Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IEXPLORE.EXE VIRUS! Maybe More Please Help [Solved]

Started by EldonM , Aug 11 2009 05:26 AM

  • This topic is locked This topic is locked

#1
EldonM
Posted 11 August 2009 - 05:26 AM

EldonM

    Member

  • Member
  • PipPip
  • 32 posts
I am at a wits end with this.
What is happening is many iexplore.exe processes are loading and what weird the actual window for IE doesn't pop up. Even weirder yet if say the window would have opened I can hear audio from a flash advertisement. If I kill the process it opens back up and sometimes with a vengeance. So I know this is some type of virus/Malware/Spyware. I find several fixes but to my surprise almost every single antispyware/virus/adware removal program i can throw at my computer either fails to install or is closed from a error if I run it. Things I've used are Ad-aware, superspybot, malwarebytes, and some others. The only programs ive been able to remotely run were AVG, which didn't help the problem, and some other programs. To save time I did read up on several topics before me and will put the logs others have asked for please help :) Please ask if anything else is needed. If reformatting is avoidable that would be great.

Edited by EldonM, 11 August 2009 - 05:33 AM.

  • 0

Advertisements

#2
EldonM
Posted 11 August 2009 - 05:29 AM

EldonM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
HIJACK THIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:43 AM, on 8/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\conime.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Users\pc\Desktop\OTS.exe
C:\Users\pc\Desktop\SysProt\SysProt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\pc\Downloads\HiJackThis.exe

O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iCall Internet Phone] "C:\Program Files\iCall\iCall.exe" /startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\System32\ati2sgag.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4772 bytes
  • 0

#3
EldonM
Posted 11 August 2009 - 05:30 AM

EldonM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
SYSPROT LOG

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\smss.exe
PID: 412
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\csrss.exe
PID: 480
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\wininit.exe
PID: 532
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\csrss.exe
PID: 544
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\winlogon.exe
PID: 584
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\services.exe
PID: 632
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\lsass.exe
PID: 644
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\lsm.exe
PID: 652
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 836
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 960
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1076
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1132
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\nvvsvc.exe
PID: 1152
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1220
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1252
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1296
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1328
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\audiodg.exe
PID: 1396
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1436
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\SLsvc.exe
PID: 1456
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\rundll32.exe
PID: 1604
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\spoolsv.exe
PID: 228
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\taskeng.exe
PID: 252
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\dwm.exe
PID: 284
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 352
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 452
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\taskeng.exe
PID: 1972
Hidden: No
Window Visible: No

Name: C:\WINDOWS\RtHDVCpl.exe
PID: 2064
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\rundll32.exe
PID: 2136
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
PID: 2200
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 2292
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 2324
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgam.exe
PID: 2692
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgrsx.exe
PID: 2748
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
PID: 2776
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 3056
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnscfg.exe
PID: 3116
Hidden: No
Window Visible: No

Name: C:\Program Files\Logitech\SetPoint\SetPoint.exe
PID: 3132
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\SearchIndexer.exe
PID: 3184
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgemc.exe
PID: 3288
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgcsrvx.exe
PID: 3424
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 3552
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PID: 3900
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PID: 832
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 5244
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\conime.exe
PID: 2644
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\Java\jre6\bin\ssvagent.exe
PID: 5760
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
PID: 2288
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\notepad.exe
PID: 5336
Hidden: No
Window Visible: Yes

Name: C:\Users\pc\Desktop\OTS.exe
PID: 2156
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 4852
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 7600
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\SearchProtocolHost.exe
PID: 3212
Hidden: No
Window Visible: No

Name: C:\Users\pc\Desktop\SysProt\SysProt.exe
PID: 5808
Hidden: No
Window Visible: Yes

Name: C:\WINDOWS\System32\SearchFilterHost.exe
PID: 4836
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\SearchProtocolHost.exe
PID: 6836
Hidden: No
Window Visible: No

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \systemroot\system32\drivers\UACotfcxvymqt.sys
Service Name: UACd.sys
Module Base: ---
Module End: ---
Hidden: Yes

Module Name: \??\C:\Users\pc\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: 9C9F4000
Module End: 9C9FF000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 81E41000
Module End: 821FA000
Hidden: No

Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 81E0E000
Module End: 81E41000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 8040A000
Module End: 80412000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 80412000
Module End: 80423000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 80423000
Module End: 8042B000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 8042B000
Module End: 8046C000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 8046C000
Module End: 8054C000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 8054C000
Module End: 805C8000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 805C8000
Module End: 805D5000
Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 80609000
Module End: 8064F000
Hidden: No

Module Name: C:\Windows\system32\drivers\WMILIB.SYS
Service Name: ---
Module Base: 8064F000
Module End: 80658000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 80658000
Module End: 80660000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 80660000
Module End: 80687000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 80687000
Module End: 80696000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 80696000
Module End: 806A5000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 806A5000
Module End: 806EF000
Hidden: No

Module Name: C:\Windows\system32\drivers\pciide.sys
Service Name: pciide
Module Base: 806EF000
Module End: 806F6000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 806F6000
Module End: 80704000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 80704000
Module End: 80714000
Hidden: No

Module Name: C:\Windows\system32\drivers\nvraid.sys
Service Name: nvraid
Module Base: 80714000
Module End: 8072F000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 8072F000
Module End: 80750000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 80750000
Module End: 80758000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 80758000
Module End: 80776000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvstor32.sys
Service Name: nvstor32
Module Base: 80776000
Module End: 8079A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\storport.sys
Service Name: ---
Module Base: 8079A000
Module End: 807DB000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 89E0C000
Module End: 89E3E000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 89E3E000
Module End: 89E4E000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 89E4E000
Module End: 89EBF000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 89EBF000
Module End: 89FCA000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 8A002000
Module End: 8A03C000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 8A03C000
Module End: 8A123000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 8A123000
Module End: 8A13E000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 8A202000
Module End: 8A311000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 8A311000
Module End: 8A34A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 8A34A000
Module End: 8A352000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 8A352000
Module End: 8A361000
Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 8A361000
Module End: 8A388000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: disk
Module Base: 8A388000
Module End: 8A399000
Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 8A399000
Module End: 8A3A2000
Hidden: No

Module Name: C:\Windows\System32\Drivers\avgrkx86.sys
Service Name: AvgRkx86
Module Base: 8A3A2000
Module End: 8A3A4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 8A3DF000
Module End: 8A3EA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 8A3EA000
Module End: 8A3F3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\amdk8.sys
Service Name: AmdK8
Module Base: 8A13E000
Module End: 8A14E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: 8A14E000
Module End: 8A161000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\L8042Kbd.sys
Service Name: L8042Kbd
Module Base: 8A3F3000
Module End: 8A3F7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 8A161000
Module End: 8A16C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: 8A16C000
Module End: 8A176000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 8A176000
Module End: 8A1B4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 8A1B4000
Module End: 8A1C3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\A3AB.sys
Service Name: A3AB
Module Base: 8DC08000
Module End: 8DC7C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 8DC7C000
Module End: 8DC8E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvmfdx32.sys
Service Name: NVENETFD
Module Base: 8DC8E000
Module End: 8DD8B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 8DD8B000
Module End: 8DDA3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Service Name: nvlddmkm
Module Base: 8DE01000
Module End: 8E563000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvBridge.kmd
Service Name: ---
Module Base: 8E563000
Module End: 8E565000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 8E807000
Module End: 8E8A6000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 8E8A6000
Module End: 8E8B3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 8E8B3000
Module End: 8E8E1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 8E8E1000
Module End: 8E8EC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 8E8EC000
Module End: 8E903000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 8E903000
Module End: 8E90E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 8E90E000
Module End: 8E931000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 8E931000
Module End: 8E940000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 8E940000
Module End: 8E954000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 8E954000
Module End: 8E969000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 8E969000
Module End: 8E979000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 8E979000
Module End: 8E984000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 8E984000
Module End: 8E986000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 8E986000
Module End: 8E9B0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 8E9B0000
Module End: 8E9BA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 8E9BA000
Module End: 8E9C7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 8E9C7000
Module End: 8E9FB000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 8E565000
Module End: 8E576000
Hidden: No

Module Name: C:\Windows\system32\drivers\RTKVHDA.sys
Service Name: IntcAzAudAddService
Module Base: 8EC0A000
Module End: 8EE0B000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 8EE0B000
Module End: 8EE38000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 8EE38000
Module End: 8EE5D000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 8EE6D000
Module End: 8EE74000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 8EE74000
Module End: 8EE80000
Hidden: No

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 8EE80000
Module End: 8EEA1000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 8EEA1000
Module End: 8EEA9000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 8EEA9000
Module End: 8EEB1000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 8EEBC000
Module End: 8EECA000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 8EF04000
Module End: 8EF0D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 8EF0D000
Module End: 8EF23000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 8EF23000
Module End: 8EF37000
Hidden: No

Module Name: C:\Windows\System32\Drivers\avgtdix.sys
Service Name: AvgTdiX
Module Base: 8EF37000
Module End: 8EF50000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 8EF50000
Module End: 8EF82000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 8EF82000
Module End: 8EFCA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 8EFCA000
Module End: 8EFE0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 8EFE0000
Module End: 8EFEE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 8E576000
Module End: 8E589000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 8E589000
Module End: 8E5C5000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 8EFEE000
Module End: 8EFF8000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 8E5C5000
Module End: 8E5DC000
Hidden: No

Module Name: C:\Windows\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: 8EFF8000
Module End: 8EFFE000
Hidden: No

Module Name: C:\Windows\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: 8DDA3000
Module End: 8DDF4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: 8E5DC000
Module End: 8E5F3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 8EFFE000
Module End: 8F000000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: 8EC00000
Module End: 8EC09000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: 8A1D5000
Module End: 8A1E5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 8E800000
Module End: 8E807000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\LHidFilt.Sys
Service Name: LHidFilt
Module Base: 8E5F3000
Module End: 8E5FB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: 8DDF4000
Module End: 8DDFC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\LMouFilt.Sys
Service Name: LMouFilt
Module Base: 8DC00000
Module End: 8DC08000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 8A3A4000
Module End: 8A3B1000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys
Service Name: ---
Module Base: 8A3B1000
Module End: 8A3BB000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_nvstor32.sys
Service Name: ---
Module Base: 8A3BB000
Module End: 8A3DF000
Hidden: Yes

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 8A1E5000
Module End: 8A1EF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 8A1EF000
Module End: 8A1FE000
Hidden: No

Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: 9A609000
Module End: 9A6B8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 9A6B8000
Module End: 9A6C8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: 9A6C8000
Module End: 9A6F2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: 9A6F2000
Module End: 9A6FC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: 9A6FC000
Module End: 9A70F000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: 9A70F000
Module End: 9A77A000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: 9A77A000
Module End: 9A797000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: 9A797000
Module End: 9A7B0000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: 9A7B0000
Module End: 9A7C5000
Hidden: No

Module Name: C:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: 9A7C5000
Module End: 9A7E5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: 807DB000
Module End: 807FA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: 9C80E000
Module End: 9C847000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: 9C847000
Module End: 9C85F000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: 9C85F000
Module End: 9C886000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: 9C886000
Module End: 9C8D2000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: 9C8EA000
Module End: 9C9C8000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: 9C9C8000
Module End: 9C9D2000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: 9C9D2000
Module End: 9C9DE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: 9C9DE000
Module End: 9C9F4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\Lbd.sys
Service Name: Lbd
Module Base: 9C8D2000
Module End: 9C8E1000
Hidden: No

Module Name: \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: 9C8E1000
Module End: 9C8E4000
Hidden: Yes

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 8EE66000
Module End: 8EE6D000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 8EEB1000
Module End: 8EEBC000
Hidden: No

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwFlushInstructionCache
At Address: 81FF330B
Jump To: 8728D45A
Module Name: _unknown_

Hooked Function: ZwEnumerateKey
At Address: 82048BA2
Jump To: 872972DA
Module Name: _unknown_

Hooked Function: IofCompleteRequest
At Address: 81E7AFE2
Jump To: 872912D2
Module Name: _unknown_

Hooked Function: IofCallDriver
At Address: 81EFCF6F
Jump To: 872962D2
Module Name: _unknown_

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: ELDON:55281
Remote Address: STATIC.91.213.46.78.CLIENTS.YOUR-SERVER.DE:HTTPS
Type: TCP
Process: C:\WINDOWS\System32\svchost.exe
State: CLOSE_WAIT

Local Address: ELDON:54725
Remote Address: PSAPI.J.TV2N.NET:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: CLOSE_WAIT

Local Address: ELDON:54724
Remote Address: CDN.EYEWONDER.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: ELDON:54723
Remote Address: EYEWOND.FCOD.LLNWD.NET:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: ELDON:54720
Remote Address: REDIR.ADAP.TV:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: CLOSE_WAIT

Local Address: ELDON:54718
Remote Address: CDN.EYEWONDER.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: CLOSE_WAIT

Local Address: ELDON:54632
Remote Address: EQVAMEGAADVIP1.DOUBLECLICK.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:54425
Remote Address: OPTIMIZEDBY.RMXADS.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:54423
Remote Address: NETWORK.REALMEDIA.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: ELDON:55999
Remote Address: LOCALHOST:55998
Type: TCP
Process: 5592 (PID)
State: ESTABLISHED

Local Address: ELDON:55998
Remote Address: LOCALHOST:55999
Type: TCP
Process: 5592 (PID)
State: ESTABLISHED

Local Address: ELDON:55997
Remote Address: LOCALHOST:55996
Type: TCP
Process: 5592 (PID)
State: ESTABLISHED

Local Address: ELDON:55996
Remote Address: LOCALHOST:55997
Type: TCP
Process: 5592 (PID)
State: ESTABLISHED

Local Address: ELDON:54722
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: ESTABLISHED

Local Address: ELDON:54721
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT

Local Address: ELDON:54719
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: ESTABLISHED

Local Address: ELDON:54717
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: ESTABLISHED

Local Address: ELDON:54716
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT

Local Address: ELDON:54244
Remote Address: LOCALHOST:10080
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:54221
Remote Address: LOCALHOST:10080
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:54142
Remote Address: LOCALHOST:10080
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:33233
Remote Address: 0.0.0.0:0
Type: TCP
Process: 3012 (PID)
State: LISTENING

Local Address: ELDON:18080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: ELDON:15190
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: ELDON:15050
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: ELDON:13128
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: ELDON:11863
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: ELDON:10110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgemc.exe
State: LISTENING

Local Address: ELDON:10080
Remote Address: LOCALHOST:54722
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: ELDON:10080
Remote Address: LOCALHOST:54721
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: FIN_WAIT2

Local Address: ELDON:10080
Remote Address: LOCALHOST:54719
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: FIN_WAIT1

Local Address: ELDON:10080
Remote Address: LOCALHOST:54717
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: ELDON:10080
Remote Address: LOCALHOST:54716
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: FIN_WAIT2

Local Address: ELDON:10080
Remote Address: LOCALHOST:54714
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54709
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54708
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54707
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54706
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54703
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54702
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54700
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54698
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54696
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54694
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54692
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54689
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54688
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54686
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54684
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54677
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54676
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54675
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54674
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54673
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54672
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54670
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54668
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54665
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54664
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54662
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54660
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54658
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54655
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54654
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54652
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54650
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54647
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54645
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54644
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54641
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54633
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54628
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54625
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54623
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54621
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54619
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54616
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54615
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54613
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54610
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54608
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54606
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54605
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54601
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54598
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54596
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54594
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54592
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54590
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54588
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54586
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54583
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54582
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54579
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54578
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54576
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54574
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54572
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54569
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54567
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54566
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54564
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54562
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54559
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54558
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54555
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54554
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54552
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54550
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54546
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54545
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54544
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54539
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54538
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54536
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54533
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54532
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54530
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54528
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54525
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54523
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54522
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54520
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54516
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54515
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54514
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54510
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54507
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54505
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54503
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54500
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54499
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54497
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54495
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54493
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54491
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54488
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54487
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54484
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54483
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54481
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54479
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54477
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54475
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54473
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54469
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54467
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54466
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54465
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54463
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54460
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54459
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54456
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54455
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54453
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54451
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54448
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54447
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54445
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54443
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54439
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54438
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54437
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54432
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54428
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54427
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54424
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54419
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54417
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54415
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54412
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54411
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54409
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54405
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54403
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54400
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54397
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54395
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54393
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54390
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54389
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54385
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54384
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54383
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54380
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54379
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54377
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54371
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54370
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54369
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54367
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54365
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54364
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54363
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54358
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54357
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54354
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54349
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54339
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54331
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54330
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54328
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54327
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54325
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54321
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54318
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54317
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54316
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54314
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54313
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54310
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54306
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54303
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54302
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54300
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54299
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54297
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54293
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54292
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54290
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54285
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54284
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54279
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54278
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54277
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54276
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54275
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54273
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54271
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54265
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54260
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54259
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54258
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54257
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54255
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54253
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54251
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54243
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54241
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54240
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54239
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54236
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54234
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54233
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54229
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54228
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54226
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54225
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54223
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54218
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54217
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54215
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54213
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54210
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54208
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54207
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54203
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54200
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54198
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54196
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54194
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54190
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54189
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54188
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54185
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54184
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54182
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54179
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54178
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54175
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54174
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54172
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54170
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54168
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54164
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54162
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54161
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54159
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54158
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54155
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54154
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54151
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54150
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54148
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54146
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: LOCALHOST:54144
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ELDON:10080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: ELDON:49166
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\services.exe
State: LISTENING

Local Address: ELDON:49161
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\svchost.exe
State: LISTENING

Local Address: ELDON:49158
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\svchost.exe
State: LISTENING

Local Address: ELDON:49157
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\lsass.exe
State: LISTENING

Local Address: ELDON:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\svchost.exe
State: LISTENING

Local Address: ELDON:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\wininit.exe
State: LISTENING

Local Address: ELDON:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: ELDON:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: ELDON:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\svchost.exe
State: LISTENING

Local Address: ELDON:60728
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: ELDON:SSDP
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: ELDON:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: ELDON:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: ELDON:60999
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: ELDON:60729
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: ELDON:SSDP
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: ELDON:63616
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: ELDON:63064
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: ELDON:LLMNR
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: ELDON:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: ELDON:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: ELDON:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: ELDON:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: ELDON:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found

Edited by EldonM, 11 August 2009 - 05:31 AM.

  • 0

#4
EldonM
Posted 11 August 2009 - 05:32 AM

EldonM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
OTS LOG

OTS logfile created on: 8/11/2009 7:09:36 AM - Run 1
OTS by OldTimer - Version 3.0.10.2	 Folder = C:\Users\pc\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 95.76% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.40 Gb Total Space | 69.63 Gb Free Space | 49.95% Space Free | Partition Type: NTFS
Drive D: | 9.65 Gb Total Space | 1.28 Gb Free Space | 13.26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ELDON
Current User Name: pc
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
avgam.exe -> C:\Program Files\AVG\AVG8\avgam.exe -> [2009/08/10 18:42:31 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgcsrvx.exe -> C:\Program Files\AVG\AVG8\avgcsrvx.exe -> [2009/08/10 18:42:34 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgemc.exe -> C:\Program Files\AVG\AVG8\avgemc.exe -> [2009/08/10 18:42:32 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgnsx.exe -> C:\Program Files\AVG\AVG8\avgnsx.exe -> [2009/08/10 18:42:34 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG8\avgrsx.exe -> [2009/08/10 18:42:34 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/08/10 18:42:31 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
conime.exe -> C:\Windows\System32\conime.exe -> [2008/01/20 22:33:52 | 00,069,120 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\Windows\Explorer.EXE -> [2008/10/29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation)
hphc_service.exe -> c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -> [2008/03/14 21:31:38 | 00,094,208 | ---- | M] (Hewlett-Packard)
iexplore.exe -> C:\Program Files\Internet Explorer\Iexplore.exe -> [2009/07/21 17:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files\Internet Explorer\Iexplore.exe -> [2009/07/21 17:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation)
java.exe -> C:\Program Files\Java\jre6\bin\java.exe -> [2009/08/10 20:49:43 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.)
jp2launcher.exe -> C:\Program Files\Java\jre6\bin\jp2launcher.exe -> [2009/08/10 20:49:43 | 00,022,816 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/08/10 20:49:43 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
khalmnpr.exe -> C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE -> [2009/02/19 00:28:52 | 00,076,304 | ---- | M] (Logitech, Inc.)
nvvsvc.exe -> C:\Windows\System32\nvvsvc.exe -> [2009/03/27 10:03:00 | 00,207,392 | ---- | M] (NVIDIA Corporation)
ots.exe -> C:\Users\pc\Desktop\OTS.exe -> [2009/08/11 06:29:44 | 00,514,048 | ---- | M] (OldTimer Tools)
rthdvcpl.exe -> C:\WINDOWS\RtHDVCpl.exe -> [2008/03/26 09:21:30 | 05,369,856 | ---- | M] (Realtek Semiconductor)
setpoint.exe -> C:\Program Files\Logitech\SetPoint\SetPoint.exe -> [2009/02/19 00:33:08 | 00,809,488 | ---- | M] (Logitech, Inc.)
wmpnetwk.exe -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/20 22:35:20 | 00,896,512 | ---- | M] (Microsoft Corporation)
wmpnscfg.exe -> C:\Program Files\Windows Media Player\wmpnscfg.exe -> [2008/01/20 22:35:20 | 00,202,240 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2008/07/27 14:03:11 | 00,034,312 | ---- | M] (Microsoft Corporation)
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Stopped] ->  -> File not found
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] ->  -> File not found
(avg8emc) AVG8 E-mail Scanner [Win32_Own | Auto | Running] -> C:\Program Files\AVG\AVG8\avgemc.exe -> [2009/08/10 18:42:32 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/08/10 18:42:31 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation)
(Eventlog) Windows Event Log [Win32_Shared | Auto | Running] -> C:\Windows\System32\wevtsvc.dll -> [2008/01/20 22:33:18 | 01,013,760 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/06/19 21:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation)
(GameConsoleService) GameConsoleService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -> [2007/12/04 20:41:34 | 00,181,784 | ---- | M] (WildTangent, Inc.)
(HP Health Check Service) HP Health Check Service [Win32_Own | Auto | Running] -> c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -> [2008/03/14 21:31:38 | 00,094,208 | ---- | M] (Hewlett-Packard)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/19 21:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation)
(LBTServ) Logitech Bluetooth Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -> [2009/02/19 00:30:20 | 00,121,360 | ---- | M] (Logitech, Inc.)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation)
(nvsvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> C:\Windows\System32\nvvsvc.exe -> [2009/03/27 10:03:00 | 00,207,392 | ---- | M] (NVIDIA Corporation)
(Steam Client Service) Steam Client Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Steam\SteamService.exe -> [2009/07/02 00:45:09 | 00,316,664 | ---- | M] (Valve Corporation)
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008/01/20 22:33:00 | 00,272,952 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Running] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/20 22:35:20 | 00,896,512 | ---- | M] (Microsoft Corporation)
(XAudioService) XAudioService [Win32_Own | Auto | Stopped] -> C:\Windows\System32\DRIVERS\xaudio.exe -> [2007/10/18 11:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/07/03 10:49:06 | 01,029,456 | ---- | M] (Lavasoft)
 
[Driver Services - Safe List]
(A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\A3AB.sys -> [2006/10/16 03:58:36 | 00,472,832 | ---- | M] (D-Link Corporation)
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2008/01/20 22:32:46 | 00,422,968 | ---- | M] (Adaptec, Inc.)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2008/01/20 22:32:51 | 00,300,600 | ---- | M] (Adaptec, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2008/01/20 22:32:52 | 00,101,432 | ---- | M] (Adaptec, Inc.)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2008/01/20 22:32:53 | 00,149,560 | ---- | M] (Adaptec, Inc.)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2008/01/20 22:32:21 | 00,017,464 | ---- | M] (Acer Laboratories Inc.)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2008/01/20 22:32:49 | 00,079,416 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2008/01/20 22:32:50 | 00,079,928 | ---- | M] (Adaptec, Inc.)
(ati2mtag) ati2mtag [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ati2mtag.sys -> [2006/11/02 03:36:43 | 01,523,200 | ---- | M] (ATI Technologies Inc.)
(AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> C:\Windows\System32\Drivers\avgldx86.sys -> [2009/08/10 18:42:52 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\Windows\System32\Drivers\avgmfx86.sys -> [2009/08/10 18:42:52 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgRkx86) avgrkx86.sys [File_System | Boot | Running] -> C:\Windows\System32\Drivers\avgrkx86.sys -> [2009/08/10 18:42:56 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG8 Network Redirector [Kernel | System | Running] -> C:\Windows\System32\Drivers\avgtdix.sys -> [2009/08/10 18:42:56 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2008/01/20 22:32:21 | 00,019,000 | ---- | M] (CMD Technology, Inc.)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\E1G60I32.sys -> [2008/01/20 22:32:50 | 00,118,784 | ---- | M] (Intel Corporation)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2008/01/20 22:32:48 | 00,342,584 | ---- | M] (Emulex)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2008/01/20 22:32:52 | 00,040,504 | ---- | M] (Hewlett-Packard Company)
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2008/01/20 22:32:49 | 00,235,064 | ---- | M] (Intel Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\RTKVHDA.sys -> [2008/03/26 14:35:54 | 02,103,512 | ---- | M] (Realtek Semiconductor Corp.)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\L8042Kbd.sys -> [2008/12/18 23:43:06 | 00,020,240 | ---- | M] (Logitech, Inc.)
(L8042mou) SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\L8042mou.Sys -> [2008/12/18 23:43:12 | 00,063,248 | ---- | M] (Logitech, Inc.)
(LHidFilt) Logitech SetPoint KMDF HID Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\LHidFilt.Sys -> [2008/12/18 23:43:40 | 00,035,472 | ---- | M] (Logitech, Inc.)
(LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\LMouFilt.Sys -> [2008/12/18 23:43:48 | 00,037,392 | ---- | M] (Logitech, Inc.)
(LMouKE) SetPoint Mouse Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\LMouKE.Sys -> [2008/12/18 23:43:54 | 00,079,248 | ---- | M] (Logitech, Inc.)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2008/01/20 22:32:49 | 00,096,312 | ---- | M] (LSI Logic)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2008/01/20 22:32:51 | 00,089,656 | ---- | M] (LSI Logic)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2008/01/20 22:32:48 | 00,096,312 | ---- | M] (LSI Logic)
(LUsbFilt) Logitech SetPoint KMDF USB Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\LUsbFilt.Sys -> [2008/12/18 23:44:00 | 00,028,816 | ---- | M] (Logitech, Inc.)
(MBAMSwissArmy) MBAMSwissArmy [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2008/01/20 22:32:53 | 00,031,288 | ---- | M] (LSI Corporation)
(MegaSR) MegaSR [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasr.sys -> [2008/01/20 22:32:52 | 00,386,616 | ---- | M] (LSI Corporation, Inc.)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\nvmfdx32.sys -> [2008/01/29 08:55:00 | 01,042,464 | ---- | M] (NVIDIA Corporation)
(nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\nvlddmkm.sys -> [2009/03/27 10:03:00 | 07,738,816 | ---- | M] (NVIDIA Corporation)
(nvraid) NVIDIA nForce RAID Driver	[Kernel | Boot | Running] -> C:\Windows\system32\drivers\nvraid.sys -> [2008/01/20 22:32:47 | 00,102,968 | ---- | M] (NVIDIA Corporation)
(nvrd32) NVIDIA nForce RAID Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvrd32.sys -> [2008/01/25 15:02:04 | 00,132,128 | ---- | M] (NVIDIA Corporation)
(nvsmu) nvsmu [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvsmu.sys -> [2007/10/12 11:53:10 | 00,013,312 | ---- | M] (NVIDIA Corporation)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2008/01/20 22:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation)
(nvstor32) nvstor32 [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\nvstor32.sys -> [2008/01/25 15:02:02 | 00,140,832 | ---- | M] (NVIDIA Corporation)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2008/01/20 22:32:50 | 01,122,360 | ---- | M] (QLogic Corporation)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation)
(secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2008/01/20 22:32:52 | 00,074,808 | ---- | M] (Silicon Integrated Systems)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2008/01/20 22:32:45 | 00,238,648 | ---- | M] (ULi Electronics Inc.)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2008/01/20 22:32:49 | 00,115,816 | ---- | M] (Promise Technology, Inc.)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usbaudio.sys -> [2008/01/20 22:32:47 | 00,073,088 | ---- | M] (Microsoft Corporation)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2008/01/20 22:32:21 | 00,020,024 | ---- | M] (VIA Technologies, Inc.)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2008/01/20 22:32:49 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd)
(XAudio) XAudio [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\XAudio.exe -> [2007/10/18 11:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.)
(Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\Lbd.sys -> [2009/07/03 10:49:08 | 00,064,160 | ---- | M] (Lavasoft AB)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-976446966-681447286-595784949-1000\] > -> -> 
HKEY_USERS\S-1-5-21-976446966-681447286-595784949-1000\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt -> 
HKEY_USERS\S-1-5-21-976446966-681447286-595784949-1000\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-976446966-681447286-595784949-1000\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_USERS\S-1-5-21-976446966-681447286-595784949-1000\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt -> 
HKEY_USERS\S-1-5-21-976446966-681447286-595784949-1000\: Main\\"StartPageCache" -> 1 -> 
HKEY_USERS\S-1-5-21-976446966-681447286-595784949-1000\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\pc\AppData\Roaming\Mozilla\FireFox\Profiles\hwov6o0m.default\prefs.js -> 
browser.startup.homepage -> "http://www.google.com/" ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.5 ->
extensions.enabledItems -> [email protected]:2.0.2 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.0 ->
extensions.enabledItems -> [email protected]:1.5.1 ->
extensions.enabledItems -> [email protected]:1.4 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13 ->
< FireFox Settings [User.js] > -> C:\Users\pc\AppData\Roaming\Mozilla\FireFox\Profiles\hwov6o0m.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/05/05 23:43:53 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\PROGRAM FILES\AVG\AVG8\FIREFOX [C:\PROGRAM FILES\AVG\AVG8\FIREFOX] -> [2009/08/10 18:42:31 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/08/10 15:00:34 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/08/10 20:49:53 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
 -> C:\Users\pc\AppData\Roaming\mozilla\Extensions -> [2009/05/05 06:45:30 | 00,000,000 | ---D | M]
 -> C:\Users\pc\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/05/05 06:45:30 | 00,000,000 | ---D | M]
 -> C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\hwov6o0m.default\extensions -> [2009/08/10 21:01:19 | 00,097,075 | ---- | M] ()
 -> C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\hwov6o0m.default\extensions\[email protected] -> [2009/08/10 21:01:19 | 00,097,075 | ---- | M] ()
 -> C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\hwov6o0m.default\extensions\[email protected] -> [2009/08/10 21:01:19 | 00,097,075 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/08/04 06:06:59 | 09,747,960 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/08/04 06:06:59 | 09,747,960 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} -> [2009/08/04 06:06:59 | 09,747,960 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/08/10 15:00:34 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/08/04 06:06:57 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/08/04 06:06:57 | 00,134,648 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/08/10 20:49:53 | 00,000,000 | ---D | M]
libdivx.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\libdivx.dll -> [2009/05/01 17:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/)
npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/08/10 20:49:43 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.)
npdivx32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdivx32.dll -> [2009/05/12 14:46:20 | 01,650,992 | ---- | M] (DivX,Inc.)
npdivx32.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdivx32.xpt -> [2009/05/01 17:02:24 | 00,001,691 | ---- | M] ()
npDivxPlayerPlugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npDivxPlayerPlugin.dll -> [2009/05/18 18:41:32 | 00,098,304 | ---- | M] (DivX, Inc)
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/08/04 06:06:58 | 00,065,528 | ---- | M] (mozilla.org)
nppdf32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.)
npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009/06/05 17:07:47 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009/06/05 17:07:47 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009/06/05 17:07:47 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009/06/05 17:07:47 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009/06/05 17:07:48 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009/06/05 17:07:48 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009/06/05 17:07:48 | 00,143,360 | ---- | M] (Apple Inc.)
npViewpoint.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npViewpoint.dll -> [2007/04/16 13:07:12 | 00,180,293 | ---- | M] ()
npViewpoint.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npViewpoint.xpt -> [2006/10/09 14:26:35 | 00,000,266 | ---- | M] ()
nsIDivxPlayerPlugin.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nsIDivxPlayerPlugin.xpt -> [2009/05/01 17:02:32 | 00,000,297 | ---- | M] ()
QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009/06/05 17:07:47 | 00,004,208 | ---- | M] ()
ssldivx.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ssldivx.dll -> [2009/05/01 17:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/)
< FireFox SearchPlugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009/08/10 18:43:01 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2009/04/23 20:39:08 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/04/23 20:39:08 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/04/23 20:39:08 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2009/04/23 20:39:08 | 00,002,343 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/04/23 20:39:08 | 00,001,706 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/04/23 20:39:08 | 00,001,178 | ---- | M] ()
< HOSTS File > (761 bytes and 20 lines) -> C:\Windows\System32\drivers\etc\Hosts -> 
Reset Hosts
127.0.0.1	   localhost
::1			 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/08/10 18:42:35 | 01,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/08/10 20:49:43 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC}" [HKLM] -> C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [Veoh Web Player Video Finder] -> [2009/05/19 19:06:34 | 00,429,816 | ---- | M] (Veoh Networks Inc)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"" ->  [] -> File not found
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/10/15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"AVG8_TRAY" -> C:\Program Files\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009/08/10 18:42:32 | 02,000,152 | ---- | M] (AVG Technologies CZ, s.r.o.)
"HP Health Check Scheduler" ->  [[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> File not found
"iCall Internet Phone" -> C:\Program Files\iCall\iCall.exe ["C:\Program Files\iCall\iCall.exe" /startup] -> [2008/12/18 15:44:40 | 01,587,576 | ---- | M] ()
"Kernel and Hardware Abstraction Layer" -> C:\Windows\KHALMNPR.Exe [KHALMNPR.EXE] -> [2008/12/18 23:42:58 | 00,076,304 | ---- | M] (Logitech, Inc.)
"NvCplDaemon" -> C:\Windows\System32\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2009/03/27 10:03:00 | 13,687,328 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\Windows\System32\NvMcTray.DLL [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2009/03/27 10:03:00 | 00,092,704 | ---- | M] (NVIDIA Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/05/26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.)
"RtHDVCpl" -> C:\Windows\RtHDVCpl.exe [RtHDVCpl.exe] -> [2008/03/26 09:21:30 | 05,369,856 | ---- | M] (Realtek Semiconductor)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/08/10 20:49:43 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"Malwarebytes' Anti-Malware" -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent] -> [2009/08/03 13:36:14 | 00,419,088 | ---- | M] (Malwarebytes Corporation)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/20 22:32:56 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 22:33:07 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/20 22:32:56 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 22:33:07 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-976446966-681447286-595784949-1000\] > -> HKEY_USERS\S-1-5-21-976446966-681447286-595784949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Aim6" ->  [] -> File not found
"VeohPlugin" -> C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe ["C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"] -> [2009/05/19 19:26:22 | 03,561,720 | ---- | M] (Veoh Networks)
"WMPNSCFG" -> C:\Program Files\Windows Media Player\WMPNSCFG.exe [C:\Program Files\Windows Media Player\WMPNSCFG.exe] -> [2008/01/20 22:35:20 | 00,202,240 | ---- | M] (Microsoft Corporation)
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [2] -> File not found
\\"ConsentPromptBehaviorUser" ->  [1] -> File not found
\\"EnableInstallerDetection" ->  [1] -> File not found
\\"EnableLUA" ->  [0] -> File not found
\\"EnableSecureUIAPaths" ->  [1] -> File not found
\\"EnableVirtualization" ->  [1] -> File not found
\\"PromptOnSecureDesktop" ->  [1] -> File not found
\\"ValidateAdminCodeSignatures" ->  [0] -> File not found
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"scforceoption" ->  [0] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"FilterAdministratorToken" ->  [0] -> File not found
\\"EnableUIADesktopToggle" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" ->  [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" ->  [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" ->  [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" ->  [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" ->  [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" ->  [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" ->  [17] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-976446966-681447286-595784949-1000] > -> HKEY_USERS\S-1-5-21-976446966-681447286-595784949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-976446966-681447286-595784949-1000\] > -> HKEY_USERS\S-1-5-21-976446966-681447286-595784949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-976446966-681447286-595784949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-976446966-681447286-595784949-1000\] > -> HKEY_USERS\S-1-5-21-976446966-681447286-595784949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-976446966-681447286-595784949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.15.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{33000C66-1337-4448-A07E-36AA893185EB}\\DhcpNameServer -> 192.168.15.1   (D-Link WDA-2320 Desktop Adapter) -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2009/08/10 18:42:56 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\iCall\iCall.exe" -> C:\Program Files\iCall\iCall.exe [C:\Program Files\iCall\iCall.exe:*:Enabled:iCall] -> [2008/12/18 15:44:40 | 01,587,576 | ---- | M] ()
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\autoexec.bat [ NTFS ] -> [2008/05/10 00:40:56 | 00,000,074 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
 
[Registry - Additional Scans - Safe List]
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 8/10/2009 3:38:01 PM Computer Name = Eldon | Source = Windows Search Service | ID = 3013 -> Description = 
Application [ Error ] 8/10/2009 3:38:01 PM Computer Name = Eldon | Source = Windows Search Service | ID = 3013 -> Description = 
Application [ Error ] 8/10/2009 3:38:01 PM Computer Name = Eldon | Source = Windows Search Service | ID = 3013 -> Description = 
Application [ Error ] 8/10/2009 3:38:02 PM Computer Name = Eldon | Source = Windows Search Service | ID = 3013 -> Description = 
Application [ Error ] 8/10/2009 3:39:41 PM Computer Name = Eldon | Source = Application Error | ID = 1000 -> Description = Faulting application mbam.exe, version 1.37.0.0, time stamp 0x4a1c3007, faulting module mbam.exe, version 1.37.0.0, time stamp 0x4a1c3007, exception code 0x80000003, fault offset 0x00002dc0,  process id 0xb04, application start time 0x01ca19f24d963e51.
Application [ Error ] 8/10/2009 3:42:59 PM Computer Name = Eldon | Source = EventSystem | ID = 4609 -> Description = 
Application [ Error ] 8/10/2009 3:43:43 PM Computer Name = Eldon | Source = Application Error | ID = 1000 -> Description = Faulting application SUPERAntiSpyware.exe, version 4.27.0.1002, time stamp 0x4018a470, faulting module SUPERAntiSpyware.exe, version 4.27.0.1002, time stamp 0x4018a470, exception code 0x80000003, fault offset 0x000039e0,  process id 0x7c4, application start time 0x01ca19f2ddc727db.
Application [ Error ] 8/10/2009 3:44:04 PM Computer Name = Eldon | Source = WinMgmt | ID = 10 -> Description = 
Application [ Error ] 8/10/2009 3:45:53 PM Computer Name = Eldon | Source = Application Error | ID = 1000 -> Description = Faulting application SUPERAntiSpyware.exe, version 4.27.0.1002, time stamp 0x4018a470, faulting module SUPERAntiSpyware.exe, version 4.27.0.1002, time stamp 0x4018a470, exception code 0x80000003, fault offset 0x000039e0,  process id 0x5bc, application start time 0x01ca19f32b9f9f5b.
Application [ Error ] 8/10/2009 3:48:00 PM Computer Name = Eldon | Source = Application Error | ID = 1000 -> Description = Faulting application ViewpointService.exe, version 2.0.0.54, time stamp 0x459d73c0, faulting module ViewpointService.exe, version 2.0.0.54, time stamp 0x459d73c0, exception code 0x80000003, fault offset 0x00002250,  process id 0x9c4, application start time 0x01ca19f3764d68bb.
System [ Error ] 7/30/2009 3:08:13 AM Computer Name = Eldon | Source = HTTP | ID = 15016 -> Description = 
System [ Error ] 7/30/2009 3:09:42 AM Computer Name = Eldon | Source = Service Control Manager | ID = 7000 -> Description = 
System [ Error ] 7/30/2009 3:09:42 AM Computer Name = Eldon | Source = Service Control Manager | ID = 7000 -> Description = 
System [ Error ] 7/30/2009 3:09:42 AM Computer Name = Eldon | Source = Service Control Manager | ID = 7000 -> Description = 
System [ Error ] 7/30/2009 4:21:19 PM Computer Name = Eldon | Source = HTTP | ID = 15016 -> Description = 
System [ Error ] 7/30/2009 4:22:38 PM Computer Name = Eldon | Source = Service Control Manager | ID = 7000 -> Description = 
System [ Error ] 7/30/2009 4:22:38 PM Computer Name = Eldon | Source = Service Control Manager | ID = 7000 -> Description = 
System [ Error ] 7/30/2009 4:22:38 PM Computer Name = Eldon | Source = Service Control Manager | ID = 7000 -> Description = 
System [ Error ] 8/5/2009 9:31:48 PM Computer Name = Eldon | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.15.102 for the Network Card with network address 001CF0D9EEA2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 8/5/2009 9:33:51 PM Computer Name = Eldon | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.103 for the Network Card with network address 001CF0D9EEA2 has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
 
[Files/Folders - Created Within 30 Days]
SysProt -> C:\Users\pc\Desktop\SysProt -> [2009/08/11 06:32:08 | 00,000,000 | ---D | C]
OTS.exe -> C:\Users\pc\Desktop\OTS.exe -> [2009/08/11 06:29:42 | 00,514,048 | ---- | C] (OldTimer Tools)
Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2009/08/10 20:49:18 | 00,000,472 | ---- | C] ()
Lbd.sys -> C:\Windows\System32\drivers\Lbd.sys -> [2009/08/10 20:49:05 | 00,064,160 | ---- | C] (Lavasoft AB)
DRVSTORE -> C:\Windows\System32\DRVSTORE -> [2009/08/10 20:49:05 | 00,000,000 | ---D | C]
{EF63305C-BAD7-4144-9208-D65528260864} -> C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864} -> [2009/08/10 20:48:11 | 00,000,000 | -H-D | C]
Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2009/08/10 20:48:10 | 00,001,013 | ---- | C] ()
Lavasoft -> C:\ProgramData\Lavasoft -> [2009/08/10 20:48:02 | 00,000,000 | ---D | C]
Lavasoft -> C:\Program Files\Lavasoft -> [2009/08/10 20:48:02 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/08/10 20:46:01 | 00,000,824 | ---- | C] ()
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/08/10 20:45:58 | 00,038,160 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/08/10 20:45:57 | 00,019,096 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/08/10 20:45:57 | 00,000,000 | ---D | C]
IconCache.db -> C:\Users\pc\AppData\Local\IconCache.db -> [2009/08/10 19:46:50 | 04,265,769 | -H-- | C] ()
$AVG8.VAULT$ -> C:\$AVG8.VAULT$ -> [2009/08/10 18:45:23 | 00,000,000 | -H-D | C]
avgtdix.sys -> C:\Windows\System32\drivers\avgtdix.sys -> [2009/08/10 18:42:56 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgrkx86.sys -> C:\Windows\System32\drivers\avgrkx86.sys -> [2009/08/10 18:42:56 | 00,012,552 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2009/08/10 18:42:56 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.)
AVG 8.5.lnk -> C:\Users\Public\Desktop\AVG 8.5.lnk -> [2009/08/10 18:42:56 | 00,001,653 | ---- | C] ()
avgldx86.sys -> C:\Windows\System32\drivers\avgldx86.sys -> [2009/08/10 18:42:52 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> C:\Windows\System32\drivers\avgmfx86.sys -> [2009/08/10 18:42:52 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.)
incavi.avm -> C:\Windows\System32\drivers\Avg\incavi.avm -> [2009/08/10 18:42:42 | 39,716,319 | ---- | C] ()
microavi.avg -> C:\Windows\System32\drivers\Avg\microavi.avg -> [2009/08/10 18:42:40 | 00,060,243 | ---- | C] ()
miniavi.avg -> C:\Windows\System32\drivers\Avg\miniavi.avg -> [2009/08/10 18:42:39 | 00,463,779 | ---- | C] ()
avi7.avg -> C:\Windows\System32\drivers\Avg\avi7.avg -> [2009/08/10 18:42:37 | 06,061,540 | ---- | C] ()
Avg -> C:\Windows\System32\drivers\Avg -> [2009/08/10 18:42:37 | 00,000,000 | ---D | C]
avg8 -> C:\ProgramData\avg8 -> [2009/08/10 18:42:31 | 00,000,000 | ---D | C]
AVG -> C:\Program Files\AVG -> [2009/08/10 18:42:31 | 00,000,000 | ---D | C]
AVG8 -> C:\Users\pc\AppData\Roaming\AVG8 -> [2009/08/10 18:37:56 | 00,000,000 | ---D | C]
MalwareRemovalBot System Startup.job -> C:\Windows\tasks\MalwareRemovalBot System Startup.job -> [2009/08/10 17:09:30 | 00,000,428 | ---- | C] ()
MalwareRemovalBot Scheduled Scan.job -> C:\Windows\tasks\MalwareRemovalBot Scheduled Scan.job -> [2009/08/10 17:09:29 | 00,000,538 | ---- | C] ()
MalwareRemovalBot -> C:\Users\pc\AppData\Roaming\MalwareRemovalBot -> [2009/08/10 17:09:29 | 00,000,000 | ---D | C]
Enigma Software Group -> C:\Program Files\Enigma Software Group -> [2009/08/10 15:34:42 | 00,000,000 | ---D | C]
MSDOS.SYS -> C:\MSDOS.SYS -> [2009/08/10 15:14:34 | 00,000,000 | RHS- | C] ()
IO.SYS -> C:\IO.SYS -> [2009/08/10 15:14:34 | 00,000,000 | RHS- | C] ()
{BB65B0FB-5712-401b-B616-E69AC55E2757}.job -> C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job -> [2009/08/10 15:06:26 | 00,000,270 | -H-- | C] ()
{7B02EF0B-A410-4938-8480-9BA26420A627}.job -> C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job -> [2009/08/10 14:56:29 | 00,000,234 | -H-- | C] ()
New Folder -> C:\Users\pc\Desktop\New Folder -> [2009/08/05 20:56:25 | 00,000,000 | ---D | C]
RJ051470 -> C:\Users\pc\Documents\RJ051470 -> [2009/07/29 08:02:36 | 00,000,000 | ---D | C]
mshtml.dll -> C:\Windows\System32\mshtml.dll -> [2009/07/29 07:35:57 | 05,937,152 | ---- | C] (Microsoft Corporation)
ieframe.dll -> C:\Windows\System32\ieframe.dll -> [2009/07/29 07:35:56 | 11,067,392 | ---- | C] (Microsoft Corporation)
iertutil.dll -> C:\Windows\System32\iertutil.dll -> [2009/07/29 07:35:55 | 01,985,536 | ---- | C] (Microsoft Corporation)
urlmon.dll -> C:\Windows\System32\urlmon.dll -> [2009/07/29 07:35:55 | 01,208,832 | ---- | C] (Microsoft Corporation)
wininet.dll -> C:\Windows\System32\wininet.dll -> [2009/07/29 07:35:55 | 00,915,456 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\System32\msfeeds.dll -> [2009/07/29 07:35:55 | 00,594,432 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\System32\iedkcs32.dll -> [2009/07/29 07:35:55 | 00,386,048 | ---- | C] (Microsoft Corporation)
occache.dll -> C:\Windows\System32\occache.dll -> [2009/07/29 07:35:55 | 00,206,848 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2009/07/29 07:35:54 | 01,638,912 | ---- | C] (Microsoft Corporation)
inetcpl.cpl -> C:\Windows\System32\inetcpl.cpl -> [2009/07/29 07:35:54 | 01,469,440 | ---- | C] (Microsoft Corporation)
iepeers.dll -> C:\Windows\System32\iepeers.dll -> [2009/07/29 07:35:54 | 00,184,320 | ---- | C] (Microsoft Corporation)
ie4uinit.exe -> C:\Windows\System32\ie4uinit.exe -> [2009/07/29 07:35:54 | 00,173,056 | ---- | C] (Microsoft Corporation)
ieui.dll -> C:\Windows\System32\ieui.dll -> [2009/07/29 07:35:54 | 00,164,352 | ---- | C] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\System32\ieUnatt.exe -> [2009/07/29 07:35:54 | 00,133,632 | ---- | C] (Microsoft Corporation)
iesysprep.dll -> C:\Windows\System32\iesysprep.dll -> [2009/07/29 07:35:54 | 00,109,056 | ---- | C] (Microsoft Corporation)
iesetup.dll -> C:\Windows\System32\iesetup.dll -> [2009/07/29 07:35:54 | 00,071,680 | ---- | C] (Microsoft Corporation)
ieuinit.inf -> C:\Windows\System32\ieuinit.inf -> [2009/07/29 07:35:54 | 00,057,667 | ---- | C] ()
iernonce.dll -> C:\Windows\System32\iernonce.dll -> [2009/07/29 07:35:54 | 00,055,808 | ---- | C] (Microsoft Corporation)
msfeedsbs.dll -> C:\Windows\System32\msfeedsbs.dll -> [2009/07/29 07:35:54 | 00,055,296 | ---- | C] (Microsoft Corporation)
jsproxy.dll -> C:\Windows\System32\jsproxy.dll -> [2009/07/29 07:35:54 | 00,025,600 | ---- | C] (Microsoft Corporation)
msfeedssync.exe -> C:\Windows\System32\msfeedssync.exe -> [2009/07/29 07:35:54 | 00,013,312 | ---- | C] (Microsoft Corporation)
Blizzard Entertainment -> C:\Users\pc\AppData\Local\Blizzard Entertainment -> [2009/07/23 16:40:32 | 00,000,000 | ---D | C]
tmcomm.sys -> C:\Windows\System32\drivers\tmcomm.sys -> [2009/07/20 16:05:01 | 00,102,664 | ---- | C] (Trend Micro Inc.)
iCall Internet Phone.lnk -> C:\Users\pc\Desktop\iCall Internet Phone.lnk -> [2009/07/19 16:01:24 | 00,000,766 | ---- | C] ()
Leatrix Latency Fix for Windows (v1.11) -> C:\Users\pc\Desktop\Leatrix Latency Fix for Windows (v1.11) -> [2009/07/16 19:05:01 | 00,000,000 | ---D | C]
Mafia.jpg -> C:\Mafia.jpg -> [2009/07/15 14:09:28 | 00,560,478 | ---- | C] ()
t2embed.dll -> C:\Windows\System32\t2embed.dll -> [2009/07/15 06:58:22 | 00,156,672 | ---- | C] (Microsoft Corporation)
fontsub.dll -> C:\Windows\System32\fontsub.dll -> [2009/07/15 06:58:21 | 00,072,704 | ---- | C] (Microsoft Corporation)
dciman32.dll -> C:\Windows\System32\dciman32.dll -> [2009/07/15 06:58:21 | 00,010,240 | ---- | C] (Microsoft Corporation)
CD_Start.INI -> C:\Windows\CD_Start.INI -> [2009/05/13 19:28:03 | 00,000,032 | ---- | C] ()
WININIT.INI -> C:\Windows\WININIT.INI -> [2009/05/04 06:06:04 | 00,000,010 | ---- | C] ()
{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> [2009/05/03 21:49:54 | 00,000,262 | ---- | C] ()
physxcudart_20.dll -> C:\Windows\System32\physxcudart_20.dll -> [2008/10/07 09:13:30 | 00,197,912 | ---- | C] ()
AgCPanelTraditionalChinese.dll -> C:\Windows\System32\AgCPanelTraditionalChinese.dll -> [2008/10/07 09:13:22 | 00,058,648 | ---- | C] ()
AgCPanelSwedish.dll -> C:\Windows\System32\AgCPanelSwedish.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelSpanish.dll -> C:\Windows\System32\AgCPanelSpanish.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelSimplifiedChinese.dll -> C:\Windows\System32\AgCPanelSimplifiedChinese.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelPortugese.dll -> C:\Windows\System32\AgCPanelPortugese.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelKorean.dll -> C:\Windows\System32\AgCPanelKorean.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelJapanese.dll -> C:\Windows\System32\AgCPanelJapanese.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelGerman.dll -> C:\Windows\System32\AgCPanelGerman.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelFrench.dll -> C:\Windows\System32\AgCPanelFrench.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
pythoncom25.dll -> C:\Windows\System32\pythoncom25.dll -> [2008/05/10 00:17:56 | 00,327,680 | ---- | C] ()
pywintypes25.dll -> C:\Windows\System32\pywintypes25.dll -> [2008/05/10 00:17:56 | 00,102,400 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006/11/02 06:23:31 | 00,000,219 | ---- | C] ()
win.ini -> C:\Windows\win.ini -> [2006/11/02 06:23:31 | 00,000,144 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 03:40:29 | 00,013,750 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
ntuser.dat -> C:\Users\pc\ntuser.dat -> [2009/08/11 07:14:31 | 10,223,616 | -HS- | M] ()
{BB65B0FB-5712-401b-B616-E69AC55E2757}.job -> C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job -> [2009/08/11 07:00:07 | 00,000,270 | -H-- | M] ()
{7B02EF0B-A410-4938-8480-9BA26420A627}.job -> C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job -> [2009/08/11 07:00:02 | 00,000,234 | -H-- | M] ()
OTS.exe -> C:\Users\pc\Desktop\OTS.exe -> [2009/08/11 06:29:44 | 00,514,048 | ---- | M] (OldTimer Tools)
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/08/11 05:48:26 | 00,003,616 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/08/11 05:48:26 | 00,003,616 | -H-- | M] ()
MalwareRemovalBot Scheduled Scan.job -> C:\Windows\tasks\MalwareRemovalBot Scheduled Scan.job -> [2009/08/11 03:00:02 | 00,000,538 | ---- | M] ()
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [2009/08/11 00:03:31 | 00,104,228 | ---- | M] ()
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [2009/08/11 00:03:31 | 00,017,112 | ---- | M] ()
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [2009/08/11 00:03:31 | 00,003,864 | ---- | M] ()
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [2009/08/11 00:03:31 | 00,003,000 | ---- | M] ()
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [2009/08/11 00:03:31 | 00,000,000 | ---- | M] ()
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [2009/08/11 00:03:31 | 00,000,000 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2009/08/10 20:49:18 | 00,000,472 | ---- | M] ()
Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2009/08/10 20:48:10 | 00,001,013 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/08/10 20:46:01 | 00,000,824 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2009/08/10 19:55:06 | 00,747,142 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009/08/10 19:55:06 | 00,625,384 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009/08/10 19:55:06 | 00,116,946 | ---- | M] ()
MalwareRemovalBot System Startup.job -> C:\Windows\tasks\MalwareRemovalBot System Startup.job -> [2009/08/10 19:48:34 | 00,000,428 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/08/10 19:48:28 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/08/10 19:48:14 | 00,067,584 | --S- | M] ()
ntuser.dat{5fe0bb84-3889-11de-944d-0022150858ad}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\pc\ntuser.dat{5fe0bb84-3889-11de-944d-0022150858ad}.TMContainer00000000000000000001.regtrans-ms -> [2009/08/10 19:46:54 | 00,524,288 | -HS- | M] ()
ntuser.dat{5fe0bb84-3889-11de-944d-0022150858ad}.TM.blf -> C:\Users\pc\ntuser.dat{5fe0bb84-3889-11de-944d-0022150858ad}.TM.blf -> [2009/08/10 19:46:54 | 00,065,536 | -HS- | M] ()
IconCache.db -> C:\Users\pc\AppData\Local\IconCache.db -> [2009/08/10 19:46:50 | 04,265,769 | -H-- | M] ()
avgtdix.sys -> C:\Windows\System32\drivers\avgtdix.sys -> [2009/08/10 18:42:56 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrkx86.sys -> C:\Windows\System32\drivers\avgrkx86.sys -> [2009/08/10 18:42:56 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2009/08/10 18:42:56 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
AVG 8.5.lnk -> C:\Users\Public\Desktop\AVG 8.5.lnk -> [2009/08/10 18:42:56 | 00,001,653 | ---- | M] ()
incavi.avm -> C:\Windows\System32\drivers\Avg\incavi.avm -> [2009/08/10 18:42:52 | 39,716,319 | ---- | M] ()
avgldx86.sys -> C:\Windows\System32\drivers\avgldx86.sys -> [2009/08/10 18:42:52 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> C:\Windows\System32\drivers\avgmfx86.sys -> [2009/08/10 18:42:52 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
microavi.avg -> C:\Windows\System32\drivers\Avg\microavi.avg -> [2009/08/10 18:42:42 | 00,060,243 | ---- | M] ()
miniavi.avg -> C:\Windows\System32\drivers\Avg\miniavi.avg -> [2009/08/10 18:42:40 | 00,463,779 | ---- | M] ()
avi7.avg -> C:\Windows\System32\drivers\Avg\avi7.avg -> [2009/08/10 18:42:39 | 06,061,540 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2009/08/10 15:47:38 | 00,302,968 | ---- | M] ()
MSDOS.SYS -> C:\MSDOS.SYS -> [2009/08/10 15:14:34 | 00,000,000 | RHS- | M] ()
IO.SYS -> C:\IO.SYS -> [2009/08/10 15:14:34 | 00,000,000 | RHS- | M] ()
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [2009/08/10 14:51:38 | 04,194,304 | ---- | M] ()
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [2009/08/10 14:51:38 | 04,194,304 | ---- | M] ()
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation)
CCleaner.lnk -> C:\Users\pc\Desktop\CCleaner.lnk -> [2009/07/30 08:15:42 | 00,001,676 | ---- | M] ()
wininet.dll -> C:\Windows\System32\wininet.dll -> [2009/07/21 17:52:28 | 00,915,456 | ---- | M] (Microsoft Corporation)
urlmon.dll -> C:\Windows\System32\urlmon.dll -> [2009/07/21 17:52:13 | 01,208,832 | ---- | M] (Microsoft Corporation)
occache.dll -> C:\Windows\System32\occache.dll -> [2009/07/21 17:50:46 | 00,206,848 | ---- | M] (Microsoft Corporation)
mshtml.dll -> C:\Windows\System32\mshtml.dll -> [2009/07/21 17:48:31 | 05,937,152 | ---- | M] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\System32\msfeeds.dll -> [2009/07/21 17:48:27 | 00,594,432 | ---- | M] (Microsoft Corporation)
msfeedsbs.dll -> C:\Windows\System32\msfeedsbs.dll -> [2009/07/21 17:48:27 | 00,055,296 | ---- | M] (Microsoft Corporation)
jsproxy.dll -> C:\Windows\System32\jsproxy.dll -> [2009/07/21 17:47:47 | 00,025,600 | ---- | M] (Microsoft Corporation)
inetcpl.cpl -> C:\Windows\System32\inetcpl.cpl -> [2009/07/21 17:47:41 | 01,469,440 | ---- | M] (Microsoft Corporation)
ieui.dll -> C:\Windows\System32\ieui.dll -> [2009/07/21 17:47:28 | 00,164,352 | ---- | M] (Microsoft Corporation)
iesysprep.dll -> C:\Windows\System32\iesysprep.dll -> [2009/07/21 17:47:28 | 00,109,056 | ---- | M] (Microsoft Corporation)
iertutil.dll -> C:\Windows\System32\iertutil.dll -> [2009/07/21 17:47:27 | 01,985,536 | ---- | M] (Microsoft Corporation)
iesetup.dll -> C:\Windows\System32\iesetup.dll -> [2009/07/21 17:47:27 | 00,071,680 | ---- | M] (Microsoft Corporation)
ieframe.dll -> C:\Windows\System32\ieframe.dll -> [2009/07/21 17:47:26 | 11,067,392 | ---- | M] (Microsoft Corporation)
iepeers.dll -> C:\Windows\System32\iepeers.dll -> [2009/07/21 17:47:26 | 00,184,320 | ---- | M] (Microsoft Corporation)
iernonce.dll -> C:\Windows\System32\iernonce.dll -> [2009/07/21 17:47:26 | 00,055,808 | ---- | M] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\System32\iedkcs32.dll -> [2009/07/21 17:47:21 | 00,386,048 | ---- | M] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\System32\ieUnatt.exe -> [2009/07/21 16:13:58 | 00,133,632 | ---- | M] (Microsoft Corporation)
ie4uinit.exe -> C:\Windows\System32\ie4uinit.exe -> [2009/07/21 16:13:51 | 00,173,056 | ---- | M] (Microsoft Corporation)
msfeedssync.exe -> C:\Windows\System32\msfeedssync.exe -> [2009/07/21 16:13:15 | 00,013,312 | ---- | M] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2009/07/21 16:12:49 | 01,638,912 | ---- | M] (Microsoft Corporation)
ieuinit.inf -> C:\Windows\System32\ieuinit.inf -> [2009/07/21 14:31:43 | 00,057,667 | ---- | M] ()
iCall Internet Phone.lnk -> C:\Users\pc\Desktop\iCall Internet Phone.lnk -> [2009/07/19 16:01:24 | 00,000,766 | ---- | M] ()
Mafia.jpg -> C:\Mafia.jpg -> [2009/07/15 14:09:28 | 00,560,478 | ---- | M] ()
pc.dat -> C:\ProgramData\Microsoft\User Account Pictures\pc.dat -> [2009/04/08 14:15:55 | 00,000,000 | ---- | M] ()
wkcalcat.dat -> C:\ProgramData\Microsoft\works\wkcalcat.dat -> [2008/02/09 01:04:28 | 00,016,384 | ---- | M] ()
 
[File - Lop Check]
Roaming -> C:\Users\Default\AppData\Roaming -> [2006/11/02 07:18:34 | 00,000,000 | ---D | M]
Roaming -> C:\Users\Default User\AppData\Roaming -> [2006/11/02 07:18:34 | 00,000,000 | ---D | M]
Roaming -> C:\Users\pc\AppData\Roaming -> [2009/08/10 18:37:56 | 00,000,000 | ---D | M]
acccore -> C:\Users\pc\AppData\Roaming\acccore -> [2009/05/04 00:51:06 | 00,000,000 | ---D | M]
Atari -> C:\Users\pc\AppData\Roaming\Atari -> [2009/05/04 00:45:31 | 00,000,000 | ---D | M]
CyberLink -> C:\Users\pc\AppData\Roaming\CyberLink -> [2009/06/07 01:23:45 | 00,000,000 | ---D | M]
EyeballChatUserData -> C:\Users\pc\AppData\Roaming\EyeballChatUserData -> [2009/06/25 13:37:19 | 00,000,000 | ---D | M]
gtk-2.0 -> C:\Users\pc\AppData\Roaming\gtk-2.0 -> [2009/06/18 06:34:06 | 00,000,000 | ---D | M]
Leadertech -> C:\Users\pc\AppData\Roaming\Leadertech -> [2009/04/11 08:58:01 | 00,000,000 | ---D | M]
MalwareRemovalBot -> C:\Users\pc\AppData\Roaming\MalwareRemovalBot -> [2009/08/10 17:09:38 | 00,000,000 | ---D | M]
PeerNetworking -> C:\Users\pc\AppData\Roaming\PeerNetworking -> [2009/06/25 09:52:19 | 00,000,000 | ---D | M]
Snapfish -> C:\Users\pc\AppData\Roaming\Snapfish -> [2009/05/05 06:10:37 | 00,000,000 | ---D | M]
Template -> C:\Users\pc\AppData\Roaming\Template -> [2009/05/04 06:52:35 | 00,000,000 | ---D | M]
Uniblue -> C:\Users\pc\AppData\Roaming\Uniblue -> [2009/05/07 19:23:50 | 00,000,000 | ---D | M]
Ventrilo -> C:\Users\pc\AppData\Roaming\Ventrilo -> [2009/05/03 21:52:38 | 00,000,000 | ---D | M]
C:\Windows\Tasks\ -> C:\Windows\Tasks -> [2009/08/10 20:49:18 | 00,000,000 | ---D | M]
Ad-Aware Update (Weekly).job -> C:\Windows\Tasks\Ad-Aware Update (Weekly).job -> [2009/08/10 20:49:18 | 00,000,472 | ---- | M] ()
MalwareRemovalBot Scheduled Scan.job -> C:\Windows\Tasks\MalwareRemovalBot Scheduled Scan.job -> [2009/08/11 03:00:02 | 00,000,538 | ---- | M] ()
MalwareRemovalBot System Startup.job -> C:\Windows\Tasks\MalwareRemovalBot System Startup.job -> [2009/08/10 19:48:34 | 00,000,428 | ---- | M] ()
SA.DAT -> C:\Windows\Tasks\SA.DAT -> [2009/08/10 19:48:28 | 00,000,006 | -H-- | M] ()
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009/08/10 19:47:15 | 00,030,304 | ---- | M] ()
{7B02EF0B-A410-4938-8480-9BA26420A627}.job -> C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job -> [2009/08/11 07:00:02 | 00,000,234 | -H-- | M] ()
{BB65B0FB-5712-401b-B616-E69AC55E2757}.job -> C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job -> [2009/08/11 07:00:07 | 00,000,270 | -H-- | M] ()
 
[File - Purity Scan]
 
< End of report >

  • 0

#5
Perplexus
Posted 11 August 2009 - 06:30 AM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Hello and welcome to Geeks To Go!:)

My name is Perplexus and I will be helping you fix your computer problem.

I am still in training here, so there might be a delay between my replies as they need to be checked by a resident expert before I can post them. I appreciate your patience.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate, so stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Before we proceed to clean your computer from malware there are some points you should consider that will make the process go smoother:
  • To make sure that you receive an email when this topic is updated, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
  • Before beginning the fix, read this post completely. If there's anything that you do not understand, please ask your questions before proceeding as you may temporarily be disconnected from the internet. No question is considered dumb here. It's better to be safe than sorry!
  • Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.
  • It is IMPORTANT that you do not miss a step & perform everything in the correct order/sequence.
  • Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested, as it can be very dangerous and cause harm to your system.
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
---------------------------------------------------------------------------------------------

In the future, please do not encase the logs you post in a code box :)

I am currently reviewing your logs and will post back instructions soon.
  • 0

#6
EldonM
Posted 11 August 2009 - 12:05 PM

EldonM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
****Update****

AVG on a restart has now been spamming alert about 2 infections. I guesss they would be identified as SKYNET and UAC the actually file names are

c:/windows/system32/drivers/SKYNEThpyeiwib.sys
c:/windows/system32/SKYNETcgjsrivx.dll
c:/windows/systems32/UACkgwptdinep.dll

and also if i sit an watch if just keep making copies of itself. One is being identified as a trojan downloader (UAC) and other 2 are being identified as Trojan Rootkits.
  • 0

#7
Perplexus
Posted 11 August 2009 - 12:46 PM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Hi EldonM,

Let's see what we can do to get your machine clean. :)

------------------
Step 1:
------------------

Add/Remove Programs

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

  • MalwareRemovalBot


------------------
Step 2:
------------------

Start OTS. Copy/Paste the information in the code box below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Files/Folders - Created Within 30 Days]
NY -> MalwareRemovalBot System Startup.job -> C:\Windows\tasks\MalwareRemovalBot System Startup.job
NY -> MalwareRemovalBot Scheduled Scan.job -> C:\Windows\tasks\MalwareRemovalBot Scheduled Scan.job
NY -> MalwareRemovalBot -> C:\Users\pc\AppData\Roaming\MalwareRemovalBot
NY -> {BB65B0FB-5712-401b-B616-E69AC55E2757}.job -> C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
NY -> {7B02EF0B-A410-4938-8480-9BA26420A627}.job -> C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[Files/Folders - Modified Within 30 Days]
NY -> {BB65B0FB-5712-401b-B616-E69AC55E2757}.job -> C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
NY -> {7B02EF0B-A410-4938-8480-9BA26420A627}.job -> C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
NY -> MalwareRemovalBot Scheduled Scan.job -> C:\Windows\tasks\MalwareRemovalBot Scheduled Scan.job
NY -> MalwareRemovalBot System Startup.job -> C:\Windows\tasks\MalwareRemovalBot System Startup.job
[File - Lop Check]
NY -> MalwareRemovalBot -> C:\Users\pc\AppData\Roaming\MalwareRemovalBot
NY -> MalwareRemovalBot Scheduled Scan.job -> C:\Windows\Tasks\MalwareRemovalBot Scheduled Scan.job
NY -> MalwareRemovalBot System Startup.job -> C:\Windows\Tasks\MalwareRemovalBot System Startup.job
NY -> {7B02EF0B-A410-4938-8480-9BA26420A627}.job -> C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
NY -> {BB65B0FB-5712-401b-B616-E69AC55E2757}.job -> C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[Purity]
[Empty Temp Folders]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

------------------
Step 3:
------------------

Download Combofix from any of the links below and save it to your desktop. You must rename it to ComboFix.com and set the Save as type to All Files before saving it.

Link 1
Link 2

Posted Image

Posted Image


Double click on ComboFix.com & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt log so we can continue cleaning the system.

------------------
Step 4:
------------------

Please post back with the following:
  • How your machine is running
  • OTS Fix log
  • C:\ComboFix.txt log

  • 0

#8
EldonM
Posted 11 August 2009 - 09:06 PM

EldonM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
OTS LOG

All Processes Killed
[Files/Folders - Created Within 30 Days]
C:\Windows\tasks\MalwareRemovalBot System Startup.job moved successfully.
C:\Windows\tasks\MalwareRemovalBot Scheduled Scan.job moved successfully.
C:\Users\pc\AppData\Roaming\MalwareRemovalBot\Settings folder moved successfully.
C:\Users\pc\AppData\Roaming\MalwareRemovalBot\Log folder moved successfully.
C:\Users\pc\AppData\Roaming\MalwareRemovalBot folder moved successfully.
C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job moved successfully.
C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job moved successfully.
[Files/Folders - Modified Within 30 Days]
File C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job not found!
File C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job not found!
File C:\Windows\tasks\MalwareRemovalBot Scheduled Scan.job not found!
File C:\Windows\tasks\MalwareRemovalBot System Startup.job not found!
[File - Lop Check]
File C:\Users\pc\AppData\Roaming\MalwareRemovalBot not found!
File C:\Windows\Tasks\MalwareRemovalBot Scheduled Scan.job not found!
File C:\Windows\Tasks\MalwareRemovalBot System Startup.job not found!
File C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job not found!
File C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job not found!
[Purity]
Purity scan complete.
[Empty Temp Folders]


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: pc
->Temp folder emptied: 221599212 bytes
->Temporary Internet Files folder emptied: 8915652 bytes
->Java cache emptied: 55347475 bytes
->FireFox cache emptied: 73799164 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\2cd4e73b-8502-49cd-8892-f1d31e988f2b.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\c175956f-6270-4edf-8fb5-d23fd9dc139b.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\c8911522-a1df-49ab-b3e1-f0a93ef36b68.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 5702 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 343.01 mb

< End of fix log >
OTS by OldTimer - Version 3.0.10.2 fix logfile created on 08112009_222210

Files\Folders moved on Reboot...
C:\Windows\temp\2cd4e73b-8502-49cd-8892-f1d31e988f2b.tmp moved successfully.
C:\Windows\temp\c175956f-6270-4edf-8fb5-d23fd9dc139b.tmp moved successfully.
C:\Windows\temp\c8911522-a1df-49ab-b3e1-f0a93ef36b68.tmp moved successfully.

Registry entries deleted on Reboot...
  • 0

#9
EldonM
Posted 11 August 2009 - 09:07 PM

EldonM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
COMBOFIX LOG

ComboFix 09-08-10.06 - pc 1/2009 Tue 22:38.1.2 - NTFSx86
Running from: c:\users\pc\Downloads\ComboFix.com
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: MalwareRemovalBot *disabled* (Updated) {A1232420-73C1-4975-8BAE-9C821D8B8D78}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\Installer\3aee55.msi
c:\windows\system32\drivers\UACotfcxvymqt.sys
c:\windows\system32\UACdbubtcpelb.dll
c:\windows\system32\UACgkbnbqhaah.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkgwptdinep.dll
c:\windows\system32\UACrfratominu.db
c:\windows\system32\UACrwymuiddno.dll
c:\windows\system32\UACxmaxdmpijd.dll


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))
.

2009-08-12 02:50 . 2009-08-12 02:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-12 02:22 . 2009-08-12 02:22 -------- d-----w- C:\_OTS
2009-08-11 00:49 . 2009-08-11 00:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-11 00:49 . 2009-08-11 00:49 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-11 00:49 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-11 00:48 . 2009-08-11 00:48 -------- dc-h--w- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-11 00:48 . 2009-08-11 00:49 -------- d-----w- c:\progra~2\Lavasoft
2009-08-11 00:48 . 2009-08-11 00:48 -------- d-----w- c:\program files\Lavasoft
2009-08-11 00:45 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-11 00:45 . 2009-08-11 00:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-11 00:45 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 22:45 . 2009-08-11 17:52 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-10 22:42 . 2009-08-10 22:42 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-08-10 22:42 . 2009-08-10 22:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-10 22:42 . 2009-08-10 22:42 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-10 22:42 . 2009-08-10 22:42 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-10 22:42 . 2009-08-10 22:42 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-10 22:42 . 2009-08-11 22:52 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-10 22:42 . 2009-08-11 18:30 -------- d-----w- c:\progra~2\avg8
2009-08-10 22:42 . 2009-08-10 22:42 -------- d-----w- c:\program files\AVG
2009-08-10 22:37 . 2009-08-10 22:37 -------- d-----w- c:\users\pc\AppData\Roaming\AVG8
2009-08-10 19:34 . 2009-08-10 19:34 -------- d-----w- c:\program files\Enigma Software Group
2009-08-10 18:58 . 2009-08-11 22:32 91 ----a-w- c:\windows\system32\SKYNETrssurmoe.dat
2009-08-10 18:57 . 2009-08-10 18:57 20480 ----a-w- c:\windows\system32\SKYNETcgjsrivx.dll
2009-08-10 18:56 . 2009-08-11 22:32 19957 ----a-w- c:\windows\system32\SKYNETfmkwtqsq.dat
2009-08-10 18:56 . 2009-08-12 02:59 70656 ----a-w- c:\windows\system32\drivers\SKYNEThpyeiwib.sys
2009-08-10 18:56 . 2009-08-10 18:56 44544 ----a-w- c:\windows\system32\SKYNETejrxdymx.dll
2009-07-23 20:40 . 2009-07-23 20:40 -------- d-----w- c:\users\pc\AppData\Local\Blizzard Entertainment
2009-07-20 20:05 . 2009-05-09 04:03 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-07-15 10:58 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 10:58 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 10:58 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 10:58 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 03:00 . 2009-07-01 20:54 -------- d-----w- c:\program files\iCall
2009-08-11 00:49 . 2008-05-10 04:42 -------- d-----w- c:\program files\Java
2009-08-10 19:19 . 2009-06-25 17:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-26 21:16 . 2009-05-04 02:09 -------- d-----w- c:\program files\Steam
2009-07-21 21:52 . 2009-07-29 11:35 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 11:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 11:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 11:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-15 20:23 . 2009-06-25 16:54 -------- d-----w- c:\progra~2\Yahoo!
2009-07-15 20:23 . 2008-05-10 04:55 -------- d-----w- c:\program files\Yahoo!
2009-07-15 18:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-09 22:29 . 2009-04-08 18:21 74352 ----a-w- c:\users\pc\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-03 12:42 . 2009-05-04 02:09 -------- d-----w- c:\program files\Common Files\Steam
2009-06-29 21:15 . 2009-06-29 21:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-06-28 13:30 . 2009-05-04 03:40 -------- d-----w- c:\program files\DivX
2009-06-28 13:30 . 2009-05-04 03:40 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-27 07:01 . 2009-04-08 18:18 -------- d-----w- c:\program files\Microsoft Works
2009-06-25 17:37 . 2009-06-25 17:37 -------- d-----w- c:\users\pc\AppData\Roaming\EyeballChatUserData
2009-06-25 17:26 . 2009-06-25 17:26 -------- d-----w- c:\program files\Microsoft
2009-06-25 17:18 . 2009-06-25 17:18 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-25 16:55 . 2009-06-25 16:55 -------- d-----w- c:\users\pc\AppData\Roaming\Yahoo!
2009-06-25 13:52 . 2009-06-25 13:52 -------- d-----w- c:\users\pc\AppData\Roaming\PeerNetworking
2009-06-22 10:48 . 2009-06-22 10:48 29422 ----a-r- c:\users\pc\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_294823.exe
2009-06-22 10:48 . 2009-06-22 10:48 23558 ----a-r- c:\users\pc\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_18be6784.exe
2009-06-18 10:34 . 2009-06-13 01:27 -------- d-----w- c:\users\pc\AppData\Roaming\gtk-2.0
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-11 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iCall Internet Phone"="c:\program files\iCall\iCall.exe" [2008-12-18 1587576]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-10 2000152]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-19 76304]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-3 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A0F3010C-EDED-448F-BA34-A7C4F648124F}"= Profile=Public|c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{8D694A1D-5C1C-45D7-9F9C-3E49FCF20725}"= Profile=Public|c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"{3BD4EACE-D721-439B-9994-87AFFE21AE6F}"= Profile=Public|c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{14EBA6E8-0DFA-4150-8D5A-6A1E40140308}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{3B8E3CD7-3B86-4C76-83DA-B9DB034B351F}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{9456FEA2-0226-4BB1-9E2D-6E51EBE0BBD4}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2C1D1AF4-0E5E-4B9A-95DD-29E5F47E09B7}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C213E9A9-1DFC-480C-BB57-C8E2C1908018}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{CE1F88AE-B377-4D24-876D-6B0AA237134D}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{E86996D4-D31D-499E-B690-F850A4398FD0}"= UDP:c:\users\Public\Games\World of Warcraft\Launcher.exe:World of Warcraft
"{482F3615-7FE3-481D-AA71-F659A3747EC8}"= TCP:c:\users\Public\Games\World of Warcraft\Launcher.exe:World of Warcraft
"{FB4FA511-00E3-43FC-85C4-9FE20AC9DD77}"= UDP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:BackgroundDownloader
"{DADD39FF-CDFA-46C2-9252-16AC562489F2}"= TCP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:BackgroundDownloader
"{DE03CA48-6B56-4FA9-BE65-44AE64C2F754}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{29FE6ECB-6E41-41D8-9684-63590ED4F112}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{AAF611EC-321C-4D14-BB44-106B644488AD}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{FA68B420-2AF4-4657-9E8C-30AE7C0F97A5}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8C628AA5-B52C-4F06-8083-FA0D4869D344}"= Disabled:c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{B6459DBC-DB5A-4B61-980C-AAF27FB4719D}"= Disabled:c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{FC0DF4FE-77B0-4F44-BCA6-387092A82E09}"= Disabled:c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"TCP Query User{701E631E-FBC0-4EEB-858E-7C9BF48D7F8A}c:\\program files\\icall\\icall.exe"= Disabled:UDP:c:\program files\icall\icall.exe:iCall Internet Phone
"UDP Query User{6F97430B-0992-4967-9FB4-8CC5B4490E11}c:\\program files\\icall\\icall.exe"= Disabled:TCP:c:\program files\icall\icall.exe:iCall Internet Phone
"{E1E0AE5E-7E87-4028-9CF9-EFFC4FDA297D}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{880AF07D-2BA0-4AA1-9909-FD40B341DF3D}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{96765EEC-C146-4BEC-AACB-CEA36DC87C7B}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:Blizzard Downloader
"{96DA82C9-C224-4E2B-AE96-10EFC01CB1CE}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:Blizzard Downloader
"{220E9EDD-F31B-48B6-A15C-890118F8D3C1}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{843C02F3-24CB-4447-85CE-72D30FF5AAD2}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{28F793EB-BE69-4C5D-ADA4-6985E44C9F60}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{B1E3FD48-712A-455A-8C1E-E51926FA32A4}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{0823A206-DD42-4147-9775-E4DC33716378}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{EF15B55F-B1B4-4512-A747-3F22CFD5586E}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DisabledInterfaces"= {4E04C502-EDEC-449A-8A2C-135C7CCF7662},{AB7FBB3F-AAAD-447C-97C0-9EFCFC1C3A01}

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\iCall\\iCall.exe"= c:\program files\iCall\iCall.exe:*:Enabled:iCall

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [8/10/2009 6:42 PM 12552]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [8/10/2009 8:49 PM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [8/10/2009 6:42 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [8/10/2009 6:42 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/10/2009 6:42 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/10/2009 6:42 PM 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/4/2009 12:49 AM 24652]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\System32\drivers\A3AB.sys [5/3/2009 9:43 PM 472832]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [8/10/2009 8:45 PM 38160]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\users\pc\Desktop\SysProt\SysProtDrv.sys [8/11/2009 7:11 AM 44288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\hwov6o0m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-11 23:00
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SKYNETsivprlvc]
"imagepath"="\systemroot\system32\drivers\SKYNEThpyeiwib.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SKYNETsivprlvc]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\SKYNEThpyeiwib.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3504)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-08-12 23:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-12 03:05

Pre-Run: 74,731,429,888 bytes free
Post-Run: 74,491,461,632 bytes free

249 --- E O F --- 2009-08-10 18:52
  • 0

#10
EldonM
Posted 11 August 2009 - 09:10 PM

EldonM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
****UPDATE****

Well AVG didn't flip the heck out on reboot about trojan downloaders and rootkits so thats a plus. As for over all activity i will reply tomorrow or sooner if something comes up again.
  • 0

Advertisements

#11
Perplexus
Posted 12 August 2009 - 01:48 PM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Hi EldonM,

We still have some more to clean and I would like to do a couple more scans.

------------------
Step 1:
------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
c:\windows\system32\SKYNETrssurmoe.dat
c:\windows\system32\SKYNETcgjsrivx.dll
c:\windows\system32\SKYNETfmkwtqsq.dat
c:\windows\system32\drivers\SKYNEThpyeiwib.sys
c:\windows\system32\SKYNETejrxdymx.dll

RegLockDel::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SKYNETsivprlvc]

Driver::
SKYNETsivprlvc

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

------------------
Step 2:
------------------

Posted ImageRun Malwarebytes' Anti-Malware
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

------------------
Step 3:
------------------

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.



------------------
Step 4:
------------------

Please post back with the following:
  • How your machine is running
  • C:\ComboFix.txt
  • MBAM log
  • AVPTool log

  • 0

#12
EldonM
Posted 14 August 2009 - 11:22 AM

EldonM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
MBAM LOG

Malwarebytes' Anti-Malware 1.40
Database version: 2614
Windows 6.0.6001 Service Pack 1

8/13/2009 4:46:37 PM
mbam-log-2009-08-13 (16-46-37).txt

Scan type: Full Scan (C:\|)
Objects scanned: 218738
Time elapsed: 57 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#13
EldonM
Posted 14 August 2009 - 11:24 AM

EldonM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
COMBOFIX LOG

ComboFix 09-08-10.06 - pc 3/2009 Thu 8:15.3.2 - NTFSx86 MINIMAL
Running from: c:\users\pc\Desktop\ComboFix.Com.exe
Command switches used :: c:\users\pc\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: MalwareRemovalBot *disabled* (Updated) {A1232420-73C1-4975-8BAE-9C821D8B8D78}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\SKYNEThpyeiwib.sys"
"c:\windows\system32\SKYNETcgjsrivx.dll"
"c:\windows\system32\SKYNETejrxdymx.dll"
"c:\windows\system32\SKYNETfmkwtqsq.dat"
"c:\windows\system32\SKYNETrssurmoe.dat"
.
/wow section not completed

((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 12:21 . 2009-08-13 12:22 118816 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-13 12:13 . 2009-08-13 12:13 -------- d-----w- c:\progra~2\is-5MJSP
2009-08-13 12:12 . 2008-07-08 18:54 148496 ----a-w- c:\windows\system32\drivers\06659393.sys
2009-08-13 12:11 . 2009-08-13 12:11 -------- d-----w- c:\progra~2\is-F2V8N
2009-08-13 12:11 . 2008-07-08 18:54 148496 ----a-w- c:\windows\system32\drivers\62378827.sys
2009-08-13 01:43 . 2009-08-13 12:22 -------- d-----w- c:\users\pc\AppData\Local\temp
2009-08-13 01:43 . 2009-08-13 01:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-13 01:43 . 2009-08-13 01:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-12 02:28 . 2009-08-12 03:05 -------- d-s---w- C:\ComboFix
2009-08-12 02:22 . 2009-08-12 02:22 -------- d-----w- C:\_OTS
2009-08-11 23:25 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 23:25 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 23:25 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 23:25 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 23:25 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 23:25 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 23:25 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 23:24 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-11 00:49 . 2009-08-11 00:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-11 00:49 . 2009-08-11 00:49 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-11 00:49 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-11 00:48 . 2009-08-11 00:48 -------- dc-h--w- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-11 00:48 . 2009-08-11 00:49 -------- d-----w- c:\progra~2\Lavasoft
2009-08-11 00:48 . 2009-08-11 00:48 -------- d-----w- c:\program files\Lavasoft
2009-08-11 00:45 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-11 00:45 . 2009-08-11 00:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-11 00:45 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 22:45 . 2009-08-12 16:37 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-10 22:42 . 2009-08-10 22:42 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-08-10 22:42 . 2009-08-10 22:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-10 22:42 . 2009-08-10 22:42 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-10 22:42 . 2009-08-10 22:42 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-10 22:42 . 2009-08-10 22:42 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-10 22:42 . 2009-08-12 22:23 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-10 22:42 . 2009-08-11 18:30 -------- d-----w- c:\progra~2\avg8
2009-08-10 22:42 . 2009-08-10 22:42 -------- d-----w- c:\program files\AVG
2009-08-10 22:37 . 2009-08-10 22:37 -------- d-----w- c:\users\pc\AppData\Roaming\AVG8
2009-08-10 19:34 . 2009-08-10 19:34 -------- d-----w- c:\program files\Enigma Software Group
2009-07-23 20:40 . 2009-07-23 20:40 -------- d-----w- c:\users\pc\AppData\Local\Blizzard Entertainment
2009-07-20 20:05 . 2009-05-09 04:03 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-07-15 10:58 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 10:58 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 10:58 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 10:58 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 12:22 . 2009-07-01 20:54 -------- d-----w- c:\program files\iCall
2009-08-13 12:21 . 2009-08-13 12:21 0 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-12 04:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-11 00:49 . 2008-05-10 04:42 -------- d-----w- c:\program files\Java
2009-08-10 19:19 . 2009-06-25 17:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-26 21:16 . 2009-05-04 02:09 -------- d-----w- c:\program files\Steam
2009-07-21 21:52 . 2009-07-29 11:35 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 11:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 11:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 11:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-15 20:23 . 2009-06-25 16:54 -------- d-----w- c:\progra~2\Yahoo!
2009-07-15 20:23 . 2008-05-10 04:55 -------- d-----w- c:\program files\Yahoo!
2009-07-09 22:29 . 2009-04-08 18:21 74352 ----a-w- c:\users\pc\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-03 12:42 . 2009-05-04 02:09 -------- d-----w- c:\program files\Common Files\Steam
2009-06-29 21:15 . 2009-06-29 21:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-06-28 13:30 . 2009-05-04 03:40 -------- d-----w- c:\program files\DivX
2009-06-28 13:30 . 2009-05-04 03:40 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-27 07:01 . 2009-04-08 18:18 -------- d-----w- c:\program files\Microsoft Works
2009-06-25 17:37 . 2009-06-25 17:37 -------- d-----w- c:\users\pc\AppData\Roaming\EyeballChatUserData
2009-06-25 17:26 . 2009-06-25 17:26 -------- d-----w- c:\program files\Microsoft
2009-06-25 17:18 . 2009-06-25 17:18 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-25 16:55 . 2009-06-25 16:55 -------- d-----w- c:\users\pc\AppData\Roaming\Yahoo!
2009-06-25 13:52 . 2009-06-25 13:52 -------- d-----w- c:\users\pc\AppData\Roaming\PeerNetworking
2009-06-22 10:48 . 2009-06-22 10:48 29422 ----a-r- c:\users\pc\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_294823.exe
2009-06-22 10:48 . 2009-06-22 10:48 23558 ----a-r- c:\users\pc\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_18be6784.exe
2009-06-18 10:34 . 2009-06-13 01:27 -------- d-----w- c:\users\pc\AppData\Roaming\gtk-2.0
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-08-13_01.38.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:02 . 2009-08-13 01:39 75390 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-08 18:17 . 2009-08-13 01:39 10476 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-976446966-681447286-595784949-1000_UserData.bin
+ 2009-04-08 18:13 . 2009-08-13 02:47 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-08 18:13 . 2009-08-12 22:23 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-08 18:13 . 2009-08-12 22:23 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-08 18:13 . 2009-08-13 02:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-08 18:13 . 2009-08-12 22:23 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-08 18:13 . 2009-08-13 02:47 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:25 . 2009-08-13 01:38 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2009-08-13 01:26 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:33 . 2009-08-12 17:55 625384 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-08-13 01:43 625384 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-12 17:55 116946 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-08-13 01:43 116946 c:\windows\System32\perfc009.dat
- 2006-11-02 12:44 . 2009-08-10 19:47 302968 c:\windows\System32\FNTCACHE.DAT
+ 2006-11-02 12:44 . 2009-08-13 12:21 302968 c:\windows\System32\FNTCACHE.DAT
+ 2006-11-02 10:25 . 2009-08-13 01:38 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-08-13 01:26 143360 c:\windows\inf\infstrng.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-11 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iCall Internet Phone"="c:\program files\iCall\iCall.exe" [2008-12-18 1587576]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-10 2000152]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-19 76304]

c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
is-5MJSP.lnk - c:\users\pc\Desktop\Virus Removal Tool1\is-5MJSP\startup.exe [2009-8-13 65536]
is-F2V8N.lnk - c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\startup.exe [2009-8-13 65536]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-3 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A0F3010C-EDED-448F-BA34-A7C4F648124F}"= Profile=Public|c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{8D694A1D-5C1C-45D7-9F9C-3E49FCF20725}"= Profile=Public|c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"{3BD4EACE-D721-439B-9994-87AFFE21AE6F}"= Profile=Public|c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{14EBA6E8-0DFA-4150-8D5A-6A1E40140308}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{3B8E3CD7-3B86-4C76-83DA-B9DB034B351F}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{9456FEA2-0226-4BB1-9E2D-6E51EBE0BBD4}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2C1D1AF4-0E5E-4B9A-95DD-29E5F47E09B7}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C213E9A9-1DFC-480C-BB57-C8E2C1908018}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{CE1F88AE-B377-4D24-876D-6B0AA237134D}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{E86996D4-D31D-499E-B690-F850A4398FD0}"= UDP:c:\users\Public\Games\World of Warcraft\Launcher.exe:World of Warcraft
"{482F3615-7FE3-481D-AA71-F659A3747EC8}"= TCP:c:\users\Public\Games\World of Warcraft\Launcher.exe:World of Warcraft
"{FB4FA511-00E3-43FC-85C4-9FE20AC9DD77}"= UDP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:BackgroundDownloader
"{DADD39FF-CDFA-46C2-9252-16AC562489F2}"= TCP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:BackgroundDownloader
"{DE03CA48-6B56-4FA9-BE65-44AE64C2F754}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{29FE6ECB-6E41-41D8-9684-63590ED4F112}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{AAF611EC-321C-4D14-BB44-106B644488AD}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{FA68B420-2AF4-4657-9E8C-30AE7C0F97A5}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8C628AA5-B52C-4F06-8083-FA0D4869D344}"= Disabled:c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{B6459DBC-DB5A-4B61-980C-AAF27FB4719D}"= Disabled:c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{FC0DF4FE-77B0-4F44-BCA6-387092A82E09}"= Disabled:c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"TCP Query User{701E631E-FBC0-4EEB-858E-7C9BF48D7F8A}c:\\program files\\icall\\icall.exe"= Disabled:UDP:c:\program files\icall\icall.exe:iCall Internet Phone
"UDP Query User{6F97430B-0992-4967-9FB4-8CC5B4490E11}c:\\program files\\icall\\icall.exe"= Disabled:TCP:c:\program files\icall\icall.exe:iCall Internet Phone
"{E1E0AE5E-7E87-4028-9CF9-EFFC4FDA297D}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{880AF07D-2BA0-4AA1-9909-FD40B341DF3D}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{96765EEC-C146-4BEC-AACB-CEA36DC87C7B}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:Blizzard Downloader
"{96DA82C9-C224-4E2B-AE96-10EFC01CB1CE}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:Blizzard Downloader
"{220E9EDD-F31B-48B6-A15C-890118F8D3C1}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{843C02F3-24CB-4447-85CE-72D30FF5AAD2}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{28F793EB-BE69-4C5D-ADA4-6985E44C9F60}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{B1E3FD48-712A-455A-8C1E-E51926FA32A4}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{0823A206-DD42-4147-9775-E4DC33716378}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{EF15B55F-B1B4-4512-A747-3F22CFD5586E}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DisabledInterfaces"= {4E04C502-EDEC-449A-8A2C-135C7CCF7662},{AB7FBB3F-AAAD-447C-97C0-9EFCFC1C3A01}

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\iCall\\iCall.exe"= c:\program files\iCall\iCall.exe:*:Enabled:iCall

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [8/10/2009 6:42 PM 12552]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [8/10/2009 8:49 PM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [8/10/2009 6:42 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [8/10/2009 6:42 PM 108552]
R1 is-5MJSPdrv;is-5MJSPdrv;c:\windows\System32\drivers\06659393.sys [8/13/2009 8:12 AM 148496]
R1 is-F2V8Ndrv;is-F2V8Ndrv;c:\windows\System32\drivers\62378827.sys [8/13/2009 8:11 AM 148496]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/10/2009 6:42 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/10/2009 6:42 PM 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/4/2009 12:49 AM 24652]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\System32\drivers\A3AB.sys [5/3/2009 9:43 PM 472832]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [8/10/2009 8:45 PM 38160]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\users\pc\Desktop\SysProt\SysProtDrv.sys [8/11/2009 7:11 AM 44288]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IS-5MJSPDRV
*NewlyCreated* - IS-F2V8NDRV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.worldofwarcraft.com/info/classes/talent-index/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\hwov6o0m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 08:21
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3092)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG8\avgwdsvc.exe
c:\program files\AVG\AVG8\avgemc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\users\pc\Desktop\Virus Removal Tool1\is-5MJSP\is-5MJSP.exe
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\is-F2V8N.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-08-13 8:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-13 12:27
ComboFix2.txt 2009-08-13 01:43
ComboFix3.txt 2009-08-12 03:05

Pre-Run: 69,648,568,320 bytes free
Post-Run: 69,561,741,312 bytes free

268 --- E O F --- 2009-08-12 04:23
  • 0

#14
EldonM
Posted 14 August 2009 - 11:29 AM

EldonM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
*****UPDATE*****

AVP Tool was not able to run because it keeps encountering a problem and has to shut down. Also now Kaper-whatever has 2 new processes that keep popping up.

is-5MJSP.exe
is-F2V8N.exe

Both AVG and MBAM did not find anything but any fullscreen programs like World of Warcraft and other games keep minimizing for no reason at random times still and now my firefox has been freezing up.
  • 0

#15
Perplexus
Posted 14 August 2009 - 12:28 PM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Hi EldonM,

AVPTool didn't seem to do so well. We will clean that up and then I want to get a couple more logs. Let me know how your machine is running after these steps.

------------------
Step 1:
------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
c:\windows\system32\drivers\fidbox.idx
c:\windows\system32\drivers\fidbox.dat
c:\windows\system32\drivers\06659393.sys
c:\windows\system32\drivers\62378827.sys
c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-5MJSP.lnk
c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-F2V8N.lnk

Folder::
c:\program files\is-5MJSP
c:\program files\is-F2V8N
c:\users\pc\Desktop\Virus Removal Tool

Registry::

Driver::
is-5MJSPdrv
is-F2V8Ndrv

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

------------------
Step 2:
------------------

Download RootRepeal from one of the following locations:Unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

------------------
Step 3:
------------------

Go to ESET Online Scanner to perorm an online scan.
  • Note: You will need to use Internet Explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.

------------------
Step 4:
------------------

Please post back with the following:
  • How your machine is running
  • C:\ComboFix.txt
  • RootRepeal.txt
  • C:\Program Files\Eset\Eset Online Scanner\log.txt

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP