Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help Removing Browser Redirect Whenever I Search for Anti-Malware Site

Started by monsieurd , Oct 08 2011 06:42 PM

  • Please log in to reply

#1
monsieurd
Posted 08 October 2011 - 06:42 PM

monsieurd

    Member

  • Member
  • PipPip
  • 17 posts
Hello all, it appears I've been infected with some sort of malware. I cannot use MBAM, as I get a message saying that Windows cannot access the specified file, and that I need admin privileges. I have AVG, but it apparently failed to remove the infection. Also, I am experiencing browser redirects whenever I search for MBAM or any other website that is related to malware removal. Here's me OTL log, I appreciate your assistance (note: I ran OTL in Safe Mode if that makes a difference):

OTL logfile created on: 10/8/2011 5:25:35 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 79.38% Memory free
4.22 Gb Paging File | 3.95 Gb Available in Paging File | 93.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.21 Gb Total Space | 11.98 Gb Free Space | 12.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.57 Gb Free Space | 65.70% Space Free | Partition Type: NTFS
Drive E: | 565.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SCHOOLAPTOP | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Windows\918575928:3349430217.exe
PRC - [2011/10/08 17:17:07 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2011/08/30 13:49:17 | 000,013,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
PRC - [2011/06/26 13:31:03 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/30 14:25:44 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (VVIXMUH)
SRV - File not found [On_Demand | Stopped] -- -- (PVR)
SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/22 00:14:40 | 000,253,952 | ---- | M] (Ryan Conrad) [Auto | Stopped] -- C:\Program Files\Droid Explorer\DroidExplorer.Service.exe -- (DroidExplorerService)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/09/07 10:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 13:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/05/31 08:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 08:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/05/25 00:59:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/05/25 00:59:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/05/25 00:59:24 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/05/25 00:59:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/04/26 19:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/04/26 19:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/04/26 19:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009/03/02 16:20:18 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/06/30 23:16:26 | 000,018,912 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lmvac.sys -- (LTXMD_VAC) Litex Media Virtual Audio Cable (WDM)
DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/12 14:37:28 | 008,235,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/30 11:05:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.06\RivaTuner32.sys -- (RivaTuner32)
DRV - [2007/09/07 10:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/28 22:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 22:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/05/10 23:40:28 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/09 05:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/09 05:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/09 05:46:08 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/04/28 22:24:30 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/18 18:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/05/02 22:15:50 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMBios.sys -- (SMBios) Intel ®
DRV - [1997/04/22 11:16:00 | 000,006,272 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ASLM75.SYS -- (aslm75)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=6071224
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com|news.bbc.co.uk|http://www.france24.com/fr/"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.6
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:1.3.2
FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.6
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 58202
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6h: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/14 11:20:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/16 11:53:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/26 21:26:47 | 000,000,000 | ---D | M]

[2008/08/28 23:37:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2011/08/21 23:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi184zgi.default\extensions
[2010/01/17 12:32:09 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi184zgi.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2009/12/25 00:34:35 | 000,000,000 | ---D | M] (Sothink SWF Catcher) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi184zgi.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2011/02/06 03:29:21 | 000,001,982 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi184zgi.default\searchplugins\duckduckgo-ssl.xml
[2011/10/06 11:07:23 | 000,001,835 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi184zgi.default\searchplugins\weathercom.xml
[2008/07/17 01:21:41 | 000,002,354 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi184zgi.default\searchplugins\wr-english-french.xml
[2008/03/15 13:42:27 | 000,002,379 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi184zgi.default\searchplugins\wr-english-spanish.xml
[2011/05/12 18:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/09 00:11:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/14 11:20:13 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VI184ZGI.DEFAULT\EXTENSIONS\[email protected]
[2011/06/28 15:56:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/16 11:53:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/09 00:10:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/16 11:53:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_1\plugins/avgnpss.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Clouds Theme (Aero) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcciaadkjghlekmecfilhfakgmmgheei\1.1_0\
CHR - Extension: AVG Safe Search = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2011/09/11 03:53:25 | 000,437,450 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15048 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe ()
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [provresxml.exe] "C:\Windows\ServiceProfiles\NetworkService\provresxml.exe" File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [*pagequeueedit.exe] C:\Users\***\AppData\Local\pagequeueedit.exe (©mYSystems)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\pnrpnsp.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76346A94-60B1-4E73-86D7-C54221E750B1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/03/11 12:21:36 | 000,000,148 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4769ab4a-9ffc-11dd-9759-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4769ab4a-9ffc-11dd-9759-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup\rsrc\AUTORUN.EXE -- [2004/08/03 13:29:57 | 000,057,344 | R--- | M] ()
O33 - MountPoints2\{4769ab4a-9ffc-11dd-9759-806e6f6e6963}\Shell\dinstall\command - "" = E:\DirectX\dxsetup.exe -- [2003/06/01 17:47:20 | 000,467,456 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/08 17:24:30 | 000,209,408 | ---- | C] (©mYSystems) -- C:\Users\***\AppData\Local\pagequeueedit.exe
[2 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/08 17:25:32 | 000,097,280 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/08 17:24:30 | 000,209,408 | ---- | M] (©mYSystems) -- C:\Users\***\AppData\Local\pagequeueedit.exe
[2011/10/08 17:23:40 | 000,000,000 | ---- | M] () -- C:\Windows\918575928
[2011/10/08 17:23:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/08 17:22:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/08 17:00:28 | 000,005,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/08 17:00:28 | 000,005,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/08 16:24:19 | 000,687,812 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/08 16:24:19 | 000,131,266 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/08 15:53:41 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/08 15:42:09 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/08 15:28:00 | 000,028,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2011/10/08 15:03:40 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/08 15:03:26 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/08 15:00:47 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011/10/08 15:00:44 | 000,002,485 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2011/10/07 10:18:40 | 134,352,362 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/10/04 19:58:18 | 000,182,717 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/09/30 01:29:46 | 000,028,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2011/09/26 21:26:47 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/09/17 01:15:26 | 000,001,288 | ---- | M] () -- C:\Users\***\Desktop\Vids - Shortcut.lnk
[2011/09/14 11:20:14 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/09/12 00:34:52 | 000,000,173 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/09/11 03:53:25 | 000,437,450 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/08 15:03:26 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/08 14:57:17 | 000,000,000 | ---- | C] () -- C:\Windows\918575928
[2011/09/17 01:15:03 | 000,001,288 | ---- | C] () -- C:\Users\***\Desktop\Vids - Shortcut.lnk
[2011/07/02 18:58:07 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\1A2E.5A3
[2011/06/28 16:02:00 | 000,000,173 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/06/25 15:10:45 | 000,011,292 | -HS- | C] () -- C:\Users\***\AppData\Local\t05kv0komxexml6l86yyf04
[2011/06/25 15:10:45 | 000,011,292 | -HS- | C] () -- C:\ProgramData\t05kv0komxexml6l86yyf04
[2010/06/14 22:12:13 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2010/02/05 12:22:18 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\prvlcl.dat
[2010/01/27 14:47:37 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/12/22 03:27:40 | 000,018,073 | ---- | C] () -- C:\Windows\CSTBox.INI
[2009/07/10 15:36:11 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/03/23 18:54:34 | 000,172,175 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/10/23 01:07:31 | 000,000,107 | ---- | C] () -- C:\Windows\VobEdit.INI
[2008/10/22 01:24:30 | 000,000,551 | ---- | C] () -- C:\Users\***\AppData\Roaming\AutoGK.ini
[2008/10/22 00:46:44 | 000,043,698 | ---- | C] () -- C:\Windows\System32\xvid-uninstall.exe
[2008/08/18 16:08:21 | 000,133,329 | ---- | C] () -- C:\Windows\hppins20.dat
[2008/08/18 16:07:49 | 000,016,655 | ---- | C] () -- C:\Windows\hppmdl20.dat
[2008/06/26 00:26:36 | 000,007,431 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/05/01 00:00:37 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2008/01/27 03:34:29 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/09 22:31:11 | 000,006,272 | ---- | C] () -- C:\Windows\System32\drivers\ASLM75.SYS
[2008/01/07 01:53:35 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini
[2008/01/06 18:28:29 | 000,097,280 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/05 22:41:36 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008/01/05 22:33:51 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2008/01/05 22:18:15 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/01/05 22:17:33 | 000,277,784 | ---- | C] () -- C:\Windows\System32\drivers\iaStor.sys
[2008/01/05 22:16:50 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/01/03 17:18:02 | 000,001,462 | ---- | C] () -- C:\Windows\mozver.dat
[2008/01/03 15:34:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/01/03 15:15:53 | 000,028,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2008/01/03 15:15:47 | 000,028,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2007/12/23 11:51:12 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/12/23 11:51:12 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2007/12/23 11:50:44 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2007/12/23 11:48:00 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/07/25 06:24:28 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/03/10 04:51:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/11/10 15:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,323,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,687,812 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,131,266 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 00:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 00:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/12/31 01:40:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\acccore
[2010/05/23 01:32:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\All Free Video Joiner
[2008/03/31 02:01:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010/10/15 13:24:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG10
[2009/03/05 00:30:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG7
[2008/02/13 02:17:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock
[2011/07/07 12:45:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2008/10/11 19:51:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoolFlvMan
[2008/10/11 19:49:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoolYouTubeDownloader
[2008/10/22 22:01:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COWON
[2011/01/23 18:57:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DroidExplorer
[2011/08/16 23:22:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Elluminate
[2008/10/11 19:39:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FMZilla
[2010/06/20 15:22:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free AVI MPEG WMV MP4 FLV Video Joiner
[2010/07/24 13:21:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRight
[2008/02/25 02:14:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2008/10/11 19:07:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro
[2011/01/09 00:50:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2008/01/11 23:25:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2008/10/22 22:36:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iriverter
[2008/10/31 01:04:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MPEG Streamclip
[2008/01/12 00:22:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NCH Swift Sound
[2008/05/18 21:17:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2008/10/11 19:37:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2009/07/12 19:18:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Research In Motion
[2008/01/23 00:46:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Shareaza
[2010/06/14 18:58:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SystemRequirementsLab
[2009/03/06 22:48:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2011/10/08 16:11:54 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 784 bytes -> C:\Windows\918575928:3349430217.exe
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:62E2D794

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 08 October 2011 - 08:43 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

PRC - File not found -- C:\Windows\918575928:3349430217.exe


This is the Zero Access Rootkit. Let's see if we can get Combofix to run:

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html You may find it simpler to just uninstall AVG. Zero Access often replaces key parts of the antivirus with itself so a new anti-virus is usually required.


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and select Run As Administrator
change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


If you haven't already uninstalled AVG:

Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe

Download and save the free Avast installer.
http://www.avast.com...ivirus-download
Uninstall AVG

Run the Avg Remover

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
Copy and paste the text from C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt



Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
monsieurd
Posted 09 October 2011 - 01:35 AM

monsieurd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
UPDATE: Okay, I had to attach an external USB keyboard and and mouse to get onto my laptop, I'm gonna proceed with the rest of steps; however, can you please tell me how to restore my internal keyboard and mouse? Thank you. Alright, it looks like after I ran TDSS Killer and rebooted the computer, keyboard and mouse functions were restored. I'll continue with the rest of the steps.

Hi RKinner, thanks for the reply, I only got as far as the ComboFix step. I let it run, which said it needed to reboot, which I did, then once Windows booted up, it ran again and rebooted once more. However, I now seem to have a major problem in that my keyboard and internal mouse no longer work, so now I cannot type in my password to log onto my computer. I already tried rebooting again, but I get the same problem. I am at a loss now how to restore the keyboard and internal mouse function.

Edited by monsieurd, 09 October 2011 - 01:57 AM.

  • 0

#4
RKinner
Posted 09 October 2011 - 01:54 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Please tell me the make and model of the PC. Also copy and Paste the combofix log so I can see what it did.

Ron
  • 0

#5
monsieurd
Posted 09 October 2011 - 12:28 PM

monsieurd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
My laptop is a Dell Vostro 1500. Alright, so I've completed all the steps you've asked me, and everything seems to be normal now, no browser redirects, no forced shutdown whenever I open MBAM or Task Manager.

However, two things: I cannot seem to find the ComboFix log anywhere on my computer, and I cannot find the avast boot scan log at the location you specified. The closest thing I see for ComboFix is in C:, and it is an icon that says ComboFix, but with a picture of a computer. When I click on it, it just takes me to a view of my computer, with the C: and D: but that's it.

And as for the avast boot scan, it found seven infected files and moved them to the chest. I did do a "print screen" and saved the image of the scan results as a .jpg, should I post that? First here's me new OTL log:


OTL logfile created on: 10/9/2011 11:11:03 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 40.95% Memory free
4.21 Gb Paging File | 2.79 Gb Available in Paging File | 66.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.21 Gb Total Space | 9.93 Gb Free Space | 10.01% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.57 Gb Free Space | 65.70% Space Free | Partition Type: NTFS
Drive E: | 565.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SCHOOLAPTOP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/08 17:17:07 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2011/09/30 08:12:41 | 001,030,200 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/09/06 13:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/26 13:31:03 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/23 20:32:46 | 000,578,611 | ---- | M] () -- C:\Program Files\Droid Explorer\SDK\tools\adb.exe
PRC - [2010/08/22 00:14:40 | 000,253,952 | ---- | M] (Ryan Conrad) -- C:\Program Files\Droid Explorer\DroidExplorer.Service.exe
PRC - [2009/06/10 06:22:22 | 000,334,224 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2007/09/07 10:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/07 10:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/08/29 13:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/08/28 22:54:58 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/04/27 07:34:18 | 001,123,872 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/04/16 15:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2006/10/20 16:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/30 08:12:40 | 000,412,728 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\14.0.835.202\ppgooglenaclpluginchrome.dll
MOD - [2011/09/30 08:12:39 | 003,696,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
MOD - [2011/09/30 08:11:13 | 000,142,568 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\14.0.835.202\avutil-51.dll
MOD - [2011/09/30 08:11:12 | 000,253,320 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\14.0.835.202\avformat-53.dll
MOD - [2011/09/30 08:11:10 | 002,403,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\14.0.835.202\avcodec-53.dll
MOD - [2011/09/29 13:06:57 | 008,587,936 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
MOD - [2011/06/29 18:44:47 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03858406f9a9514402888707e8b93abe\System.Web.ni.dll
MOD - [2011/06/29 18:44:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll
MOD - [2011/06/29 18:27:50 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll
MOD - [2011/06/29 18:26:01 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll
MOD - [2007/12/08 14:34:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/04/27 07:34:24 | 000,103,968 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (VVIXMUH)
SRV - File not found [On_Demand | Stopped] -- -- (PVR)
SRV - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/22 00:14:40 | 000,253,952 | ---- | M] (Ryan Conrad) [Auto | Running] -- C:\Program Files\Droid Explorer\DroidExplorer.Service.exe -- (DroidExplorerService)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/09/07 10:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 13:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/05/31 08:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 08:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 13:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 13:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 13:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 13:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 13:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 13:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/25 00:59:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/05/25 00:59:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/05/25 00:59:24 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/05/25 00:59:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/04/26 19:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/04/26 19:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/04/26 19:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009/03/02 16:20:18 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/06/30 23:16:26 | 000,018,912 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lmvac.sys -- (LTXMD_VAC) Litex Media Virtual Audio Cable (WDM)
DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/12 14:37:28 | 008,235,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/30 11:05:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.06\RivaTuner32.sys -- (RivaTuner32)
DRV - [2007/09/07 10:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/28 22:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 22:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/05/10 23:40:28 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/09 05:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/09 05:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/09 05:46:08 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/04/28 22:24:30 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/18 18:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/05/02 22:15:50 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMBios.sys -- (SMBios) Intel ®
DRV - [1997/04/22 11:16:00 | 000,006,272 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ASLM75.SYS -- (aslm75)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=6071224
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com|news.bbc.co.uk|http://www.france24.com/fr/"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.6
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:1.3.2
FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.6
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 58202
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6h: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/14 11:20:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/10/09 01:25:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/09 01:16:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/26 21:26:47 | 000,000,000 | ---D | M]

[2008/08/28 23:37:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2011/08/21 23:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi184zgi.default\extensions
[2010/01/17 12:32:09 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi184zgi.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2009/12/25 00:34:35 | 000,000,000 | ---D | M] (Sothink SWF Catcher) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi184zgi.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2011/02/06 03:29:21 | 000,001,982 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi184zgi.default\searchplugins\duckduckgo-ssl.xml
[2011/10/06 11:07:23 | 000,001,835 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi184zgi.default\searchplugins\weathercom.xml
[2008/07/17 01:21:41 | 000,002,354 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi184zgi.default\searchplugins\wr-english-french.xml
[2008/03/15 13:42:27 | 000,002,379 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi184zgi.default\searchplugins\wr-english-spanish.xml
[2011/05/12 18:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/09 00:11:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/14 11:20:13 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VI184ZGI.DEFAULT\EXTENSIONS\[email protected]
[2011/06/28 15:56:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/09 01:16:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/09 00:10:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/09 01:16:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_1\plugins/avgnpss.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Clouds Theme (Aero) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcciaadkjghlekmecfilhfakgmmgheei\1.1_0\
CHR - Extension: avast! WebRep = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: AVG Safe Search = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2011/09/11 03:53:25 | 000,437,450 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15048 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF2851.3XE ()
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [provresxml.exe] "C:\Windows\ServiceProfiles\NetworkService\provresxml.exe" File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76346A94-60B1-4E73-86D7-C54221E750B1}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/03/11 12:21:36 | 000,000,148 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4769ab4a-9ffc-11dd-9759-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4769ab4a-9ffc-11dd-9759-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup\rsrc\AUTORUN.EXE -- [2004/08/03 13:29:57 | 000,057,344 | R--- | M] ()
O33 - MountPoints2\{4769ab4a-9ffc-11dd-9759-806e6f6e6963}\Shell\dinstall\command - "" = E:\DirectX\dxsetup.exe -- [2003/06/01 17:47:20 | 000,467,456 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/09 01:25:49 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/10/09 01:25:49 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/10/09 01:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/10/09 01:25:47 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/10/09 01:25:47 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/10/09 01:25:47 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/10/09 01:25:45 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/10/09 01:25:07 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/10/09 01:25:06 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/10/09 01:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/10/09 01:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/10/09 01:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/09 01:00:18 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/09 01:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/09 00:17:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/09 00:17:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/09 00:17:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/10/09 00:17:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/09 00:17:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/09 00:17:10 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/09 00:17:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/09 00:16:29 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/10/09 00:12:48 | 004,250,142 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2011/10/09 00:12:48 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2011/10/09 00:12:48 | 001,558,320 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/09 10:53:59 | 000,099,328 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/09 10:46:37 | 000,687,812 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/09 10:46:37 | 000,131,266 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/09 10:42:36 | 000,002,485 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2011/10/09 10:42:34 | 000,028,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2011/10/09 10:42:33 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011/10/09 10:42:20 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/09 10:42:17 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/09 10:41:47 | 000,005,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 10:41:47 | 000,005,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 10:41:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/09 10:41:13 | 2145,431,552 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/09 03:27:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/09 01:33:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/10/09 01:25:49 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/10/09 01:16:14 | 000,000,512 | ---- | M] () -- C:\Users\***\Documents\MBR.dat
[2011/10/09 01:00:22 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/08 23:59:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2011/10/08 23:57:24 | 001,558,320 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2011/10/08 23:53:46 | 004,250,142 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2011/09/30 01:29:46 | 000,028,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2011/09/28 20:13:54 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/26 21:26:47 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/09/17 01:15:26 | 000,001,288 | ---- | M] () -- C:\Users\***\Desktop\Vids - Shortcut.lnk
[2011/09/12 00:34:52 | 000,000,173 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/09/11 03:53:25 | 000,437,450 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/09 01:25:49 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/10/09 01:16:14 | 000,000,512 | ---- | C] () -- C:\Users\***\Documents\MBR.dat
[2011/10/09 01:00:22 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/09 00:26:22 | 2145,431,552 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/09 00:17:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/09 00:17:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/09 00:17:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/09 00:17:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/09 00:17:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/17 01:15:03 | 000,001,288 | ---- | C] () -- C:\Users\***\Desktop\Vids - Shortcut.lnk
[2011/06/28 16:02:00 | 000,000,173 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/06/25 15:10:45 | 000,011,292 | -HS- | C] () -- C:\Users\***\AppData\Local\t05kv0komxexml6l86yyf04
[2011/06/25 15:10:45 | 000,011,292 | -HS- | C] () -- C:\ProgramData\t05kv0komxexml6l86yyf04
[2010/06/14 22:12:13 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2010/02/05 12:22:18 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\prvlcl.dat
[2010/01/27 14:47:37 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/12/22 03:27:40 | 000,018,073 | ---- | C] () -- C:\Windows\CSTBox.INI
[2009/07/10 15:36:11 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/03/23 18:54:34 | 000,172,175 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/10/23 01:07:31 | 000,000,107 | ---- | C] () -- C:\Windows\VobEdit.INI
[2008/10/22 01:24:30 | 000,000,551 | ---- | C] () -- C:\Users\***\AppData\Roaming\AutoGK.ini
[2008/10/22 00:46:44 | 000,043,698 | ---- | C] () -- C:\Windows\System32\xvid-uninstall.exe
[2008/08/18 16:08:21 | 000,133,329 | ---- | C] () -- C:\Windows\hppins20.dat
[2008/08/18 16:07:49 | 000,016,655 | ---- | C] () -- C:\Windows\hppmdl20.dat
[2008/06/26 00:26:36 | 000,007,431 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/05/01 00:00:37 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2008/01/27 03:34:29 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/09 22:31:11 | 000,006,272 | ---- | C] () -- C:\Windows\System32\drivers\ASLM75.SYS
[2008/01/07 01:53:35 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini
[2008/01/06 18:28:29 | 000,099,328 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/05 22:41:36 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008/01/05 22:33:51 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2008/01/05 22:18:15 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/01/05 22:16:50 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/01/03 17:18:02 | 000,001,462 | ---- | C] () -- C:\Windows\mozver.dat
[2008/01/03 15:34:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/01/03 15:15:53 | 000,028,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2008/01/03 15:15:47 | 000,028,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2007/12/23 11:51:12 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/12/23 11:51:12 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2007/12/23 11:50:44 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2007/12/23 11:48:00 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/07/25 06:24:28 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/03/10 04:51:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/11/10 15:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,323,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,687,812 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,131,266 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 00:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 00:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:62E2D794

< End of report >
==================================================================================================================================================================

My Extras log:


OTL Extras logfile created on: 10/9/2011 11:11:03 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 40.95% Memory free
4.21 Gb Paging File | 2.79 Gb Available in Paging File | 66.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.21 Gb Total Space | 9.93 Gb Free Space | 10.01% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.57 Gb Free Space | 65.70% Space Free | Partition Type: NTFS
Drive E: | 565.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SCHOOLAPTOP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3526270071-1006874356-967301786-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F949595-4125-432E-8D53-A67BFD3020C9}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{13A62CDB-E58F-440B-8C7C-59F0050D09A5}" = rport=445 | protocol=6 | dir=out | app=system |
"{1F8C76C1-9DFF-4806-BD85-1E5C249D3ED6}" = lport=137 | protocol=17 | dir=in | name=netbios name service |
"{23963DFE-E31C-49F3-9D34-D0BD2721F8A0}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{298E4960-4168-470F-9612-9CDBCE04FACB}" = lport=137 | protocol=17 | dir=in | app=system |
"{3B9DAC19-AA44-4610-BB84-381B0CED6748}" = lport=10421 | protocol=17 | dir=in | name=singleclick discovery protocol |
"{5CCE72DA-05F6-4E41-8A6B-65BFFB010D15}" = lport=139 | protocol=6 | dir=in | name=netbios file/printer sharing |
"{6303ACF3-A28E-41CF-8B76-3B0C4978A64C}" = lport=138 | protocol=17 | dir=in | name=netbios datagram service |
"{6C8E1351-16BC-4AD6-854C-35B1EE3ED977}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{74FD02A4-B62B-4C78-807D-E1658DCD92E1}" = lport=138 | protocol=17 | dir=in | app=system |
"{78F822F8-B793-41CF-AC9A-C1117B1FA1C1}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{865E9CD8-7D09-4139-A029-75BDD0D8A3C2}" = lport=139 | protocol=6 | dir=in | app=system |
"{884FCBCD-41AC-4A35-8530-EA9BFDBE0D32}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8AD08906-C491-4291-AE29-426447953F14}" = rport=138 | protocol=17 | dir=out | app=system |
"{8E557AA5-54A0-410C-90F5-509AC705B407}" = lport=445 | protocol=6 | dir=in | app=system |
"{99E5E666-CE84-4681-AA0D-3746DEC81C45}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{9A0A4059-8185-40E4-8503-34F2E3178179}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9E259204-FCA4-4921-A8F4-C8129B27F456}" = lport=10426 | protocol=17 | dir=in | name=singleclick icc |
"{9EA0EF5D-6048-4CCB-AEC3-2093EC9089AB}" = rport=139 | protocol=6 | dir=out | app=system |
"{A08E53B7-EE35-465A-8392-6C234C6F4C5E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C09D165B-10B3-4B67-90E3-200CED2E09A9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C27B26CF-D1F9-4F33-8BA9-796174C80E21}" = lport=445 | protocol=6 | dir=in | name=microsoft directory services |
"{D24CC08D-8414-4975-BE19-B9537B268ECA}" = rport=137 | protocol=17 | dir=out | app=system |
"{D718E7FE-C512-400D-A410-D9F12465E85B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0233910E-AD15-4E54-9AA5-7D431F921F8A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{09B8D017-6658-4804-A4F9-0F2E1A06910D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{11F490F7-8294-4BB5-B433-E12115BA2F1B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{13427B25-FA25-49B3-81FD-554D3C3A6691}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{25000507-37C6-4BBE-B40B-328307264DF8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{26179794-AB9F-4BB1-8E85-F0E3A6CD11FC}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{28679A97-4B0E-4654-ABDE-340AF60D1C16}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{2C18517B-1958-47C8-9732-D46756888C33}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3ADCA2B4-A9E9-401A-9A3A-C6751A4333BC}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{49E2000C-0DF8-4233-A3A5-E3C27CD2541B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{5394F9D3-23D5-4E36-B5A2-8DE34D7DABA7}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{5B09A3D7-A681-4B8B-9491-74B030D7795C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{69F34570-9387-4F47-A195-E9D6A1D636E9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7FD603D5-107D-40C9-8A14-20A293AA3223}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{82118430-00C5-4DAB-B7BC-569EB8029604}" = protocol=58 | dir=out | [email protected],-28546 |
"{8276783E-6016-4B8E-9532-10450069EE8D}" = protocol=1 | dir=out | [email protected],-28544 |
"{85EE62F0-5D88-49E9-BED5-787E80367024}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8D4FF3FD-1203-493C-96E1-9B2E043DC502}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8D5A63FC-E287-478D-9958-86CF3A70166F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{90BF4F4B-7815-460B-A643-BF008C008429}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AA08E7F1-7763-4081-9EA8-7FD72C99CC81}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BA28ED22-A3B5-4E49-BAC5-B9EA2FCC6A0A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{BE3B0B33-61D6-469B-9F8E-15B45A633D9C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C08AF392-B49A-4875-9DD9-87F121495ECF}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{C5F928FA-2025-47EF-A5CF-F6BAC777F7D9}" = protocol=1 | dir=in | [email protected],-28543 |
"{D09C960C-5770-42C7-9757-5D41C7466225}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{D19CB956-5440-4E0F-8707-00B2FC6C6D4B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D3F3FAF6-B4CB-41CD-9B97-8EB9C0D55649}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DC50BF77-9C07-4818-8790-8CDDAAE1F960}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{ED4B7334-BF78-4B45-9709-3FB3F68FA24E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{ED9095CE-FF57-4A78-971F-70D6046E01F9}" = protocol=58 | dir=in | [email protected],-28545 |
"{FF320EF7-5E61-47BB-B5B5-73FF962D3C91}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{1E516C7E-2312-4409-AE89-B76A39A68DD6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{33BAD1A5-120F-4812-8366-86B639B07816}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{4312A57D-5F98-4002-B257-94F7DAA8C844}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{93F34E41-1FFE-4422-8F7C-FF5F72FA0A77}C:\program files\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"TCP Query User{B1983687-3D75-426A-B2D4-F7B8C12B8E2E}C:\program files\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"TCP Query User{C190EB1C-1C37-48D2-9560-F1ED47E2EA05}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{E132DDCA-6CED-4D97-8FD8-D06A55A4A402}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{40D3C31B-EDB8-47BB-8ACD-FF284877FDEE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{798A88AD-4243-44BE-A136-44F1923A651C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{7BE57FAF-DBC9-41DB-9AF5-C914BF4F7194}C:\program files\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"UDP Query User{8E99DF96-0C13-4B85-BD01-2879E94642B6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{95CF6223-8A06-4C10-9458-5EF90D26BD42}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{C0454706-FA46-4EE9-92EE-36CBCF4CBBAC}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{D52F904B-CF3E-44A3-81E0-F1C9821FBCF0}C:\program files\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EDE8B6E-FC21-48E7-A1A7-D2AC5D1F3040}" = BlackBerry Desktop Software 4.6
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5FE0C13A-63F1-4394-88A8-2D8722A75FE0}_is1" = Convert VOB to AVI 1.7
"{6009F2FC-EC56-4e28-B91C-0BA5104D6419}" = SF_CDA_Software
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty® 2 Patch 1.3
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{92DF1607-ABCD-4511-8095-2436D94E952C}" = Microsoft DirectX SDK (March 2008)
"{9718521B-A345-4ad9-A52B-74D1435FB708}" = SF_CDA_ProductContext
"{981DE354-9301-440f-AAFC-025AA2354A93}" = HP Deskjet & Photosmart Printer Driver Software 8.0.A
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}" = Rome Total War - patch 1.3
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4346951-3962-4C93-9A49-79A62AD8A632}" = Droid Explorer 0.8.7.2 (x86)
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FB75E2EF-6016-4EF3-B954-F2C2A6EE5026}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"ASUS Probe V2.25.02" = ASUS Probe V2.25.02
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"BlackBerry_{3EDE8B6E-FC21-48E7-A1A7-D2AC5D1F3040}" = BlackBerry Desktop Software 4.6
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"Chopper_is1" = Chopper XP 2.7
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CoreAAC" = CoreAAC
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DVD Shrink_is1" = DVD Shrink 3.2
"FLV Player" = FLV Player 2.0, build 24
"FLV Player2.0.25" = FLV Player
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.5
"ImgBurn" = ImgBurn (Remove Only)
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"O1BPLPPC" = Battery Pack Lite (Pocket PC) from Omega One
"RADVideo" = RAD Video Tools
"RivaTuner" = RivaTuner v2.06
"Shareaza_is1" = Shareaza 2.5.3.0
"SynTPDeinstKey" = Dell Touchpad
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VideoLAN VLC media player 0.8.6h
"WavePad" = WavePad Uninstall
"WinRAR archiver" = WinRAR archiver
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/8/2011 6:21:10 PM | Computer Name = schoolaptop | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4549adc4, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc000071b, fault offset 0x0008ac88, process id 0x460, application
start time 0x01cc8605afdc60e8.

Error - 10/8/2011 6:45:24 PM | Computer Name = schoolaptop | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4549adc4, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc000071b, fault offset 0x0008ac88, process id 0x2fa8, application
start time 0x01cc8608fb2ef1bb.

Error - 10/8/2011 7:12:32 PM | Computer Name = schoolaptop | Source = SDWinSec.exe | ID = 0
Description =

Error - 10/8/2011 8:24:25 PM | Computer Name = schoolaptop | Source = EventSystem | ID = 4609
Description =

Error - 10/9/2011 3:08:08 AM | Computer Name = schoolaptop | Source = EventSystem | ID = 4609
Description =

Error - 10/9/2011 3:17:25 AM | Computer Name = schoolaptop | Source = VSS | ID = 18
Description =

Error - 10/9/2011 3:17:25 AM | Computer Name = schoolaptop | Source = VSS | ID = 8193
Description =

Error - 10/9/2011 3:17:25 AM | Computer Name = schoolaptop | Source = System Restore | ID = 8193
Description =

Error - 10/9/2011 4:28:41 AM | Computer Name = schoolaptop | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 14.0.835.202, time stamp
0x4e84cf5b, faulting module avgnpss.dll, version 10.0.0.1409, time stamp 0x4e695b00,
exception code 0xc0000005, fault offset 0x000d6e8c, process id 0x1700, application
start time 0x01cc865d6a652f46.

Error - 10/9/2011 1:44:10 PM | Computer Name = schoolaptop | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 14.0.835.202, time stamp
0x4e84cf5b, faulting module avgnpss.dll, version 10.0.0.1409, time stamp 0x4e695b00,
exception code 0xc0000005, fault offset 0x000d6e8c, process id 0x156c, application
start time 0x01cc86ab002718b6.

[ Broadcom Wireless LAN Events ]
Error - 10/9/2011 3:28:23 AM | Computer Name = schoolaptop | Source = WLAN-Tray | ID = 0
Description = 00:28:23, Sun, Oct 09, 11 Error - Unable to gain access to user store


[ System Events ]
Error - 10/9/2011 4:12:05 AM | Computer Name = schoolaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/9/2011 4:12:05 AM | Computer Name = schoolaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/9/2011 1:42:18 PM | Computer Name = schoolaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/9/2011 1:42:18 PM | Computer Name = schoolaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/9/2011 1:42:18 PM | Computer Name = schoolaptop | Source = Service Control Manager | ID = 7026
Description =

Error - 10/9/2011 1:42:18 PM | Computer Name = schoolaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/9/2011 1:42:20 PM | Computer Name = schoolaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/9/2011 1:42:22 PM | Computer Name = schoolaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/9/2011 1:42:30 PM | Computer Name = schoolaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/9/2011 1:42:31 PM | Computer Name = schoolaptop | Source = Service Control Manager | ID = 7000
Description =


< End of report >

I'll be posting the other reports in separate posts.

Edited by RKinner, 15 October 2011 - 12:30 PM.

  • 0

#6
monsieurd
Posted 09 October 2011 - 12:32 PM

monsieurd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here's the TDSSKiller report:


00:52:30.0716 5200 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
00:52:31.0184 5200 ============================================================
00:52:31.0184 5200 Current date / time: 2011/10/09 00:52:31.0184
00:52:31.0184 5200 SystemInfo:
00:52:31.0184 5200
00:52:31.0184 5200 OS Version: 6.0.6000 ServicePack: 0.0
00:52:31.0184 5200 Product type: Workstation
00:52:31.0184 5200 ComputerName: SCHOOLAPTOP
00:52:31.0184 5200 UserName: ***
00:52:31.0184 5200 Windows directory: C:\Windows
00:52:31.0184 5200 System windows directory: C:\Windows
00:52:31.0184 5200 Processor architecture: Intel x86
00:52:31.0184 5200 Number of processors: 2
00:52:31.0184 5200 Page size: 0x1000
00:52:31.0184 5200 Boot type: Normal boot
00:52:31.0184 5200 ============================================================
00:52:32.0759 5200 Initialize success
00:52:38.0516 5356 ============================================================
00:52:38.0516 5356 Scan started
00:52:38.0516 5356 Mode: Manual;
00:52:38.0516 5356 ============================================================
00:52:38.0781 5356 385bc036 - ok
00:52:38.0968 5356 ACPI (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
00:52:38.0984 5356 ACPI - ok
00:52:39.0077 5356 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
00:52:39.0077 5356 adp94xx - ok
00:52:39.0124 5356 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
00:52:39.0124 5356 adpahci - ok
00:52:39.0171 5356 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
00:52:39.0171 5356 adpu160m - ok
00:52:39.0202 5356 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
00:52:39.0202 5356 adpu320 - ok
00:52:39.0467 5356 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
00:52:39.0467 5356 AFD - ok
00:52:39.0530 5356 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
00:52:39.0530 5356 agp440 - ok
00:52:39.0561 5356 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:52:39.0561 5356 aic78xx - ok
00:52:39.0623 5356 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
00:52:39.0623 5356 aliide - ok
00:52:39.0655 5356 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
00:52:39.0655 5356 amdagp - ok
00:52:39.0670 5356 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
00:52:39.0686 5356 amdide - ok
00:52:39.0701 5356 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
00:52:39.0701 5356 AmdK7 - ok
00:52:39.0748 5356 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
00:52:39.0748 5356 AmdK8 - ok
00:52:39.0935 5356 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
00:52:39.0935 5356 androidusb - ok
00:52:40.0123 5356 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
00:52:40.0123 5356 arc - ok
00:52:40.0201 5356 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
00:52:40.0201 5356 arcsas - ok
00:52:40.0294 5356 aslm75 (71356a1370739e25375a1d17b6ae318f) C:\Windows\system32\drivers\aslm75.sys
00:52:40.0294 5356 aslm75 - ok
00:52:40.0544 5356 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
00:52:40.0544 5356 AsyncMac - ok
00:52:40.0575 5356 atapi (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
00:52:40.0591 5356 atapi - ok
00:52:40.0715 5356 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
00:52:40.0715 5356 AVGIDSDriver - ok
00:52:40.0747 5356 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
00:52:40.0747 5356 AVGIDSEH - ok
00:52:40.0903 5356 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
00:52:40.0903 5356 AVGIDSFilter - ok
00:52:40.0981 5356 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
00:52:40.0981 5356 AVGIDSShim - ok
00:52:41.0059 5356 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
00:52:41.0059 5356 Avgldx86 - ok
00:52:41.0121 5356 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
00:52:41.0121 5356 Avgmfx86 - ok
00:52:41.0152 5356 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
00:52:41.0168 5356 Avgrkx86 - ok
00:52:41.0246 5356 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
00:52:41.0246 5356 Avgtdix - ok
00:52:41.0449 5356 BCM42RLY - ok
00:52:41.0542 5356 BCM43XX (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys
00:52:41.0573 5356 BCM43XX - ok
00:52:41.0636 5356 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
00:52:41.0636 5356 bcm4sbxp - ok
00:52:41.0714 5356 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
00:52:41.0714 5356 Beep - ok
00:52:41.0729 5356 blbdrive - ok
00:52:41.0745 5356 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
00:52:41.0745 5356 bowser - ok
00:52:41.0932 5356 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:52:41.0932 5356 BrFiltLo - ok
00:52:41.0979 5356 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:52:41.0979 5356 BrFiltUp - ok
00:52:42.0041 5356 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:52:42.0041 5356 Brserid - ok
00:52:42.0088 5356 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:52:42.0088 5356 BrSerWdm - ok
00:52:42.0166 5356 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:52:42.0182 5356 BrUsbMdm - ok
00:52:42.0213 5356 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:52:42.0213 5356 BrUsbSer - ok
00:52:42.0385 5356 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:52:42.0385 5356 BTHMODEM - ok
00:52:42.0494 5356 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
00:52:42.0494 5356 BVRPMPR5 - ok
00:52:42.0619 5356 catchme - ok
00:52:42.0697 5356 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
00:52:42.0697 5356 cdfs - ok
00:52:42.0868 5356 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
00:52:42.0868 5356 cdrom - ok
00:52:42.0899 5356 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
00:52:42.0899 5356 circlass - ok
00:52:42.0962 5356 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
00:52:42.0962 5356 CLFS - ok
00:52:43.0040 5356 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
00:52:43.0040 5356 CmBatt - ok
00:52:43.0071 5356 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
00:52:43.0071 5356 cmdide - ok
00:52:43.0165 5356 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\DRIVERS\compbatt.sys
00:52:43.0165 5356 Compbatt - ok
00:52:43.0383 5356 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
00:52:43.0383 5356 crcdisk - ok
00:52:43.0430 5356 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
00:52:43.0430 5356 Crusoe - ok
00:52:43.0477 5356 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
00:52:43.0492 5356 DfsC - ok
00:52:43.0539 5356 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
00:52:43.0539 5356 disk - ok
00:52:43.0633 5356 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
00:52:43.0633 5356 drmkaud - ok
00:52:43.0820 5356 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
00:52:43.0820 5356 DSproct - ok
00:52:44.0038 5356 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
00:52:44.0038 5356 dsunidrv - ok
00:52:44.0132 5356 DXGKrnl (f032a2f91287a0b800891c7bef9ca7a8) C:\Windows\System32\drivers\dxgkrnl.sys
00:52:44.0147 5356 DXGKrnl - ok
00:52:44.0194 5356 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:52:44.0194 5356 E1G60 - ok
00:52:44.0241 5356 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
00:52:44.0241 5356 Ecache - ok
00:52:44.0288 5356 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
00:52:44.0288 5356 elxstor - ok
00:52:44.0459 5356 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
00:52:44.0459 5356 fastfat - ok
00:52:44.0522 5356 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
00:52:44.0522 5356 fdc - ok
00:52:44.0584 5356 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
00:52:44.0584 5356 FileInfo - ok
00:52:44.0615 5356 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
00:52:44.0615 5356 Filetrace - ok
00:52:44.0647 5356 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
00:52:44.0647 5356 flpydisk - ok
00:52:44.0678 5356 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
00:52:44.0678 5356 FltMgr - ok
00:52:44.0881 5356 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
00:52:44.0881 5356 Fs_Rec - ok
00:52:44.0896 5356 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
00:52:44.0912 5356 gagp30kx - ok
00:52:44.0943 5356 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\Windows\system32\Drivers\GEARAspiWDM.sys
00:52:44.0943 5356 GEARAspiWDM - ok
00:52:45.0193 5356 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
00:52:45.0193 5356 HdAudAddService - ok
00:52:45.0286 5356 HDAudBus (5fd053f305b77ebe97f284b20d89dc1c) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:52:45.0286 5356 HDAudBus - ok
00:52:45.0317 5356 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:52:45.0317 5356 HidBth - ok
00:52:45.0411 5356 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:52:45.0411 5356 HidIr - ok
00:52:45.0583 5356 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
00:52:45.0583 5356 HidUsb - ok
00:52:45.0676 5356 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
00:52:45.0676 5356 HpCISSs - ok
00:52:45.0817 5356 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
00:52:45.0848 5356 HSF_DPV - ok
00:52:46.0004 5356 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
00:52:46.0019 5356 HSXHWAZL - ok
00:52:46.0144 5356 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
00:52:46.0144 5356 HTTP - ok
00:52:46.0207 5356 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
00:52:46.0207 5356 i2omp - ok
00:52:46.0285 5356 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
00:52:46.0285 5356 i8042prt - ok
00:52:46.0347 5356 iaStor (b38672578718e7ca7ad63ace4958577b) C:\Windows\system32\drivers\iastor.sys
00:52:46.0347 5356 Suspicious file (NoAccess): C:\Windows\system32\drivers\iastor.sys. md5: b38672578718e7ca7ad63ace4958577b
00:52:46.0363 5356 iaStor ( Rootkit.Win32.TDSS.tdl3 ) - infected
00:52:46.0363 5356 iaStor - detected Rootkit.Win32.TDSS.tdl3 (0)
00:52:46.0425 5356 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
00:52:46.0441 5356 iaStorV - ok
00:52:46.0550 5356 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:52:46.0550 5356 iirsp - ok
00:52:46.0565 5356 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
00:52:46.0565 5356 intelide - ok
00:52:46.0643 5356 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
00:52:46.0643 5356 intelppm - ok
00:52:46.0690 5356 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:52:46.0690 5356 IpFilterDriver - ok
00:52:46.0706 5356 IpInIp - ok
00:52:46.0721 5356 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
00:52:46.0721 5356 IPMIDRV - ok
00:52:46.0753 5356 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
00:52:46.0753 5356 IPNAT - ok
00:52:46.0815 5356 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
00:52:46.0815 5356 IRENUM - ok
00:52:46.0877 5356 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
00:52:46.0893 5356 isapnp - ok
00:52:46.0987 5356 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
00:52:46.0987 5356 iScsiPrt - ok
00:52:47.0096 5356 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:52:47.0127 5356 iteatapi - ok
00:52:47.0158 5356 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:52:47.0158 5356 iteraid - ok
00:52:47.0221 5356 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
00:52:47.0221 5356 kbdclass - ok
00:52:47.0283 5356 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
00:52:47.0283 5356 kbdhid - ok
00:52:47.0392 5356 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
00:52:47.0408 5356 KSecDD - ok
00:52:47.0673 5356 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:52:47.0673 5356 LHidFilt - ok
00:52:47.0751 5356 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
00:52:47.0751 5356 lltdio - ok
00:52:47.0767 5356 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:52:47.0782 5356 LMouFilt - ok
00:52:47.0798 5356 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
00:52:47.0813 5356 LSI_FC - ok
00:52:47.0829 5356 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
00:52:47.0829 5356 LSI_SAS - ok
00:52:47.0891 5356 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
00:52:47.0891 5356 LSI_SCSI - ok
00:52:48.0110 5356 LTXMD_VAC (834098ee53663043e94f51d8b8e2cb0e) C:\Windows\system32\drivers\lmvac.sys
00:52:48.0110 5356 LTXMD_VAC - ok
00:52:48.0141 5356 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
00:52:48.0141 5356 luafv - ok
00:52:48.0219 5356 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\Windows\system32\Drivers\LUsbFilt.Sys
00:52:48.0219 5356 LUsbFilt - ok
00:52:48.0266 5356 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
00:52:48.0281 5356 mdmxsdk - ok
00:52:48.0344 5356 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
00:52:48.0359 5356 megasas - ok
00:52:48.0375 5356 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
00:52:48.0375 5356 Modem - ok
00:52:48.0547 5356 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
00:52:48.0547 5356 monitor - ok
00:52:48.0625 5356 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
00:52:48.0625 5356 mouclass - ok
00:52:48.0671 5356 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
00:52:48.0671 5356 mouhid - ok
00:52:48.0749 5356 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
00:52:48.0749 5356 MountMgr - ok
00:52:48.0843 5356 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
00:52:48.0843 5356 mpio - ok
00:52:49.0046 5356 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
00:52:49.0046 5356 mpsdrv - ok
00:52:49.0108 5356 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:52:49.0124 5356 Mraid35x - ok
00:52:49.0202 5356 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
00:52:49.0217 5356 MRxDAV - ok
00:52:49.0264 5356 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:52:49.0264 5356 mrxsmb - ok
00:52:49.0327 5356 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:52:49.0327 5356 mrxsmb10 - ok
00:52:49.0483 5356 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:52:49.0483 5356 mrxsmb20 - ok
00:52:49.0561 5356 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
00:52:49.0561 5356 msahci - ok
00:52:49.0623 5356 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
00:52:49.0623 5356 msdsm - ok
00:52:49.0654 5356 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
00:52:49.0670 5356 Msfs - ok
00:52:49.0717 5356 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
00:52:49.0717 5356 msisadrv - ok
00:52:49.0779 5356 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
00:52:49.0779 5356 MSKSSRV - ok
00:52:49.0935 5356 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
00:52:49.0935 5356 MSPCLOCK - ok
00:52:50.0029 5356 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
00:52:50.0044 5356 MSPQM - ok
00:52:50.0075 5356 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
00:52:50.0091 5356 MsRPC - ok
00:52:50.0122 5356 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
00:52:50.0122 5356 mssmbios - ok
00:52:50.0169 5356 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
00:52:50.0169 5356 MSTEE - ok
00:52:50.0231 5356 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
00:52:50.0247 5356 Mup - ok
00:52:50.0450 5356 NativeWifiP (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
00:52:50.0450 5356 NativeWifiP - ok
00:52:50.0497 5356 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
00:52:50.0497 5356 NDIS - ok
00:52:50.0559 5356 NdisTapi (7584f1794b23b83d63cc124a8c56d103) C:\Windows\system32\DRIVERS\ndistapi.sys
00:52:50.0559 5356 NdisTapi - ok
00:52:50.0590 5356 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
00:52:50.0590 5356 Ndisuio - ok
00:52:50.0668 5356 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
00:52:50.0668 5356 NdisWan - ok
00:52:50.0824 5356 NDProxy (874c12e3ad1431cabc854697d302c563) C:\Windows\system32\drivers\NDProxy.sys
00:52:50.0824 5356 NDProxy - ok
00:52:50.0887 5356 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
00:52:50.0887 5356 NetBIOS - ok
00:52:50.0918 5356 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
00:52:50.0933 5356 netbt - ok
00:52:51.0105 5356 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:52:51.0105 5356 nfrd960 - ok
00:52:51.0136 5356 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
00:52:51.0136 5356 Npfs - ok
00:52:51.0230 5356 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
00:52:51.0230 5356 nsiproxy - ok
00:52:51.0370 5356 Ntfs (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
00:52:51.0401 5356 Ntfs - ok
00:52:51.0433 5356 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:52:51.0433 5356 ntrigdigi - ok
00:52:51.0511 5356 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
00:52:51.0511 5356 Null - ok
00:52:51.0854 5356 nvlddmkm (104bc311908dfdabda07e60d1b8f4a60) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:52:52.0072 5356 nvlddmkm - ok
00:52:52.0181 5356 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
00:52:52.0181 5356 nvraid - ok
00:52:52.0228 5356 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
00:52:52.0228 5356 nvstor - ok
00:52:52.0322 5356 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
00:52:52.0322 5356 nv_agp - ok
00:52:52.0384 5356 NwlnkFlt - ok
00:52:52.0447 5356 NwlnkFwd - ok
00:52:52.0571 5356 OEM02Dev (9d20fa5d8875f6063aa5e1c44446f698) C:\Windows\system32\DRIVERS\OEM02Dev.sys
00:52:52.0571 5356 OEM02Dev - ok
00:52:52.0603 5356 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
00:52:52.0603 5356 OEM02Vfx - ok
00:52:52.0774 5356 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
00:52:52.0774 5356 ohci1394 - ok
00:52:52.0930 5356 Packet (8f856dae19383bd69db444004d5d4f50) C:\Windows\system32\DRIVERS\packet.sys
00:52:52.0930 5356 Packet - ok
00:52:53.0008 5356 parbydvv - ok
00:52:53.0071 5356 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:52:53.0086 5356 Parport - ok
00:52:53.0117 5356 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
00:52:53.0117 5356 partmgr - ok
00:52:53.0180 5356 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:52:53.0180 5356 Parvdm - ok
00:52:53.0273 5356 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
00:52:53.0273 5356 pci - ok
00:52:53.0367 5356 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
00:52:53.0367 5356 pciide - ok
00:52:53.0476 5356 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:52:53.0476 5356 pcmcia - ok
00:52:53.0585 5356 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:52:53.0617 5356 PEAUTH - ok
00:52:53.0663 5356 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
00:52:53.0679 5356 PptpMiniport - ok
00:52:53.0741 5356 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
00:52:53.0757 5356 Processor - ok
00:52:53.0851 5356 PSched (b74edf14453c9987e99e66535047ebee) C:\Windows\system32\DRIVERS\pacer.sys
00:52:53.0851 5356 PSched - ok
00:52:53.0991 5356 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
00:52:54.0038 5356 ql2300 - ok
00:52:54.0085 5356 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:52:54.0085 5356 ql40xx - ok
00:52:54.0194 5356 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
00:52:54.0194 5356 QWAVEdrv - ok
00:52:54.0303 5356 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
00:52:54.0303 5356 RasAcd - ok
00:52:54.0350 5356 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:52:54.0365 5356 Rasl2tp - ok
00:52:54.0397 5356 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
00:52:54.0397 5356 RasPppoe - ok
00:52:54.0428 5356 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
00:52:54.0428 5356 rdbss - ok
00:52:54.0506 5356 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:52:54.0506 5356 RDPCDD - ok
00:52:54.0615 5356 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
00:52:54.0615 5356 rdpdr - ok
00:52:54.0677 5356 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
00:52:54.0677 5356 RDPENCDD - ok
00:52:54.0709 5356 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
00:52:54.0724 5356 RDPWD - ok
00:52:54.0833 5356 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
00:52:54.0833 5356 rimmptsk - ok
00:52:54.0927 5356 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
00:52:54.0927 5356 rimsptsk - ok
00:52:54.0989 5356 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
00:52:54.0989 5356 RimUsb - ok
00:52:55.0145 5356 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
00:52:55.0145 5356 RimVSerPort - ok
00:52:55.0255 5356 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
00:52:55.0255 5356 rismxdp - ok
00:52:55.0348 5356 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.06\RivaTuner32.sys
00:52:55.0348 5356 RivaTuner32 - ok
00:52:55.0489 5356 ROOTMODEM (d49d61312b273de069584d48c81c8b1d) C:\Windows\system32\Drivers\RootMdm.sys
00:52:55.0489 5356 ROOTMODEM - ok
00:52:55.0567 5356 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
00:52:55.0567 5356 rspndr - ok
00:52:55.0613 5356 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:52:55.0613 5356 sbp2port - ok
00:52:55.0723 5356 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
00:52:55.0723 5356 sdbus - ok
00:52:55.0847 5356 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:52:55.0863 5356 secdrv - ok
00:52:55.0957 5356 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:52:55.0957 5356 Serenum - ok
00:52:56.0050 5356 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:52:56.0050 5356 Serial - ok
00:52:56.0128 5356 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
00:52:56.0128 5356 sermouse - ok
00:52:56.0191 5356 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\DRIVERS\sffdisk.sys
00:52:56.0191 5356 sffdisk - ok
00:52:56.0315 5356 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
00:52:56.0315 5356 sffp_mmc - ok
00:52:56.0393 5356 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:52:56.0393 5356 sffp_sd - ok
00:52:56.0471 5356 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:52:56.0471 5356 sfloppy - ok
00:52:56.0487 5356 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
00:52:56.0487 5356 sisagp - ok
00:52:56.0518 5356 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
00:52:56.0518 5356 SiSRaid2 - ok
00:52:56.0534 5356 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
00:52:56.0534 5356 SiSRaid4 - ok
00:52:56.0581 5356 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
00:52:56.0581 5356 Smb - ok
00:52:56.0674 5356 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\Windows\system32\DRIVERS\SMBios.sys
00:52:56.0674 5356 SMBios - ok
00:52:56.0752 5356 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
00:52:56.0752 5356 spldr - ok
00:52:56.0815 5356 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
00:52:56.0830 5356 srv - ok
00:52:56.0955 5356 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
00:52:56.0955 5356 srv2 - ok
00:52:57.0017 5356 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
00:52:57.0033 5356 srvnet - ok
00:52:57.0111 5356 ssadbus (406776fe3c2b66796bac1a7afb9ac8a1) C:\Windows\system32\DRIVERS\ssadbus.sys
00:52:57.0111 5356 ssadbus - ok
00:52:57.0158 5356 ssadmdfl (b19532d015a5d295e2aa34bb521202cf) C:\Windows\system32\DRIVERS\ssadmdfl.sys
00:52:57.0158 5356 ssadmdfl - ok
00:52:57.0220 5356 ssadmdm (2aebf9108e6f435458b9499c27394da4) C:\Windows\system32\DRIVERS\ssadmdm.sys
00:52:57.0220 5356 ssadmdm - ok
00:52:57.0314 5356 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\Windows\system32\DRIVERS\sscdbus.sys
00:52:57.0314 5356 sscdbus - ok
00:52:57.0392 5356 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\Windows\system32\DRIVERS\sscdmdfl.sys
00:52:57.0407 5356 sscdmdfl - ok
00:52:57.0423 5356 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\Windows\system32\DRIVERS\sscdmdm.sys
00:52:57.0439 5356 sscdmdm - ok
00:52:57.0532 5356 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys
00:52:57.0548 5356 STHDA - ok
00:52:57.0626 5356 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
00:52:57.0626 5356 swenum - ok
00:52:57.0688 5356 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:52:57.0719 5356 Symc8xx - ok
00:52:57.0813 5356 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:52:57.0813 5356 Sym_hi - ok
00:52:58.0031 5356 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:52:58.0031 5356 Sym_u3 - ok
00:52:58.0125 5356 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys
00:52:58.0125 5356 SynTP - ok
00:52:58.0234 5356 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
00:52:58.0250 5356 Tcpip - ok
00:52:58.0297 5356 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
00:52:58.0297 5356 Tcpip6 - ok
00:52:58.0375 5356 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
00:52:58.0375 5356 tcpipreg - ok
00:52:58.0421 5356 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
00:52:58.0421 5356 TDPIPE - ok
00:52:58.0499 5356 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
00:52:58.0499 5356 TDTCP - ok
00:52:58.0515 5356 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
00:52:58.0515 5356 tdx - ok
00:52:58.0546 5356 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
00:52:58.0546 5356 TermDD - ok
00:52:58.0577 5356 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:52:58.0593 5356 tssecsrv - ok
00:52:58.0671 5356 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
00:52:58.0671 5356 tunmp - ok
00:52:58.0718 5356 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
00:52:58.0718 5356 tunnel - ok
00:52:58.0780 5356 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
00:52:58.0796 5356 uagp35 - ok
00:52:58.0858 5356 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
00:52:58.0858 5356 udfs - ok
00:52:58.0936 5356 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
00:52:58.0936 5356 uliagpkx - ok
00:52:58.0967 5356 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
00:52:58.0967 5356 uliahci - ok
00:52:58.0999 5356 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:52:58.0999 5356 UlSata - ok
00:52:59.0061 5356 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:52:59.0061 5356 ulsata2 - ok
00:52:59.0092 5356 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
00:52:59.0092 5356 umbus - ok
00:52:59.0170 5356 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
00:52:59.0170 5356 usbccgp - ok
00:52:59.0201 5356 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:52:59.0201 5356 usbcir - ok
00:52:59.0279 5356 usbehci (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
00:52:59.0279 5356 usbehci - ok
00:52:59.0373 5356 usbhub (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
00:52:59.0389 5356 usbhub - ok
00:52:59.0420 5356 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
00:52:59.0420 5356 usbohci - ok
00:52:59.0513 5356 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
00:52:59.0513 5356 usbprint - ok
00:52:59.0607 5356 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
00:52:59.0607 5356 usbscan - ok
00:52:59.0685 5356 USBSTOR (fdbaabf07244c60b0f4e0a6e71a107c6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:52:59.0685 5356 USBSTOR - ok
00:52:59.0825 5356 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
00:52:59.0841 5356 usbuhci - ok
00:52:59.0950 5356 usb_rndisx (db4721908daa0383ee82ffe430aebae1) C:\Windows\system32\DRIVERS\usb8023x.sys
00:52:59.0950 5356 usb_rndisx - ok
00:53:00.0013 5356 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
00:53:00.0013 5356 vga - ok
00:53:00.0044 5356 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
00:53:00.0044 5356 VgaSave - ok
00:53:00.0106 5356 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
00:53:00.0106 5356 viaagp - ok
00:53:00.0153 5356 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
00:53:00.0153 5356 ViaC7 - ok
00:53:00.0293 5356 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
00:53:00.0293 5356 viaide - ok
00:53:00.0371 5356 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
00:53:00.0371 5356 volmgr - ok
00:53:00.0496 5356 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
00:53:00.0496 5356 volmgrx - ok
00:53:00.0543 5356 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
00:53:00.0543 5356 volsnap - ok
00:53:00.0621 5356 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
00:53:00.0621 5356 vsmraid - ok
00:53:00.0746 5356 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:53:00.0761 5356 WacomPen - ok
00:53:00.0793 5356 Wanarp (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
00:53:00.0793 5356 Wanarp - ok
00:53:00.0824 5356 Wanarpv6 (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
00:53:00.0824 5356 Wanarpv6 - ok
00:53:00.0902 5356 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
00:53:00.0902 5356 Wd - ok
00:53:01.0027 5356 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
00:53:01.0027 5356 Wdf01000 - ok
00:53:01.0214 5356 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
00:53:01.0229 5356 winachsf - ok
00:53:01.0354 5356 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:53:01.0354 5356 WmiAcpi - ok
00:53:01.0479 5356 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
00:53:01.0479 5356 WpdUsb - ok
00:53:01.0526 5356 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
00:53:01.0526 5356 ws2ifsl - ok
00:53:01.0666 5356 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:53:01.0666 5356 WUDFRd - ok
00:53:01.0760 5356 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
00:53:01.0760 5356 XAudio - ok
00:53:01.0822 5356 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
00:53:01.0853 5356 \Device\Harddisk0\DR0 - ok
00:53:01.0869 5356 Boot (0x1200) (cc0e75cdae2f248c9ac74ee9ce4dbc9d) \Device\Harddisk0\DR0\Partition0
00:53:01.0869 5356 \Device\Harddisk0\DR0\Partition0 - ok
00:53:01.0869 5356 Boot (0x1200) (0eed662d5c182c1eff0bf7017c35320f) \Device\Harddisk0\DR0\Partition1
00:53:01.0869 5356 \Device\Harddisk0\DR0\Partition1 - ok
00:53:01.0885 5356 ============================================================
00:53:01.0885 5356 Scan finished
00:53:01.0885 5356 ============================================================
00:53:01.0900 5308 Detected object count: 1
00:53:01.0900 5308 Actual detected object count: 1
00:53:17.0516 5308 Backup copy found, using it..
00:53:17.0531 5308 C:\Windows\system32\drivers\iastor.sys - will be cured on reboot
00:53:17.0531 5308 iaStor ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
00:53:19.0903 4444 Deinitialize success

==================================================================================================================================================================

The MBAM report:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7907

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

10/9/2011 1:09:09 AM
mbam-log-2011-10-09 (01-09-09).txt

Scan type: Quick scan
Objects scanned: 169326
Time elapsed: 6 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\finc70dkk.exe (Trojan.FakeAlert) -> Value: finc70dkk.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\config\systemprofile\AppData\Roaming\b2d41825ef9aa72bc2132899b4a4ef03\finc70dkk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\System32\ntfsstreamamd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\FYF288.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Temp\nrxoaswcem.exe (Trojan.Downloader.H) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\internet explorer\quick launch\zentom system guard.lnk (Rogue.ZentomSystemGuard) -> Quarantined and deleted successfully.

===================================================================================================================================================================

And the aswMBR report:


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-09 01:13:37
-----------------------------
01:13:37.564 OS Version: Windows 6.0.6000
01:13:37.564 Number of processors: 2 586 0xF0D
01:13:37.564 ComputerName: SCHOOLAPTOP UserName:
01:13:46.253 Initialize success
01:14:32.187 AVAST engine defs: 11100801
01:15:18.643 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
01:15:18.643 Disk 0 Vendor: FUJITSU_ 0085 Size: 114473MB BusType: 3
01:15:18.675 Disk 0 MBR read successfully
01:15:18.675 Disk 0 MBR scan
01:15:18.690 Disk 0 Windows VISTA default MBR code
01:15:18.690 Disk 0 scanning sectors +234438656
01:15:18.799 Disk 0 scanning C:\Windows\system32\drivers
01:15:36.646 Service scanning
01:15:38.518 Modules scanning
01:15:57.097 Scan finished successfully
01:16:14.101 Disk 0 MBR has been saved successfully to "C:\Users\***\Documents\MBR.dat"
01:16:14.101 The log file has been saved successfully to "C:\Users\***\Documents\aswMBR.txt"



Let me know if there's any further steps to take, thank you RKinner.
  • 0

#7
RKinner
Posted 09 October 2011 - 01:14 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Uninstall
Java™ 6 Update 22
Java™ SE Runtime Environment 6

It looks like Combofix did not finish. Perhaps AVG ate it. Uninstall Combofix.

First:

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

Second:
copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

Then download it again but this time rename it from combofix.exe to george.exe (Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted if the uninstall had to restart the system) Then right click on george.exe and let it run. Copy and paste the log. It may give us a clue as to missing files. Just in case it doesn't please locate the service tag on your dell and tell me what it says so I won't have to guess which drivers apply.
http://support.dell....n&catid=&impid=



Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:Services
VVIXMUH
PVR

:OTL
SRV - File not found [On_Demand | Stopped] -- -- (VVIXMUH)
SRV - File not found [On_Demand | Stopped] -- -- (PVR)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 58202
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF2851.3XE ()
O4 - HKLM..\Run: [provresxml.exe] "C:\Windows\ServiceProfiles\NetworkService\provresxml.exe" File not found
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O33 - MountPoints2\{4769ab4a-9ffc-11dd-9759-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4769ab4a-9ffc-11dd-9759-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup\rsrc\AUTORUN.EXE -- [2004/08/03 13:29:57 | 000,057,344 | R--- | M] ()
O33 - MountPoints2\{4769ab4a-9ffc-11dd-9759-806e6f6e6963}\Shell\dinstall\command - "" = E:\DirectX\dxsetup.exe -- [2003/06/01 17:47:20 | 000,467,456 | R--- | M] (Microsoft Corporation)
[2011/10/09 10:42:20 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/09 10:42:17 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/25 15:10:45 | 000,011,292 | -HS- | C] () -- C:\Users\***\AppData\Local\t05kv0komxexml6l86yyf04
[2011/06/25 15:10:45 | 000,011,292 | -HS- | C] () -- C:\ProgramData\t05kv0komxexml6l86yyf04

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config VVIXMUH start= disabled /c
sc config PVR start= disabled /c

     
:Commands
[RESETHOSTS]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.
Save the log and copy and paste it to a reply.

Ron
  • 0

#8
monsieurd
Posted 09 October 2011 - 02:52 PM

monsieurd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Rkinner, I didn't experience the problem of disabled keyboard and mouse when I ran ComboFix a second time, but the service tag of my pc is C4YC4F1 in case you need that info. Alright, here's my ComboFix log:


ComboFix 11-10-09.01 - 10/09/2011 13:03:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2045.1125 [GMT -7:00]
Running from: c:\users\***\Desktop\george.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\***\Documents\~WRL0562.tmp
c:\users\***\Documents\~WRL2198.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_385bc036
.
.
((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))))
.
.
2011-10-09 20:11 . 2011-10-09 20:13 -------- d-----w- c:\users\***\AppData\Local\temp
2011-10-09 20:11 . 2011-10-09 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-09 08:25 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-09 08:25 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-09 08:25 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-09 08:25 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-09 08:25 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-09 08:25 . 2011-09-06 20:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-09 08:25 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-09 08:25 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-09 08:24 . 2011-10-09 08:24 -------- d-----w- c:\programdata\AVAST Software
2011-10-09 08:24 . 2011-10-09 08:24 -------- d-----w- c:\program files\AVAST Software
2011-10-09 08:00 . 2011-10-09 08:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-09 08:00 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-09 07:20 . 2011-06-26 20:22 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-09 07:54 . 2008-01-06 05:17 277784 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-09-29 03:13 . 2011-06-19 06:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-25 17:47 . 2011-07-25 17:47 3216552 ----a-w- C:\ccsetup308.exe
2011-07-24 23:56 . 2011-07-24 23:50 589648 ----a-w- C:\ChromeSetup.exe
2011-07-20 17:55 . 2011-07-20 17:55 234966 ----a-w- C:\REST2514.EXE
2011-10-09 08:16 . 2011-05-20 19:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-23 68856]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2009-06-10 334224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-11-12 86016]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-12 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-12 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-23 50688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-9 805392]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-12-23 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3526270071-1006874356-967301786-1000]
"EnableNotificationsRef"=dword:00000001
.
R0 parbydvv;parbydvv;c:\windows\System32\drivers\lhmylmxu.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [2010-08-22 253952]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-05-25 30312]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2008-07-01 18912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 PVR;PVR;c:\users\DANIEL~1\AppData\Local\Temp\PVR.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-05-25 96488]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-05-25 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-05-25 121576]
R3 VVIXMUH;VVIXMUH;c:\users\DANIEL~1\AppData\Local\Temp\VVIXMUH.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 23:36]
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 23:36]
.
.
------- Supplementary Scan -------
.
IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi184zgi.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com|news.bbc.co.uk|hxxp://www.france24.com/fr/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58202
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-nwiz - nwiz.exe
SafeBoot-15171853.sys
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-09 13:18
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\_avast_\unp109124138.tmp 828104 bytes executable
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3526270071-1006874356-967301786-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:03,63,30,13,24,5c,65,9e,29,1d,54,e4,be,60,93,42,ea,5d,3a,8e,04,76,b0,
9a,81,18,6b,76,ed,94,3c,58,69,d2,3a,14,aa,be,e4,8a,3a,b0,5a,37,89,ad,87,dd,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5084)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-10-09 13:23:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-09 20:23
.
Pre-Run: 10,253,459,456 bytes free
Post-Run: 9,831,469,056 bytes free
.
- - End Of File - - 748ADCE7066648446AF998D7B01FC375
==================================================================================================================================================================

And here's the OTL log after I ran the custom fix:


========== PROCESSES ==========
All processes killed
========== SERVICES/DRIVERS ==========
Service VVIXMUH stopped successfully!
Service VVIXMUH deleted successfully!
Service PVR stopped successfully!
Service PVR deleted successfully!
========== OTL ==========
Error: No service named VVIXMUH was found to stop!
Service\Driver key VVIXMUH not found.
Error: No service named PVR was found to stop!
Service\Driver key PVR not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 58202 removed from network.proxy.http_port
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
C:\Program Files\Dell\BAE\BAE.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combofix not found.
File C:\ComboFix\CF2851.3XE not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\provresxml.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4769ab4a-9ffc-11dd-9759-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4769ab4a-9ffc-11dd-9759-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4769ab4a-9ffc-11dd-9759-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4769ab4a-9ffc-11dd-9759-806e6f6e6963}\ not found.
File move failed. E:\Setup\rsrc\AUTORUN.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4769ab4a-9ffc-11dd-9759-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4769ab4a-9ffc-11dd-9759-806e6f6e6963}\ not found.
File move failed. E:\DirectX\dxsetup.exe scheduled to be moved on reboot.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Users\***\AppData\Local\t05kv0komxexml6l86yyf04 moved successfully.
C:\ProgramData\t05kv0komxexml6l86yyf04 moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Downloads\cmd.bat deleted successfully.
C:\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Downloads\cmd.bat deleted successfully.
C:\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Downloads\cmd.bat deleted successfully.
C:\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Downloads\cmd.bat deleted successfully.
C:\Downloads\cmd.txt deleted successfully.
< sc config VVIXMUH start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Downloads\cmd.bat deleted successfully.
C:\Downloads\cmd.txt deleted successfully.
< sc config PVR start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Downloads\cmd.bat deleted successfully.
C:\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 10092011_133925

Files\Folders moved on Reboot...
File move failed. E:\Setup\rsrc\AUTORUN.EXE scheduled to be moved on reboot.
File move failed. E:\DirectX\dxsetup.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...
===================================================================================================================================================================

Please let me know if there's anything further I need to do, thank you.
  • 0

#9
RKinner
Posted 09 October 2011 - 03:52 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
The keyboard and mouse are back again?


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\System32\drivers\lhmylmxu.sys
c:\users\DANIEL~1\AppData\Local\Temp\PVR.exe
:\users\DANIEL~1\AppData\Local\Temp\VVIXMUH.exe

Driver::
parbydvv
PVR
VVIXMUH

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to george and let go Combofix should start on its own.

Post the new log.



1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#10
monsieurd
Posted 10 October 2011 - 12:27 AM

monsieurd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hey RKinner, yeah I can use my laptop's keyboard and mouse without any trouble. I ran that "sfc scannow" command and it returned with one line "Windows Resource Protection found corrupt files but was unable to fix them. Details are included in the CBS.log at C:\Windows\Logs\CBS.log" As for the second command, the file signature program, the newest line dates to 2009; however there is one file called "nvmob***.chm (*** standing for different letters; there are many of these files) located at C;\Windows\nvtmpinst and the installation dates is listed as unknown.

I ran the chkdsk program at boot up.

Here's the ComboFix log after a second run:

ComboFix 11-10-09.01 - 10/09/2011 17:25:19.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2045.1280 [GMT -7:00]
Running from: c:\users\***\Desktop\george.exe
Command switches used :: c:\users\***\Desktop\CFScript.txt
.
FILE ::
"c:\users\DANIEL~1\AppData\Local\Temp\PVR.exe"
"c:\windows\System32\drivers\lhmylmxu.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_parbydvv
.
.
((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 )))))))))))))))))))))))))))))))
.
.
2011-10-10 00:32 . 2011-10-10 00:34 -------- d-----w- c:\users\***\AppData\Local\temp
2011-10-10 00:32 . 2011-10-10 00:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-09 20:39 . 2011-10-09 20:39 -------- d-----w- C:\_OTL
2011-10-09 08:25 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-09 08:25 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-09 08:25 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-09 08:25 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-09 08:25 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-09 08:25 . 2011-09-06 20:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-09 08:25 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-09 08:25 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-09 08:24 . 2011-10-09 08:24 -------- d-----w- c:\programdata\AVAST Software
2011-10-09 08:24 . 2011-10-09 08:24 -------- d-----w- c:\program files\AVAST Software
2011-10-09 08:00 . 2011-10-09 08:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-09 08:00 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-09 07:20 . 2011-06-26 20:22 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-09 07:54 . 2008-01-06 05:17 277784 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-09-29 03:13 . 2011-06-19 06:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-25 17:47 . 2011-07-25 17:47 3216552 ----a-w- C:\ccsetup308.exe
2011-07-24 23:56 . 2011-07-24 23:50 589648 ----a-w- C:\ChromeSetup.exe
2011-07-20 17:55 . 2011-07-20 17:55 234966 ----a-w- C:\REST2514.EXE
2011-10-09 08:16 . 2011-05-20 19:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-09_20.14.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-06 05:50 . 2011-10-09 20:43 52492 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2011-10-10 00:38 66806 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-06 05:43 . 2011-10-10 00:38 12590 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3526270071-1006874356-967301786-1000_UserData.bin
+ 2011-06-30 19:00 . 2011-10-09 20:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-30 19:00 . 2011-10-09 07:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-30 19:00 . 2011-10-09 20:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-30 19:00 . 2011-10-09 07:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-10 00:33 . 2011-10-10 00:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-09 20:13 . 2011-10-09 20:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-10 00:33 . 2011-10-10 00:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-09 20:13 . 2011-10-09 20:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 10:33 . 2011-10-09 19:56 687812 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2011-10-10 00:24 687812 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2011-10-10 00:24 131266 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2011-10-09 19:56 131266 c:\windows\System32\perfc009.dat
- 2006-11-02 13:02 . 2011-10-09 20:18 196608 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2011-10-10 00:37 196608 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2011-10-09 20:18 442368 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2011-10-10 00:37 442368 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2011-10-09 20:18 1916928 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2011-10-10 00:37 1916928 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-23 68856]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2009-06-10 334224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-11-12 86016]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-12 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-12 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-23 50688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-9 805392]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-12-23 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3526270071-1006874356-967301786-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-05-25 30312]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2008-07-01 18912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-05-25 96488]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-05-25 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-05-25 121576]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [2010-08-22 253952]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi184zgi.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com|news.bbc.co.uk|hxxp://www.france24.com/fr/
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port -
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-09 17:36
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3526270071-1006874356-967301786-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:03,63,30,13,24,5c,65,9e,29,1d,54,e4,be,60,93,42,ea,5d,3a,8e,04,76,b0,
9a,81,18,6b,76,ed,94,3c,58,69,d2,3a,14,aa,be,e4,8a,3a,b0,5a,37,89,ad,87,dd,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(332)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-10-09 17:44:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-10 00:44
ComboFix2.txt 2011-10-09 20:23
.
Pre-Run: 8,454,303,744 bytes free
Post-Run: 8,482,095,104 bytes free
.
- - End Of File - - 711751E2E183EE6303C8FD03B833C100

===================================================================================================================================================================

Here's the output log for Vino's even viewer, for System:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 09/10/2011 11:24:12 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/10/2011 1:18:23 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 10/10/2011 1:18:23 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 10/10/2011 1:18:25 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 10/10/2011 1:18:26 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 10/10/2011 1:18:27 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 10/10/2011 1:18:28 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 10/10/2011 1:18:29 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 10/10/2011 1:18:30 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 10/10/2011 2:44:29 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 10/10/2011 2:44:33 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 10/10/2011 2:44:34 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 10/10/2011 2:44:34 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 10/10/2011 2:53:50 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 10/10/2011 2:53:50 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 10/10/2011 2:53:55 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 10/10/2011 2:53:56 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/10/2011 1:16:38 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll

Log: 'System' Date/Time: 10/10/2011 1:16:39 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 10/10/2011 1:17:18 AM
Type: Warning Category: 0
Event: 4 Source: bcm4sbxp
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 10/10/2011 1:18:48 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll

Log: 'System' Date/Time: 10/10/2011 1:18:48 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 10/10/2011 2:43:24 AM
Type: Warning Category: 0
Event: 4 Source: bcm4sbxp
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

==================================================================================================================================================================

And the output log for application

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 09/10/2011 11:25:49 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/10/2011 6:10:18 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application DllHost.exe, version 6.0.6000.16386, time stamp 0x4549b14e, faulting module xvidcore.dll_unloaded, version 0.0.0.0, time stamp 0x46a74f0c, exception code 0xc0000005, fault offset 0x02d822e0, process id 0xb28, application start time 0x01cc87133802349a.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by RKinner, 15 October 2011 - 12:33 PM.

  • 0

Advertisements

#11
RKinner
Posted 10 October 2011 - 02:06 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I think your nvmob***.chm files are from nvidia but you can submit one of them to http://virustotal.com and see what they say. IF they don't say something like 0/43 then copy and paste the report.


Log: 'System' Date/Time: 10/10/2011 1:18:23 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.


Hopefully this is a Dell and this applies:

http://msmvps.com/bl...1505-vista.aspx

If not just copy the next line:

sc config BCM42RLY start= disabled /c

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator. Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.


Log: 'Application' Date/Time: 10/10/2011 6:10:18 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application DllHost.exe, version 6.0.6000.16386, time stamp 0x4549b14e, faulting module xvidcore.dll_unloaded, version 0.0.0.0, time stamp 0x46a74f0c, exception code 0xc0000005, fault offset 0x02d822e0, process id 0xb28, application start time 0x01cc87133802349a.


Appears this thing is causing the above error:
XviD MPEG4 Video Codec (remove only)
Perhaps you can find a newer version or just uninstall it?

Ron

(bedtime for me)
  • 0

#12
monsieurd
Posted 10 October 2011 - 11:22 PM

monsieurd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

I think your nvmob***.chm files are from nvidia but you can submit one of them to http://virustotal.com and see what they say. IF they don't say something like 0/43 then copy and paste the report.


I think you're right about these files not being malicious, so I'll take no action.

Log: 'System' Date/Time: 10/10/2011 1:18:23 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.


Hopefully this is a Dell and this applies:

http://msmvps.com/bl...1505-vista.aspx

If not just copy the next line:

sc config BCM42RLY start= disabled /c

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator. Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.


Alright, done, should I post another report? And I also removed that Xvid codec.

So my computer seems to be back to normal, is it safe say that we've taken care of this infection?
  • 0

#13
RKinner
Posted 10 October 2011 - 11:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Yes the infection is gone except for what might still be hiding in system restore. This last stuff was more in the way of a tune up.

It appears you do not have any service packs for Vista. This is kind of dangerous and I think MS only supports Vista with SP2 so you need to get your updates.

Housecleaning:


We need to cleanup System Restore:

Copy the following:


:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#14
monsieurd
Posted 10 October 2011 - 11:41 PM

monsieurd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thank you so much for your help. I do have one more question: should I reinstall Java Runtime Environment and that other Java application you had me remove a few days ago? Are they necessary?
  • 0

#15
monsieurd
Posted 11 October 2011 - 12:21 AM

monsieurd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
UPDATE: I cannot seem to run certain .exe files and self-extracting files now, like the Vista SP2 installer that I downloaded. Could this be related to the line you asked me to I run in the command prompt:

sc config BCM42RLY start= disabled /c


I tried to clean out system restore via OTL, but when I tried to run OTL, I got a Windows error message saying Windows could not access the specified file and that I needed admin privileges, which I am currently logged on as. So I cleaned system restore manually via Windows itself.

I appreciate all the advice and info you gave me, I will be sure to follow them, thank you.

Edited by monsieurd, 11 October 2011 - 12:41 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP