0x2)
"HotspotShieldService"=2 (0x2)
"Diskeeper"=2 (0x2)
"DAUpdaterSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\IceChat7\\IceChat7.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"h:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\World of Warcraft\\Blizzard Downloader.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard Downloader
"6882:TCP"= 6882:TCP:Blizzard Downloader
"6883:TCP"= 6883:TCP:Blizzard Downloader
"8086:TCP"= 8086:TCP:WoW
"8087:TCP"= 8087:TCP:WoW
"9081:TCP"= 9081:TCP:WoW
"9090:TCP"= 9090:TCP:WoW
"9097:TCP"= 9097:TCP:WoW
"9100:TCP"= 9100:TCP:WoW
"6885:TCP"= 6885:TCP:Blizzard Downloader
"6886:TCP"= 6886:TCP:Blizzard Downloader
"6887:TCP"= 6887:TCP:Blizzard Downloader
"6889:TCP"= 6889:TCP:Blizzard Downloader
"6890:TCP"= 6890:TCP:Blizzard Downloader
"6891:TCP"= 6891:TCP:Blizzard Downloader
"6892:TCP"= 6892:TCP:Blizzard Downloader
"6893:TCP"= 6893:TCP:Blizzard Downloader
"6895:TCP"= 6895:TCP:Blizzard Downloader
"6896:TCP"= 6896:TCP:Blizzard Downloader
"6897:TCP"= 6897:TCP:Blizzard Downloader
"6899:TCP"= 6899:TCP:Blizzard Downloader
"35608:TCP"= 35608:TCP:Limewire
"18230:UDP"= 18230:UDP:uTorrent
"5000:TCP"= 5000:TCP:Vent
"5000:UDP"= 5000:UDP:Vent
"6100:TCP"= 6100:TCP:Vent
"6100:UDP"= 6100:UDP:Vent
"1380:TCP"= 1380:TCP:WAR
"10622:TCP"= 10622:TCP:WAR
"57574:TCP"= 57574:TCP:Pando Media Booster
"57574:UDP"= 57574:UDP:Pando Media Booster
"34983:TCP"= 34983:TCP:uTorrentPortTCP
"34983:UDP"= 34983:UDP:uTorrentPortUDP
"6667:UDP"= 6667:UDP:IceChat
"56459:TCP"= 56459:TCP:Pando Media Booster
"56459:UDP"= 56459:UDP:Pando Media Booster
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"6967:TCP"= 6967:TCP:League of Legends Launcher
"6967:UDP"= 6967:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"6958:TCP"= 6958:TCP:League of Legends Launcher
"6958:UDP"= 6958:UDP:League of Legends Launcher
"4000:TCP"= 4000:TCP:Diablo 2
"15397:TCP"= 15397:TCP:spport
"14022:TCP"= 14022:TCP:spport
"29848:TCP"= 29848:TCP:spport
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/21/2011 4:43 AM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [3/21/2011 4:43 AM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [3/21/2011 4:43 AM 656320]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/1/2008 1:11 PM 717296]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [3/21/2011 4:43 AM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [3/21/2011 4:43 AM 69392]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/21/2011 4:43 AM 251560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [3/21/2011 4:47 AM 247760]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [3/21/2011 4:43 AM 160448]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [3/21/2011 4:42 AM 366840]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [3/21/2011 4:43 AM 56536]
S0 wgjfegoq;wgjfegoq; [x]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [7/23/2003 2:16 PM 22821]
S3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2/15/2009 3:10 PM 48896]
S3 LiveTurbineMessageService;Turbine Message Service - Live;"h:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe" --> h:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [?]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;"h:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" --> h:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/18/2011 2:49 AM 39984]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [3/21/2011 4:43 AM 89472]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [3/21/2011 4:43 AM 56536]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [3/21/2011 4:43 AM 125248]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [3/21/2011 4:43 AM 70536]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [3/21/2011 4:43 AM 33552]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 6:17 AM 2805000]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-28 c:\windows\Tasks\doxillionShakeIcon.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2011-03-15 05:18]
.
2011-03-12 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2011-03-09 12:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uInternet Connection Wizard,ShellNext = hxxp://www.onlineregister.com/viewsonic
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: aol.com\music
Trusted Zone: shoutcast.com
Trusted Zone: winamp.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.wowhead.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - Ext: Move Media Player: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: oldbar: {46868735-c3fa-47ce-8ce7-cce51a66aceb} - %profile%\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
FF - Ext: Extended Statusbar: {daf44bf7-a45e-4450-979c-91cf07434c3d} - %profile%\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
FF - Ext: Tiny Menu: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904} - %profile%\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
FF - Ext: zblack: {50931610-3d8e-11dd-ae16-0800200c9a66} - %profile%\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
FF - Ext: YoYo Games InstantPlay: [email protected] - %profile%\extensions\[email protected]
FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF - Ext: FoxyTunes Skin - OnyxOrbs: {469CEB59-8266-438b-91D9-82F56D595E15} - %profile%\extensions\{469CEB59-8266-438b-91D9-82F56D595E15}
FF - Ext: Solid State ION: [email protected] - %profile%\extensions\[email protected]
FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
Notify-itlntfy - itlnfw32.dll
MSConfigStartUp-Adadelijosifaduj - c:\windows\ifoludej.dll
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
MSConfigStartUp-CurseClient - c:\program files\Curse\CurseClient.exe
MSConfigStartUp-Fraps - c:\fraps\FRAPS.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-19 10:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\pluginreg.dat.bak 16005 bytes
c:\documents and settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\prefs.js.BAK 11428 bytes
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e2d79ca0]
"imagepath"="\??\c:\windows\TEMP\199.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"
"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"
"AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"
"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"
"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"
.
[HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:09,09,22,15,86,8b,fb,81,4f,2d,57,a1,7f,6f,17,59,7f,ff,43,89,27,
6b,49,e1,e7,fd,68,50,57,34,c2,59,ad,82,c4,63,cd,5d,95,a3,10,90,bd,22,e4,b7,\
"rkeysecu"=hex:29,52,7b,02,92,e8,87,b3,48,af,b8,d4,08,42,c7,8b
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1348)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'lsass.exe'(1404)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(3908)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\Mixer.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\SoftwareDistribution\Download\Install\VS80sp1-KB2251481-X86-INTL.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
.
**************************************************************************
.
Completion time: 2011-06-19 10:26:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-19 15:26
.
Pre-Run: 12,252,729,344 bytes free
Post-Run: 12,626,931,712 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn
.
- - End Of File - - D42DDF0EB026093F0A357F516C831774
  • 0

#14
Piros

Piros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Windows installed an automatic update pretty much as soon ComboFix was done and I posted my last post, it's forcing a restart right now. Hope that's a good thing.
  • 0

#15
Piros

Piros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Again with the possibly unrelated information.

I just got my first Microsoft Error Report in a very long time. It says that at "6/19/2011" at "10:30:11am" the application "VS80sp1-KB2251481-X86-INTL" had an error described as "Queue Servicing Report".

I assume that app is the Windows Automatic Update I just installed.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP