popnjaye
-
Posts
10 -
Joined
-
Last visited
-
I ran the event viewer but it states that "Event Log Service is unavaliable. Verify that the service is running" When i went into Admin tools -> Services to start the Windows Event log service, the error message says Error 1747: The Authentication service is unknown.
-
Hi Running chkdsk found no problems. Scanning with MBAM again still hangs on vds.exe Jaye
-
Unfortunately my problems are still the same as when we started. My start programs fail to load, my anti virus software still cannot be started, I cannot connect to the internet and there is still an abnormally long waiting time when loading up the profile. I still cannot complete a MBAM scan as it crashes at c:\\windows\system32\vds_ps.dll. Let me know if you can think of anything else to do!
-
Here is the Extra's file boss! OTL Extras logfile created on: 7/12/2010 1:57:27 AM - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Jaye\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 43.95 Gb Total Space | 1.23 Gb Free Space | 2.80% Space Free | Partition Type: NTFS Drive D: | 246.33 Gb Total Space | 0.63 Gb Free Space | 0.26% Space Free | Partition Type: NTFS Computer Name: JAYE-PC | User Name: Jaye | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08468A86-9F24-4A90-8EF1-93E4EC9EEA6C}" = lport=138 | protocol=17 | dir=in | app=system | "{08C4F7AF-70B9-4190-B6A1-02148A7C77D4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{1A70BBFD-D092-4134-9B46-8C3686741D36}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{234F3659-9580-4E02-9734-D9567A6CE40E}" = rport=137 | protocol=17 | dir=out | app=system | "{2578CA78-8D3D-4E03-903F-B0F43CF5D6A5}" = lport=2869 | protocol=6 | dir=in | app=system | "{2831C864-85ED-468B-B750-84516DAF514C}" = rport=445 | protocol=6 | dir=out | app=system | "{4C97F10A-FE8A-4FEF-B2E4-C87EF499C537}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{55183C0E-D235-4EDC-80DB-B48E720967A1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5E58CEA7-D069-4F2C-811F-9C3608C4429E}" = lport=137 | protocol=17 | dir=in | app=system | "{8319BEF1-1486-4278-AF08-60845168CD1B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{914A9871-3DC2-4CCB-AD6D-4CC7E0072C0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{95FCD31E-314E-4EDE-92A3-02EC823DD823}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{ADEE04E6-7412-44E4-B847-EA932F27B1DF}" = rport=139 | protocol=6 | dir=out | app=system | "{B029D040-E1AC-4280-950D-377641A50A5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B1960AB6-BD82-480A-A9C5-1ECB9D02C63F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{CFCB0ABA-14AE-453B-B5FB-D6B8C63F9C2E}" = lport=139 | protocol=6 | dir=in | app=system | "{D74EE6AE-3E9F-4409-88A8-1C5F809D58D3}" = rport=138 | protocol=17 | dir=out | app=system | "{DB0FAA17-7084-40AE-93CA-499E268A7F98}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{EB42E5A8-36AB-4365-9973-9A0AD17494B6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F1816F82-F985-4BA6-9E16-996FFC52F7E7}" = lport=445 | protocol=6 | dir=in | app=system | "{F2324751-EEA4-4F2E-86AE-B92D14985E5D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{F94B5706-65EA-465D-8093-48316D35AF2B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00CA1DA4-E587-43A8-A09B-0C4C35433D72}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\everyday shooter\everydayshooter.exe | "{013434AA-4314-49D1-AD5D-BCA1597E24B5}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\mrrobot\mrrobot.exe | "{0368EAD6-559F-4354-A1B0-49A0FDC7EBCD}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\crayon physics deluxe\launcher.exe | "{04270173-5FC4-4DB8-9D32-E5CADF1BA58E}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{04972203-72A0-4B3C-9859-5C5C56F9AD17}" = protocol=17 | dir=in | app=d:\games\wow trial\world of warcraft\wow-3.2.0-enus-downloader.exe | "{08228B39-5BF0-4740-94A8-84C07A5D9B76}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\overlord\overlord.exe | "{094BFA50-1080-4E19-9A49-A07FA17538D9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{0C157DDB-8CA8-4521-9C47-A3377381136C}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | "{0D3BAB01-C1DE-41AE-817C-7980C1B2D644}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0DD0A390-98F6-4812-B233-B1C8CE3F1BBB}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe | "{10DAA64E-9ECD-4C7F-AE76-92DEE8BD56EC}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\titan quest\help.htm | "{137E1E51-465B-4884-A4D1-05BF9F0B303A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\overlord\config.exe | "{13B7AA42-4994-4DE7-8321-74275D3039BC}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\world of goo\worldofgoo.exe | "{141D33DE-DE42-442B-9450-3E6DDAEF4B53}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\king arthur - the role-playing wargame\kingarthur.exe | "{153489F6-54A8-41DF-93C0-3D18BD86CC0C}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\zombie driver\release\zombiedriver.exe | "{17102A4E-41AE-4B35-9E18-BC88BF303F34}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{185760BD-BE9E-4B98-A9FE-20CD611D8C37}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\jade empire\jadeempirelauncher.exe | "{185F3E5D-7FA4-410A-8EBC-0F3980D753A5}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe | "{19E1197E-331F-4A44-9912-097506AC7D12}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\titan quest\titan quest.exe | "{1C2CB8E0-2E70-458F-801C-7997AC3B4222}" = protocol=6 | dir=in | app=d:\games\wow trial\world of warcraft\wow-3.2.0-enus-downloader.exe | "{1D480781-49B9-4487-900B-E1B540425BFF}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\titan quest immortal throne\help.htm | "{1D79F510-7DDE-4B6E-A8D1-0319B48F0635}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\homestar ruiner\homestar101.exe | "{1DE61EBD-5F69-4E48-9BE6-34F2F551F799}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\eets\eets.exe | "{2274487B-C21F-4C31-A896-CECCC6B57BC2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{288664EC-78B0-4EC8-82F7-AB80D23EC892}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\toki tori\tokitori.exe | "{2BD44967-C4D1-4622-9E7D-09860663FB8B}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\overlord\config.exe | "{2EFA59DB-CAEA-476C-9163-8621D87BB0B6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{30CFE8CE-396F-468A-B031-9455745257FD}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe | "{33F433B8-BA8D-45D6-95DF-C0E15B551208}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{36D09D3E-5F4D-4A22-A084-AF237E4581D2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{36D543DB-70DC-4250-B013-9DE44613A8E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{37976514-0153-4D55-8925-911AF2537C41}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\toki tori\tokitori.exe | "{3860508F-4B7D-4538-90E2-00594EB1FAEE}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\titan quest immortal throne\help.htm | "{38F9AF87-B207-4145-8F7E-C6818C268D7A}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\titan quest immortal throne\tqit.exe | "{3B4E6208-B778-438A-8616-4AD7988325DA}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\titan quest\help.htm | "{3B96172A-DF88-4443-BAED-423A82C240AB}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\world of goo\worldofgoo.exe | "{42D65741-5714-4A16-9135-D56FB83354AC}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\king arthur - the role-playing wargame\kingarthurmulti.exe | "{46AF13A2-ACE9-498C-B314-9BC849697196}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\homestar ruiner\homestar101.exe | "{46CCC109-D670-407E-B306-DD3C16A9866C}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\toki tori\tokitori.exe | "{47BDD2AF-21D7-42CF-BCB7-9F362FBA6968}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{4BB7CB02-7DD7-4CEE-B2BA-1AF8816DE3F1}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\homestar ruiner\homestar101.exe | "{4EC47DAA-1F92-4989-A7CA-407C982AEE97}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\world of goo\worldofgoo.exe | "{507A6623-7492-47F5-A72D-6D0574CBDFE7}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\mount and blade\runme.exe | "{53005E64-4005-47C7-9824-5B183FFF96E1}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe | "{5368C30A-3BC6-48BA-80F5-27AEBC06CAD0}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\titan quest\help.htm | "{5396CFD5-FD27-4D91-8E18-793895D3A766}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe | "{5726F378-CE3B-4FA3-AFF0-4F0401338803}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{5FFB093A-D1E6-407B-BCEC-1CA418D1881B}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\homestar ruiner\homestar101.exe | "{64E9FF0E-0101-4E3D-B8CA-61240CC888B1}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\everyday shooter\everydayshooter.exe | "{65D82866-42A5-48AA-AE9D-9F8055F56789}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\mrrobot\mrrobot.exe | "{67563800-B4FE-4054-851D-339C61E815BC}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\overlord\overlord.exe | "{68F39D59-9291-46B3-AC95-D507487AF93B}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\king arthur - the role-playing wargame\kingarthur.exe | "{6EF5C1C9-6AE4-4624-89C1-63C9A6944B21}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\king arthur - the role-playing wargame\kingarthurmulti.exe | "{70AA9234-BF12-4E60-80C9-7C9ECDD57A34}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\titan quest\titan quest.exe | "{7115D07F-68F7-4C21-B607-D3C6A67333A9}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\loom\loom.exe | "{767DB5AA-D772-4DB6-AA94-71AA385D5F47}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\titan quest\titan quest.exe | "{78783968-C329-4795-A348-D9DFA266852D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{7A96C3C3-2FA3-455D-8301-D3BDD57894B9}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\king arthur - the role-playing wargame\kingarthurmulti.exe | "{7E074FE6-273E-4152-98B0-6FC36B9CB9ED}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{7FCF3C2C-3772-4929-95C2-3F9CAB57DEDB}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\overlord\overlord.exe | "{805D4B21-5879-4C2C-B698-992A1C871FBA}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\everyday shooter\everydayshooter.exe | "{81462775-9410-410F-A599-639041737DA4}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\overlord\config.exe | "{8218AEA0-E524-46E0-A053-EA568FE3A778}" = protocol=6 | dir=in | app=d:\games\dragon age\daoriginslauncher.exe | "{83483B46-55E9-4D14-89F3-1BCBCB85390F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{85D1E454-6349-4F00-B05E-19F339C53A35}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{8B5F27C3-B30B-404F-A2EF-FC53CF841ABF}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\crayon physics deluxe\launcher.exe | "{8C713829-F5E5-4CB3-BF71-BD2BA7CDD804}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\trine\trine_launcher.exe | "{8F1C68E0-0C1F-47E5-A908-20F73B87F0EC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{93B8FCF3-6C52-4424-A14E-A2E20D5B1191}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\titan quest\help.htm | "{9554940F-A298-42CE-8A8D-D7D82D064146}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\king arthur - the role-playing wargame\kingarthur.exe | "{96038E55-E4CB-450B-9D93-775DF6C27FFB}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\crayon physics deluxe\launcher.exe | "{96BE1FB1-18AE-425D-9803-4E9D381B386A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\world of goo\worldofgoo.exe | "{9D6D7826-EB34-46F5-A859-C2AD868736F4}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 | "{9F517EED-B4B6-45C9-A4C5-C740DFCA44F9}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\jade empire\jadeempireconfig.exe | "{A22E42BC-5A09-4EA6-A8E2-CDE68C2FF686}" = protocol=17 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe | "{A34101D7-FC75-4732-9E62-2336B9E34190}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\mount and blade\runme.exe | "{A415D778-6BCF-4869-A33A-8D0CF0C1C887}" = protocol=6 | dir=in | app=d:\games\dragon age\bin_ship\daupdatersvc.service.exe | "{A51D8541-7BBA-44A7-A8EF-1CE627D66CF2}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe | "{A6CBFC0F-12C2-4CAD-B71E-E0F881943B13}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{A7C53E1B-EBFD-4833-999D-3D6E60F555B9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{A9CB0A83-9B8E-40EF-94D7-A448F2F03295}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{AE8CB7EB-A5BD-4388-87D9-5E39A9B68FDD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{AF7BD868-51C2-425A-BE85-45D3D49C13F4}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\jade empire\jadeempireconfig.exe | "{AFDF1626-B796-4F8C-82CF-F3E4A7D3EBB3}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\mount and blade\runme.exe | "{B622E441-F0CE-4EC9-89B6-0631F0CB0181}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{B6926AFB-F7EC-41B8-A859-563EAD80FD39}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{BB95EAFE-32A7-4223-8E53-1ED9F653748F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{BFD27AA4-0428-4047-A445-D7D6B433024C}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\trine\trine_launcher.exe | "{C407EABB-802B-4EB3-AC2D-EF6B4D3330F8}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\overlord\config.exe | "{C42E0C06-C5C9-4D0C-960B-7E704F271149}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C4CF93FF-6026-40AE-B43B-0A75438039A8}" = protocol=58 | dir=in | app=system | "{C539C4D0-286E-409A-B431-016A2351CD12}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{C5C89807-59E2-4B26-BDC3-9F371B1DAE65}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\eets\eets.exe | "{C5E2AA1E-6C2A-4F6D-AE68-86675A02C6AB}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe | "{C97D455F-257F-49D5-A18F-28F93B3A92A4}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\king arthur - the role-playing wargame\kingarthur.exe | "{C99C4216-F5A9-4644-AD1A-F320EB77B8F7}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\zombie driver\release\zombiedriver.exe | "{C9A4F6CF-48D8-4F8B-89B3-8B2662F5F11C}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\mrrobot\mrrobot.exe | "{CB06D8DE-C215-4C48-A298-4ED02146442B}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{CC9EE306-51C7-4261-9184-BBDFA30C6DB9}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe | "{D55A7721-B0F3-4D70-BC74-C2A247246A7E}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{DAA1371A-6BF1-4FBB-9FA7-766309AC5979}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\loom\loom.exe | "{DDA6FE0F-44C6-4D16-8C0D-8F4B4BF6C875}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe | "{E0367CEC-6BFF-43ED-8BD1-7DE4008AAC16}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\mount and blade\runme.exe | "{E0A145F7-3775-4529-9D76-0B707348D81C}" = protocol=6 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe | "{E0B5D082-62B6-4071-A15A-8E471A3B84CF}" = protocol=17 | dir=in | app=d:\games\dragon age\bin_ship\daupdatersvc.service.exe | "{E3A7A047-BF1D-400F-9754-375547B78FEE}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\jade empire\jadeempirelauncher.exe | "{E666D8A5-1A3F-4375-A1D0-667A334A2E61}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\overlord\overlord.exe | "{E6DF10B5-B0A8-4576-906D-3C872220B42A}" = protocol=17 | dir=in | app=d:\games\dragon age\daoriginslauncher.exe | "{E9377814-724E-4AA7-A6C4-ABD9A072E51C}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\mrrobot\mrrobot.exe | "{EBEE1B21-83A2-407C-9DB6-F4A2631388EA}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\titan quest immortal throne\tqit.exe | "{F29FEA70-4BA9-47F9-9744-2A8DE9EF30C1}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\toki tori\tokitori.exe | "{F46179D6-2FBD-4A3C-97F2-0CF1AECBA7F8}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\king arthur - the role-playing wargame\kingarthurmulti.exe | "{F61A1B87-7817-4406-87C9-7EFAC9F96A0A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\titan quest\titan quest.exe | "{F9156FB0-A428-4CA4-B160-33895E37FBEB}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | "{F96437DD-36DB-4995-AB83-097811C91F09}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\crayon physics deluxe\launcher.exe | "{FAC1BF56-3AF2-41C5-BAED-1171319622DA}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\everyday shooter\everydayshooter.exe | "{FF387FD4-73AD-4A1B-8327-DACA11F59AB2}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe | "TCP Query User{01D048B2-330A-4B17-AB35-D61683103419}D:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "TCP Query User{0634EB32-770A-4839-AE05-A1F4C9D2CFE7}D:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "TCP Query User{1CA7137E-85FD-494D-B612-176037D4BC87}D:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe | "TCP Query User{23634A28-76B0-459C-8809-DBFC2C1D92DB}D:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "TCP Query User{57F68C1F-639C-4F0A-9172-804A80884195}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{59D67052-E312-45C0-A9F6-04FE05B200FB}C:\program files\toshiba\bluetooth toshiba stack\tosbtpcs.exe" = protocol=6 | dir=in | app=c:\program files\toshiba\bluetooth toshiba stack\tosbtpcs.exe | "TCP Query User{83839054-B29F-4D13-AB08-9540A83846E2}D:\games\wow trial\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\games\wow trial\world of warcraft\launcher.exe | "TCP Query User{CD1CB482-F202-40E8-AED7-145C3E19E056}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "UDP Query User{07E70B59-01CD-447D-A57F-9B4CFC5F1878}D:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe | "UDP Query User{16C34ADA-7DC9-4423-BD7C-5319FFD8DC1F}D:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "UDP Query User{1B0A8096-BFA1-4682-A3E9-88951997B871}D:\games\wow trial\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\games\wow trial\world of warcraft\launcher.exe | "UDP Query User{1E59D754-6C47-4866-87A0-184F8AB81166}D:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "UDP Query User{9C410D93-9A8A-4566-85C6-7B0D651A25AD}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{B855CBA2-D46D-44AB-B3F8-9FD784A97078}D:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "UDP Query User{BE546141-0981-450C-8A27-1C918371978F}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "UDP Query User{D9A381A3-32B0-4EEB-9404-6AC36A6CC2E6}C:\program files\toshiba\bluetooth toshiba stack\tosbtpcs.exe" = protocol=17 | dir=in | app=c:\program files\toshiba\bluetooth toshiba stack\tosbtpcs.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0F667427-AD37-4089-A4A2-15AF5E44CACD}" = O2Micro Flash Memory Card Reader Driver (x86) "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 21 "{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer
-
Here is the combofix log ComboFix 10-12-02.06 - Jaye 2/2010 Tue 0:08.1.2 - x86 Running from: c:\users\Jaye\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Jaye\AppData\Roaming\Desktopicon c:\users\Jaye\AppData\Roaming\Desktopicon\eBayShortcuts.exe . ((((((((((((((((((((((((( Files Created from 2010-11-06 to 2010-12-06 ))))))))))))))))))))))))))))))) . 2010-12-06 13:26 . 2010-12-06 13:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-12-04 03:13 . 2010-12-04 03:13 -------- d-----w- c:\windows\system32\MustBeRandomlyNamed 2010-12-01 23:47 . 2010-12-01 23:47 -------- d-----w- C:\TDSSKiller_Quarantine 2010-11-30 15:24 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{526C7BCB-F47A-41EC-932F-CD43451FFB34}\mpengine.dll 2010-11-18 01:01 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-26 08:53 . 2009-08-18 01:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2010-11-26 08:53 . 2009-08-18 01:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2010-10-18 23:41 . 2009-10-06 06:27 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-13 13:56 . 2010-11-02 18:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2010-09-08 17:23 . 2010-11-02 18:37 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-09-08 17:07 . 2010-11-02 18:37 834048 ----a-w- c:\windows\system32\wininet.dll 2010-09-08 15:23 . 2010-11-02 18:37 389632 ----a-w- c:\windows\system32\html.iec 2010-09-07 15:12 . 2010-07-01 14:41 38848 ----a-w- c:\windows\avastSS.scr 2010-09-07 15:11 . 2010-04-28 15:07 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-09-07 14:52 . 2010-04-28 15:08 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-09-07 14:52 . 2010-04-28 15:08 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-09-07 14:47 . 2010-04-28 15:08 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-09-07 14:47 . 2010-04-28 15:08 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-09-07 14:47 . 2010-04-28 15:08 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-28 2938552] "Steam"="d:\program files\steam\steam.exe" [2010-09-04 1242448] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Mobile Partner"="d:\program files\3 Mobile Broadband\3 Mobile Broadband.exe" [2010-06-26 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-31 13601312] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-31 92704] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-12 6687264] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-01-16 708608] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912] "QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992] "ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-11-12 1833504] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-25 25832] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-08 113664] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224] R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752] R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-09 721904] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768] S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2008-11-05 159744] S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-07-03 9216] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-28 54784] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-24 45600] S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-07-15 51288] S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608] S3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\DRIVERS\RLVrtAuCbl.sys [2007-03-19 31616] --- Other Services/Drivers In Memory --- *NewlyCreated* - NORMANDY *Deregistered* - Normandy [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ask.com?o=14200&l=dis IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . - - - - ORPHANS REMOVED - - - - HKCU-Run-AdobeBridge - (no file) HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe HKLM-Run-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-07 00:28 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2010-12-07 00:46:46 ComboFix-quarantined-files.txt 2010-12-06 13:46 Pre-Run: 119,111,680 bytes free Post-Run: 1,271,881,728 bytes free Current=1 Default=1 Failed=0 LastKnownGood=12 Sets=1,3,4,6,7,8,9,10,11,12 - - End Of File - - 5863F3812354099FA611D547763CFE53
-
RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows Vista Version 6.0.6002 (Service Pack 2) Number of processors #2 ============================================== >Drivers ============================================== 0x8F008000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7434240 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 179.19 ) 0x82E37000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System) 0x82E37000 PnpManager 3903488 bytes 0x82E37000 RAW 3903488 bytes 0x82E37000 WMIxWDM 3903488 bytes 0x8FC08000 C:\Windows\system32\drivers\RTKVHDA.sys 2232320 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver) 0x99490000 Win32k 2109440 bytes 0x99490000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0x8B405000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver) 0x8B00D000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver) 0x8FE29000 C:\Windows\system32\DRIVERS\AGRSM.sys 1028096 bytes (Agere Systems, SoftModem Device Driver) 0x8B20D000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver) 0x804D8000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module) 0xA5E08000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver) 0x8B312000 C:\Windows\System32\Drivers\dump_iaStor.sys 843776 bytes 0x8AE01000 C:\Windows\system32\DRIVERS\iaStor.sys 843776 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32) 0x82848000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor) 0x8F71F000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel) 0x8FA06000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver) 0x90233000 C:\Windows\system32\DRIVERS\vsdatant.sys 569344 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver) 0x80603000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic) 0x8AF37000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0x8040E000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library) 0x8294F000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack) 0x9CCA5000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver) 0x996E0000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0x80735000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver) 0x805B8000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x8068C000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT) 0x9CCF3000 C:\Windows\system32\DRIVERS\atksgt.sys 274432 bytes 0x80497000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver) 0x8FBB4000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver) 0x8B17E000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0x902F5000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0x8B143000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem) 0x9CC2C000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr) 0x8B515000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0x8280E000 C:\Windows\system32\drivers\aswMonFlt.sys 225280 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista) 0x8078F000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB) 0x82E04000 ACPI_HAL 208896 bytes 0x82E04000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0x8AEF5000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0x90201000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver) 0x8FB85000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver) 0x8B1BC000 C:\Windows\system32\DRIVERS\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0x8B118000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider) 0x8AFCD000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library) 0x82908000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver) 0xA5F81000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver) 0x9CC7D000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver) 0x90352000 C:\Windows\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module) 0x8B565000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache) 0x806E3000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0x8FADD000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver) 0x8AFA8000 C:\Windows\system32\DRIVERS\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0x8B59D000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll) 0x807D8000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0x8FF8A000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver) 0x9CC0D000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0x8AED7000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension) 0x829BC000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver) 0x8B2F7000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API) 0x903BF000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver) 0xA5F2B000 C:\Windows\system32\DRIVERS\ewusbmdm.sys 106496 bytes (Huawei Technologies Co., Ltd., USB Modem/Serial Device Driver) 0x829D9000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver) 0xA5F12000 C:\Windows\system32\DRIVERS\ewusbdev.sys 102400 bytes (Huawei Technologies Co., Ltd., USB Modem/Serial Device Driver) 0x8FB5D000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0x8FB45000 C:\Windows\system32\DRIVERS\enecir.sys 98304 bytes (ENE TECHNOLOGY INC., ENE CIR Driver for eHome) 0x9CC65000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector) 0x9033B000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver) 0x90379000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver) 0xA5EFC000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver) 0x902BE000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler) 0x8FFDD000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver) 0x903DA000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver) 0x8B5E3000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager) 0xA5F6C000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver) 0xA5FB8000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector) 0x807C4000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver) 0x8FB0F000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver) 0x8293C000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6) 0x902E2000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0xA5FCD000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver) 0x8B58C000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver) 0x8047E000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver) 0x8AF27000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver) 0x8FF3F000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library) 0x828F8000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver) 0x8077F000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager) 0x8FAB5000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver) 0x8B3E0000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver) 0x8FB75000 C:\Windows\System32\Drivers\tosrfcom.sys 65536 bytes (TOSHIBA Corporation, Bluetooth RFCOMM Driver) 0x8B5D4000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver) 0xA5FA9000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver) 0x8B556000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0x8070A000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver) 0x8F7D7000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0x80726000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver) 0x8FAC5000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver) 0x996D0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver) 0x8F7F1000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome) 0x902D4000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver) 0x8FFC6000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver) 0x8FF26000 C:\Windows\system32\drivers\nvhda32v.sys 57344 bytes (NVIDIA Corporation, NVIDIA HDMI Audio Driver) 0x90399000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver) 0x8FAA3000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver) 0x8B200000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator) 0x8067F000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR) 0x8FB03000 C:\Windows\system32\DRIVERS\o2media.sys 49152 bytes (O2Micro , o2media) 0xA5EF0000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver) 0x8FF7E000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0x8F7C0000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver) 0x8FF34000 C:\Windows\system32\DRIVERS\hidir.sys 45056 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices) 0x8FB22000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver) 0x8FB2D000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver) 0x8FFBB000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver) 0x8F7E6000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0x8FBF5000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper) 0x8B1E9000 C:\Windows\system32\DRIVERS\tosporte.sys 45056 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth Port Emulation Driver) 0x8F7CC000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0x8FFF3000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver) 0x8071C000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver) 0x903A6000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver) 0x8B3F0000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver) 0x82932000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver) 0x90331000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy) 0x8FAD3000 C:\Windows\system32\DRIVERS\o2sd.sys 40960 bytes (O2Micro , O2Micro SD Reader Driver) 0xA5EE6000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver) 0x8B5BE000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver) 0x8FF67000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver) 0x90390000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices) 0x8FF56000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver) 0xA5FE6000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0x8FFD4000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0x996B0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver) 0x8FB3C000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI) 0x806D2000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0x8AECF000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver) 0x8048F000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver) 0x8FF5F000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver) 0x806DB000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver) 0x8FFAB000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport) 0x8FFB3000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport) 0x8FA93000 C:\Windows\system32\DRIVERS\RLVrtAuCbl.sys 32768 bytes 0x8FA9B000 C:\Windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver) 0x8B54E000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor) 0x8FF77000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver) 0x8FF4F000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0x80407000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0xA5FDF000 C:\Users\Jaye\AppData\Local\Temp\mbr.sys 28672 bytes 0x8FF70000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver) 0x8FC00000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver) 0x9CD36000 C:\Windows\system32\DRIVERS\lirsgt.sys 20480 bytes 0x8FB38000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver) 0x82845000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver) 0x80719000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver) 0x8FAB0000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0x8FF24000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) ============================================== >Stealth ============================================== 0x00D00000 Hidden Image-->VMC.ConnectionServicesInterface.dll [ EPROCESS 0x86F19980 ] PID: 2172, 176128 bytes 0x00CD0000 Hidden Image-->VMC.BaseServices.DataAccessor.dll [ EPROCESS 0x86F19980 ] PID: 2172, 184320 bytes 0x00D30000 Hidden Image-->VMC.BaseServices.Platform.dll [ EPROCESS 0x86F19980 ] PID: 2172, 290816 bytes 0x00BA0000 Hidden Image-->VMC.WindowsService.Messaging.dll [ EPROCESS 0x86F19980 ] PID: 2172, 36864 bytes 0x00AF0000 Hidden Image-->VMC.WindowsService.Core.dll [ EPROCESS 0x86F19980 ] PID: 2172, 94208 bytes
-
OTL logfile created on: 4/12/2010 1:59:13 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Jaye\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 43.95 Gb Total Space | 0.93 Gb Free Space | 2.12% Space Free | Partition Type: NTFS Drive D: | 246.33 Gb Total Space | 0.64 Gb Free Space | 0.26% Space Free | Partition Type: NTFS Drive E: | 14.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive G: | 1.84 Gb Total Space | 0.72 Gb Free Space | 39.31% Space Free | Partition Type: FAT Computer Name: JAYE-PC | User Name: Jaye | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010/12/04 13:43:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jaye\Desktop\OTL.exe PRC - [2010/09/08 02:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010/06/27 03:09:15 | 000,110,592 | ---- | M] () -- D:\Program Files\3 Mobile Broadband\3 Mobile Broadband.exe PRC - [2010/06/23 14:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe PRC - [2010/06/23 14:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010/03/27 06:01:26 | 014,090,688 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe PRC - [2010/02/22 05:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe PRC - [2009/07/03 11:40:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/04/11 17:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/01/17 07:58:56 | 000,708,608 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe PRC - [2008/11/12 14:42:42 | 006,687,264 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2008/11/06 03:21:04 | 000,159,744 | ---- | M] (Micro-Star Int'l Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe PRC - [2008/05/24 10:07:00 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2008/05/23 16:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2008/05/14 12:45:04 | 000,357,704 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2008/04/16 11:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008/04/16 11:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008/04/15 17:05:40 | 002,979,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2008/04/01 13:08:50 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2008/01/21 13:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007/09/29 10:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe PRC - [2007/02/12 19:43:00 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe ========== Modules (SafeList) ========== MOD - [2010/12/04 13:43:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jaye\Desktop\OTL.exe MOD - [2010/09/01 02:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/09/05 10:21:42 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/06/23 14:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010/03/29 20:40:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/09/25 12:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009/07/03 11:40:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008/11/06 03:21:04 | 000,159,744 | ---- | M] (Micro-Star Int'l Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2008/05/23 16:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2008/04/16 11:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2008/01/21 13:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/02/12 19:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\smserial.sys -- (smserial) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ewusbfake.sys -- (hwusbfake) DRV - [2010/09/08 01:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010/09/08 01:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010/09/08 01:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010/09/08 01:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2010/09/08 01:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010/05/15 17:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2010/04/29 16:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2010/03/16 19:55:13 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010/03/16 19:55:13 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009/12/08 21:19:22 | 000,113,664 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009/12/07 20:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009/10/12 16:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009/08/09 22:17:13 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2008/11/11 20:15:12 | 002,236,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/10/31 14:00:00 | 007,431,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/09/24 19:09:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008/07/28 18:53:00 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008/07/15 19:38:00 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR) DRV - [2008/06/28 06:06:28 | 000,041,728 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2008/06/12 12:28:00 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR) DRV - [2008/05/14 10:16:06 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2008/05/02 16:59:00 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/04/29 04:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2008/04/28 09:29:00 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel® DRV - [2008/04/24 11:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2008/04/16 11:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2008/03/26 07:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2008/03/20 05:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2008/01/23 14:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2008/01/21 13:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/21 13:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/21 13:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/21 13:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/21 13:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/21 13:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008/01/21 13:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/21 13:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/21 13:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/21 13:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2008/01/21 13:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/21 13:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/21 13:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/21 13:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/21 13:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/21 13:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/21 13:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/21 13:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/21 13:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/21 13:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/21 13:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/21 13:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/21 13:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/21 13:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/21 13:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007/12/27 12:17:14 | 000,021,760 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2007/12/27 12:15:30 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2007/12/27 12:14:26 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2007/11/30 03:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2007/03/19 17:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio) DRV - [2006/11/02 20:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 20:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 20:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 20:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 20:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 20:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 20:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 20:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 20:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 20:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 20:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 19:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 19:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 19:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 19:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 19:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 19:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 18:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006/11/02 18:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2005/01/07 23:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com IE - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14200&l=dis IE - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010/06/15 15:16:22 | 000,001,796 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 125.252.224.90 O1 - Hosts: 127.0.0.1 125.252.224.91 O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000..\Run: [Mobile Partner] D:\Program Files\3 Mobile Broadband\3 Mobile Broadband.exe () O4 - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000..\Run: [steam] d:\program files\steam\steam.exe (Valve Corporation) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - D:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software) O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - D:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software) O13 - gopher Prefix: missing O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/19 08:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/08/24 05:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008/05/29 12:48:52 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{3ffb37b6-dd0f-11df-a039-0024216c61f5}\Shell - "" = AutoRun O33 - MountPoints2\{3ffb37b6-dd0f-11df-a039-0024216c61f5}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found O33 - MountPoints2\{4473788b-c3dd-11de-9aff-0024216c61f5}\Shell\AutoRun\command - "" = a2g21.exe O33 - MountPoints2\{4473788b-c3dd-11de-9aff-0024216c61f5}\Shell\open\Command - "" = a2g21.exe O33 - MountPoints2\{554b5f5d-d9b5-11de-b8c3-001e101fcbf4}\Shell - "" = AutoRun O33 - MountPoints2\{554b5f5d-d9b5-11de-b8c3-001e101fcbf4}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{79a3eda6-791a-11df-86e0-0024216c61f5}\Shell - "" = AutoRun O33 - MountPoints2\{79a3eda6-791a-11df-86e0-0024216c61f5}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{79a3edb2-791a-11df-86e0-0024216c61f5}\Shell - "" = AutoRun O33 - MountPoints2\{79a3edb2-791a-11df-86e0-0024216c61f5}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{7b8c77a1-94da-11df-973c-0022fba99af0}\Shell - "" = AutoRun O33 - MountPoints2\{7b8c77a1-94da-11df-973c-0022fba99af0}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 05:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{f1c2f763-d754-11de-9c17-0024216c61f5}\Shell - "" = AutoRun O33 - MountPoints2\{f1c2f763-d754-11de-9c17-0024216c61f5}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{f1c2f76b-d754-11de-9c17-001e101f2a27}\Shell - "" = AutoRun O33 - MountPoints2\{f1c2f76b-d754-11de-9c17-001e101f2a27}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/12/04 13:44:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jaye\Desktop\OTL.exe [2010/12/02 10:47:13 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2010/11/29 21:19:15 | 000,000,000 | ---D | C] -- C:\Users\Jaye\Desktop\New Folder (4) [2010/11/19 21:38:59 | 000,000,000 | ---D | C] -- C:\Users\Jaye\Desktop\New Folder (3) [2010/11/18 12:08:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010/11/12 12:46:12 | 000,000,000 | ---D | C] -- C:\Users\Jaye\Desktop\CrossOverCon.pdf [2010/11/11 05:19:48 | 000,000,000 | ---D | C] -- C:\Users\Jaye\Desktop\Professor Green - Alive Till Im Dead!www.MusicPlaaza.com! [2008/08/14 08:14:14 | 000,996,720 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp000130616 [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/12/04 13:47:28 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/12/04 13:47:28 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/12/04 13:43:28 | 000,629,057 | ---- | M] () -- C:\Users\Jaye\Desktop\RkU3.8.388.590.rar [2010/12/04 13:43:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jaye\Desktop\OTL.exe [2010/12/04 12:57:59 | 000,073,040 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010/12/04 12:57:59 | 000,073,040 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010/12/04 12:57:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/12/02 15:34:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/12/02 15:34:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/12/02 13:34:07 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys [2010/12/02 13:34:06 | 324,951,513 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/12/02 13:20:38 | 000,000,176 | ---- | M] () -- C:\Users\Jaye\defogger_reenable [2010/12/02 13:16:58 | 000,296,448 | ---- | M] () -- C:\Users\Jaye\Desktop\ytx2k2rm.exe [2010/12/02 13:16:36 | 000,050,477 | ---- | M] () -- C:\Users\Jaye\Desktop\Defogger.exe [2010/12/02 13:16:28 | 000,630,272 | ---- | M] () -- C:\Users\Jaye\Desktop\dds.scr [2010/12/02 03:27:53 | 000,001,356 | ---- | M] () -- C:\Users\Jaye\AppData\Local\d3d9caps.dat [2010/12/01 16:16:57 | 003,973,792 | ---- | M] () -- C:\Users\Jaye\Desktop\02 Again & Again.mp3 [2010/12/01 13:21:48 | 005,863,552 | ---- | M] () -- C:\Users\Jaye\Desktop\Wonder Girls - Irony.mp3 [2010/12/01 13:21:48 | 000,168,364 | ---- | M] () -- C:\Users\Jaye\Desktop\Wonder Girls - Irony.mp3.sfk [2010/12/01 02:37:48 | 000,175,104 | ---- | M] () -- C:\Users\Jaye\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/30 21:29:50 | 000,161,513 | ---- | M] () -- C:\Users\Jaye\Desktop\Application for Australian Business Number.mht [2010/11/30 19:27:16 | 000,349,806 | ---- | M] () -- C:\Users\Jaye\Desktop\pop_101105_b.jpg [2010/11/30 17:39:53 | 008,753,292 | ---- | M] () -- C:\Users\Jaye\Desktop\pokitpalad.ai [2010/11/30 17:36:09 | 000,395,229 | ---- | M] () -- C:\Users\Jaye\Desktop\crossoverad.png [2010/11/30 17:34:50 | 000,042,095 | ---- | M] () -- C:\Users\Jaye\Desktop\pokitpalad.png [2010/11/30 04:08:32 | 000,014,623 | ---- | M] () -- C:\Users\Jaye\Desktop\price.xlsx [2010/11/30 02:43:55 | 003,331,504 | ---- | M] () -- C:\Users\Jaye\Desktop\Tom Jones - Sex Bomb.mp3 [2010/11/29 14:33:57 | 000,058,274 | ---- | M] () -- C:\Users\Jaye\Desktop\PokitPal_Specs.pdf [2010/11/27 12:38:18 | 000,318,267 | ---- | M] () -- C:\Users\Jaye\Desktop\jo1.png [2010/11/26 23:24:34 | 000,028,672 | ---- | M] () -- C:\Users\Jaye\Desktop\Multidate_adventure_passport_intro.doc [2010/11/26 23:23:04 | 002,798,592 | ---- | M] () -- C:\Users\Jaye\Desktop\GG18338_-_Crossover_Dance_Studios.doc [2010/11/25 23:51:05 | 000,264,543 | ---- | M] () -- C:\Users\Jaye\Desktop\bboy workshops2.png [2010/11/24 17:42:43 | 003,748,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/11/23 00:14:22 | 008,450,615 | ---- | M] () -- C:\Users\Jaye\Desktop\nicola.mp3 [2010/11/19 21:37:07 | 015,166,206 | ---- | M] () -- C:\Users\Jaye\Desktop\tmb 19-11-10.wmv [2010/11/18 21:58:12 | 000,208,208 | ---- | M] () -- C:\Users\Jaye\Desktop\united096.jpg [2010/11/16 10:47:19 | 001,147,473 | ---- | M] () -- C:\Users\Jaye\Desktop\funktion.ai [2010/11/15 00:59:09 | 001,364,522 | ---- | M] () -- C:\Users\Jaye\Desktop\wrar393.exe [2010/11/14 22:01:51 | 007,334,440 | ---- | M] () -- C:\Users\Jaye\Desktop\robrich.wmv [2010/11/14 17:17:36 | 002,730,469 | ---- | M] () -- C:\Users\Jaye\Desktop\pania012.jpg [2010/11/14 17:17:14 | 000,002,743 | ---- | M] () -- C:\Users\Jaye\Desktop\Inv00000411.pdf [2010/11/14 16:05:41 | 000,032,463 | ---- | M] () -- C:\Users\Jaye\Desktop\funktion2.png [2010/11/13 20:03:01 | 000,028,628 | ---- | M] () -- C:\Users\Jaye\Desktop\funktion.png [2010/11/13 12:37:13 | 008,855,559 | ---- | M] () -- C:\Users\Jaye\Desktop\aaliyah - rock the boat.mp3 [2010/11/12 15:32:21 | 000,008,115 | ---- | M] () -- C:\Users\Jaye\Desktop\Dimensions Of A Paper Sizes - A0, A1, A2, A3, A4, A5, A6, A7, A8, A9, A10 - In Inches & mm.mht [2010/11/12 12:45:59 | 000,000,213 | ---- | M] () -- C:\Users\Jaye\AppData\Roaming\onyx 3 preferences [2010/11/11 03:52:34 | 001,622,345 | ---- | M] () -- C:\Users\Jaye\Desktop\Amazing Photoshop light effect in 10 Steps _ Abduzeedo _ Graphic Design Inspiration and Photoshop Tutorials.mht [2010/11/09 17:23:52 | 000,059,392 | ---- | M] () -- C:\Users\Jaye\Desktop\Untitled.MSWMM [2010/11/09 16:03:32 | 000,133,632 | ---- | M] () -- C:\Users\Jaye\Desktop\application_for_Audition[kor_eg].doc [2010/11/04 15:43:25 | 000,000,165 | -H-- | M] () -- C:\Users\Jaye\Desktop\~$price (Autosaved).xlsx [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/12/04 13:44:42 | 000,629,057 | ---- | C] () -- C:\Users\Jaye\Desktop\RkU3.8.388.590.rar [2010/12/02 13:27:09 | 000,296,448 | ---- | C] () -- C:\Users\Jaye\Desktop\ytx2k2rm.exe [2010/12/02 13:27:05 | 000,630,272 | ---- | C] () -- C:\Users\Jaye\Desktop\dds.scr [2010/12/02 13:20:04 | 000,000,176 | ---- | C] () -- C:\Users\Jaye\defogger_reenable [2010/12/02 13:19:39 | 000,050,477 | ---- | C] () -- C:\Users\Jaye\Desktop\Defogger.exe [2010/12/02 12:17:32 | 3220,340,736 | -HS- | C] () -- C:\hiberfil.sys [2010/12/01 16:15:59 | 003,973,792 | ---- | C] () -- C:\Users\Jaye\Desktop\02 Again & Again.mp3 [2010/12/01 13:21:31 | 000,168,364 | ---- | C] () -- C:\Users\Jaye\Desktop\Wonder Girls - Irony.mp3.sfk [2010/12/01 13:20:25 | 005,863,552 | ---- | C] () -- C:\Users\Jaye\Desktop\Wonder Girls - Irony.mp3 [2010/11/30 21:29:49 | 000,161,513 | ---- | C] () -- C:\Users\Jaye\Desktop\Application for Australian Business Number.mht [2010/11/30 19:27:15 | 000,349,806 | ---- | C] () -- C:\Users\Jaye\Desktop\pop_101105_b.jpg [2010/11/30 17:39:42 | 008,753,292 | ---- | C] () -- C:\Users\Jaye\Desktop\pokitpalad.ai [2010/11/30 17:36:02 | 000,395,229 | ---- | C] () -- C:\Users\Jaye\Desktop\crossoverad.png [2010/11/30 17:34:45 | 000,042,095 | ---- | C] () -- C:\Users\Jaye\Desktop\pokitpalad.png [2010/11/30 15:28:12 | 008,450,615 | ---- | C] () -- C:\Users\Jaye\Desktop\nicola.mp3 [2010/11/30 02:42:27 | 003,331,504 | ---- | C] () -- C:\Users\Jaye\Desktop\Tom Jones - Sex Bomb.mp3 [2010/11/26 23:24:34 | 000,028,672 | ---- | C] () -- C:\Users\Jaye\Desktop\Multidate_adventure_passport_intro.doc [2010/11/26 23:23:03 | 002,798,592 | ---- | C] () -- C:\Users\Jaye\Desktop\GG18338_-_Crossover_Dance_Studios.doc [2010/11/25 23:50:54 | 000,264,543 | ---- | C] () -- C:\Users\Jaye\Desktop\bboy workshops2.png [2010/11/19 21:36:15 | 015,166,206 | ---- | C] () -- C:\Users\Jaye\Desktop\tmb 19-11-10.wmv [2010/11/18 21:58:12 | 000,208,208 | ---- | C] () -- C:\Users\Jaye\Desktop\united096.jpg [2010/11/16 22:21:57 | 000,318,267 | ---- | C] () -- C:\Users\Jaye\Desktop\jo1.png [2010/11/15 00:58:59 | 001,364,522 | ---- | C] () -- C:\Users\Jaye\Desktop\wrar393.exe [2010/11/14 21:58:03 | 007,334,440 | ---- | C] () -- C:\Users\Jaye\Desktop\robrich.wmv [2010/11/14 18:19:44 | 000,058,274 | ---- | C] () -- C:\Users\Jaye\Desktop\PokitPal_Specs.pdf [2010/11/14 17:17:14 | 000,002,743 | ---- | C] () -- C:\Users\Jaye\Desktop\Inv00000411.pdf [2010/11/14 17:17:09 | 002,730,469 | ---- | C] () -- C:\Users\Jaye\Desktop\pania012.jpg [2010/11/14 16:05:36 | 000,032,463 | ---- | C] () -- C:\Users\Jaye\Desktop\funktion2.png [2010/11/14 12:39:42 | 001,147,473 | ---- | C] () -- C:\Users\Jaye\Desktop\funktion.ai [2010/11/13 20:02:36 | 000,028,628 | ---- | C] () -- C:\Users\Jaye\Desktop\funktion.png [2010/11/13 12:35:19 | 008,855,559 | ---- | C] () -- C:\Users\Jaye\Desktop\aaliyah - rock the boat.mp3 [2010/11/12 15:32:20 | 000,008,115 | ---- | C] () -- C:\Users\Jaye\Desktop\Dimensions Of A Paper Sizes - A0, A1, A2, A3, A4, A5, A6, A7, A8, A9, A10 - In Inches & mm.mht [2010/11/11 04:57:36 | 001,622,345 | ---- | C] () -- C:\Users\Jaye\Desktop\Amazing Photoshop light effect in 10 Steps _ Abduzeedo _ Graphic Design Inspiration and Photoshop Tutorials.mht [2010/11/09 17:22:12 | 000,059,392 | ---- | C] () -- C:\Users\Jaye\Desktop\Untitled.MSWMM [2010/11/09 16:03:32 | 000,133,632 | ---- | C] () -- C:\Users\Jaye\Desktop\application_for_Audition[kor_eg].doc [2010/11/04 15:43:25 | 000,000,165 | -H-- | C] () -- C:\Users\Jaye\Desktop\~$price (Autosaved).xlsx [2010/06/03 08:01:35 | 000,001,356 | ---- | C] () -- C:\Users\Jaye\AppData\Local\d3d9caps.dat [2010/04/29 14:04:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/03/16 19:55:13 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010/03/16 19:55:13 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010/02/02 01:18:54 | 000,000,213 | ---- | C] () -- C:\Users\Jaye\AppData\Roaming\onyx 3 preferences [2009/12/31 00:55:07 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/09/24 17:40:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/08 03:49:34 | 000,175,104 | ---- | C] () -- C:\Users\Jaye\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/07 17:58:18 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/06/16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2009/04/08 06:08:28 | 000,073,040 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/04/08 06:05:29 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2009/04/08 05:33:38 | 000,073,040 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007/12/22 10:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006/11/02 23:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 18:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005/07/23 15:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll ========== LOP Check ========== [2010/09/14 00:34:28 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\.minecraft [2010/08/04 14:40:51 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Any Video Converter [2010/06/20 03:20:55 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Braid [2010/06/20 03:18:46 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Broken Rules [2010/06/20 03:38:16 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Crayon Physics Deluxe [2009/08/09 22:26:21 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\DAEMON Tools Lite [2010/08/17 08:01:39 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Desktopicon [2009/12/09 02:58:09 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\FrostWire [2010/06/07 23:01:30 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\GetRightToGo [2009/09/14 06:01:18 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\LG Electronics [2010/06/20 03:23:56 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Mount&Blade [2009/10/19 15:42:16 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\NetMedia Providers [2010/01/25 00:38:26 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Nifflas [2010/04/29 12:52:53 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Opera [2009/10/19 15:42:16 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Publish Providers [2009/08/31 02:00:04 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Red Alert 3 [2009/10/24 06:14:10 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Red Alert 3 Uprising [2009/11/21 22:52:54 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\runic games [2009/09/16 01:33:06 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\ScummVM [2009/10/19 15:42:15 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Sony [2010/03/16 19:58:20 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Ubisoft [2010/07/30 14:56:52 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\uTorrent [2009/11/24 16:24:29 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Vodafone [2010/07/03 16:58:47 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\ZombieDriver [2010/11/18 12:22:06 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
-
OTL logfile created on: 4/12/2010 1:59:13 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Jaye\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 43.95 Gb Total Space | 0.93 Gb Free Space | 2.12% Space Free | Partition Type: NTFS Drive D: | 246.33 Gb Total Space | 0.64 Gb Free Space | 0.26% Space Free | Partition Type: NTFS Drive E: | 14.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive G: | 1.84 Gb Total Space | 0.72 Gb Free Space | 39.31% Space Free | Partition Type: FAT Computer Name: JAYE-PC | User Name: Jaye | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010/12/04 13:43:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jaye\Desktop\OTL.exe PRC - [2010/09/08 02:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010/06/27 03:09:15 | 000,110,592 | ---- | M] () -- D:\Program Files\3 Mobile Broadband\3 Mobile Broadband.exe PRC - [2010/06/23 14:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe PRC - [2010/06/23 14:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010/03/27 06:01:26 | 014,090,688 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe PRC - [2010/02/22 05:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe PRC - [2009/07/03 11:40:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/04/11 17:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/01/17 07:58:56 | 000,708,608 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe PRC - [2008/11/12 14:42:42 | 006,687,264 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2008/11/06 03:21:04 | 000,159,744 | ---- | M] (Micro-Star Int'l Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe PRC - [2008/05/24 10:07:00 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2008/05/23 16:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2008/05/14 12:45:04 | 000,357,704 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2008/04/16 11:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008/04/16 11:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008/04/15 17:05:40 | 002,979,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2008/04/01 13:08:50 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2008/01/21 13:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007/09/29 10:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe PRC - [2007/02/12 19:43:00 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe ========== Modules (SafeList) ========== MOD - [2010/12/04 13:43:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jaye\Desktop\OTL.exe MOD - [2010/09/01 02:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/09/05 10:21:42 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/06/23 14:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010/03/29 20:40:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/09/25 12:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009/07/03 11:40:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008/11/06 03:21:04 | 000,159,744 | ---- | M] (Micro-Star Int'l Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2008/05/23 16:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2008/04/16 11:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2008/01/21 13:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/02/12 19:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\smserial.sys -- (smserial) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ewusbfake.sys -- (hwusbfake) DRV - [2010/09/08 01:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010/09/08 01:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010/09/08 01:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010/09/08 01:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2010/09/08 01:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010/05/15 17:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2010/04/29 16:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2010/03/16 19:55:13 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010/03/16 19:55:13 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009/12/08 21:19:22 | 000,113,664 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009/12/07 20:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009/10/12 16:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009/08/09 22:17:13 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2008/11/11 20:15:12 | 002,236,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/10/31 14:00:00 | 007,431,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/09/24 19:09:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008/07/28 18:53:00 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008/07/15 19:38:00 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR) DRV - [2008/06/28 06:06:28 | 000,041,728 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2008/06/12 12:28:00 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR) DRV - [2008/05/14 10:16:06 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2008/05/02 16:59:00 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/04/29 04:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2008/04/28 09:29:00 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel® DRV - [2008/04/24 11:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2008/04/16 11:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2008/03/26 07:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2008/03/20 05:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2008/01/23 14:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2008/01/21 13:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/21 13:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/21 13:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/21 13:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/21 13:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/21 13:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008/01/21 13:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/21 13:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/21 13:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/21 13:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2008/01/21 13:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/21 13:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/21 13:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/21 13:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/21 13:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/21 13:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/21 13:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/21 13:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/21 13:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/21 13:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/21 13:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/21 13:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/21 13:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/21 13:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/21 13:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007/12/27 12:17:14 | 000,021,760 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2007/12/27 12:15:30 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2007/12/27 12:14:26 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2007/11/30 03:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2007/03/19 17:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio) DRV - [2006/11/02 20:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 20:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 20:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 20:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 20:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 20:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 20:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 20:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 20:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 20:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 20:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 19:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 19:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 19:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 19:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 19:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 19:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 18:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006/11/02 18:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2005/01/07 23:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com IE - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14200&l=dis IE - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010/06/15 15:16:22 | 000,001,796 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 125.252.224.90 O1 - Hosts: 127.0.0.1 125.252.224.91 O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000..\Run: [Mobile Partner] D:\Program Files\3 Mobile Broadband\3 Mobile Broadband.exe () O4 - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000..\Run: [steam] d:\program files\steam\steam.exe (Valve Corporation) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - D:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software) O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - D:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software) O13 - gopher Prefix: missing O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/19 08:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/08/24 05:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008/05/29 12:48:52 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{3ffb37b6-dd0f-11df-a039-0024216c61f5}\Shell - "" = AutoRun O33 - MountPoints2\{3ffb37b6-dd0f-11df-a039-0024216c61f5}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found O33 - MountPoints2\{4473788b-c3dd-11de-9aff-0024216c61f5}\Shell\AutoRun\command - "" = a2g21.exe O33 - MountPoints2\{4473788b-c3dd-11de-9aff-0024216c61f5}\Shell\open\Command - "" = a2g21.exe O33 - MountPoints2\{554b5f5d-d9b5-11de-b8c3-001e101fcbf4}\Shell - "" = AutoRun O33 - MountPoints2\{554b5f5d-d9b5-11de-b8c3-001e101fcbf4}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{79a3eda6-791a-11df-86e0-0024216c61f5}\Shell - "" = AutoRun O33 - MountPoints2\{79a3eda6-791a-11df-86e0-0024216c61f5}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{79a3edb2-791a-11df-86e0-0024216c61f5}\Shell - "" = AutoRun O33 - MountPoints2\{79a3edb2-791a-11df-86e0-0024216c61f5}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{7b8c77a1-94da-11df-973c-0022fba99af0}\Shell - "" = AutoRun O33 - MountPoints2\{7b8c77a1-94da-11df-973c-0022fba99af0}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 05:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{f1c2f763-d754-11de-9c17-0024216c61f5}\Shell - "" = AutoRun O33 - MountPoints2\{f1c2f763-d754-11de-9c17-0024216c61f5}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{f1c2f76b-d754-11de-9c17-001e101f2a27}\Shell - "" = AutoRun O33 - MountPoints2\{f1c2f76b-d754-11de-9c17-001e101f2a27}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/12/04 13:44:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jaye\Desktop\OTL.exe [2010/12/02 10:47:13 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2010/11/29 21:19:15 | 000,000,000 | ---D | C] -- C:\Users\Jaye\Desktop\New Folder (4) [2010/11/19 21:38:59 | 000,000,000 | ---D | C] -- C:\Users\Jaye\Desktop\New Folder (3) [2010/11/18 12:08:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010/11/12 12:46:12 | 000,000,000 | ---D | C] -- C:\Users\Jaye\Desktop\CrossOverCon.pdf [2010/11/11 05:19:48 | 000,000,000 | ---D | C] -- C:\Users\Jaye\Desktop\Professor Green - Alive Till Im Dead!www.MusicPlaaza.com! [2008/08/14 08:14:14 | 000,996,720 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp000130616 [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/12/04 13:47:28 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/12/04 13:47:28 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/12/04 13:43:28 | 000,629,057 | ---- | M] () -- C:\Users\Jaye\Desktop\RkU3.8.388.590.rar [2010/12/04 13:43:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jaye\Desktop\OTL.exe [2010/12/04 12:57:59 | 000,073,040 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010/12/04 12:57:59 | 000,073,040 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010/12/04 12:57:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/12/02 15:34:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/12/02 15:34:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/12/02 13:34:07 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys [2010/12/02 13:34:06 | 324,951,513 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/12/02 13:20:38 | 000,000,176 | ---- | M] () -- C:\Users\Jaye\defogger_reenable [2010/12/02 13:16:58 | 000,296,448 | ---- | M] () -- C:\Users\Jaye\Desktop\ytx2k2rm.exe [2010/12/02 13:16:36 | 000,050,477 | ---- | M] () -- C:\Users\Jaye\Desktop\Defogger.exe [2010/12/02 13:16:28 | 000,630,272 | ---- | M] () -- C:\Users\Jaye\Desktop\dds.scr [2010/12/02 03:27:53 | 000,001,356 | ---- | M] () -- C:\Users\Jaye\AppData\Local\d3d9caps.dat [2010/12/01 16:16:57 | 003,973,792 | ---- | M] () -- C:\Users\Jaye\Desktop\02 Again & Again.mp3 [2010/12/01 13:21:48 | 005,863,552 | ---- | M] () -- C:\Users\Jaye\Desktop\Wonder Girls - Irony.mp3 [2010/12/01 13:21:48 | 000,168,364 | ---- | M] () -- C:\Users\Jaye\Desktop\Wonder Girls - Irony.mp3.sfk [2010/12/01 02:37:48 | 000,175,104 | ---- | M] () -- C:\Users\Jaye\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/30 21:29:50 | 000,161,513 | ---- | M] () -- C:\Users\Jaye\Desktop\Application for Australian Business Number.mht [2010/11/30 19:27:16 | 000,349,806 | ---- | M] () -- C:\Users\Jaye\Desktop\pop_101105_b.jpg [2010/11/30 17:39:53 | 008,753,292 | ---- | M] () -- C:\Users\Jaye\Desktop\pokitpalad.ai [2010/11/30 17:36:09 | 000,395,229 | ---- | M] () -- C:\Users\Jaye\Desktop\crossoverad.png [2010/11/30 17:34:50 | 000,042,095 | ---- | M] () -- C:\Users\Jaye\Desktop\pokitpalad.png [2010/11/30 04:08:32 | 000,014,623 | ---- | M] () -- C:\Users\Jaye\Desktop\price.xlsx [2010/11/30 02:43:55 | 003,331,504 | ---- | M] () -- C:\Users\Jaye\Desktop\Tom Jones - Sex Bomb.mp3 [2010/11/29 14:33:57 | 000,058,274 | ---- | M] () -- C:\Users\Jaye\Desktop\PokitPal_Specs.pdf [2010/11/27 12:38:18 | 000,318,267 | ---- | M] () -- C:\Users\Jaye\Desktop\jo1.png [2010/11/26 23:24:34 | 000,028,672 | ---- | M] () -- C:\Users\Jaye\Desktop\Multidate_adventure_passport_intro.doc [2010/11/26 23:23:04 | 002,798,592 | ---- | M] () -- C:\Users\Jaye\Desktop\GG18338_-_Crossover_Dance_Studios.doc [2010/11/25 23:51:05 | 000,264,543 | ---- | M] () -- C:\Users\Jaye\Desktop\bboy workshops2.png [2010/11/24 17:42:43 | 003,748,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/11/23 00:14:22 | 008,450,615 | ---- | M] () -- C:\Users\Jaye\Desktop\nicola.mp3 [2010/11/19 21:37:07 | 015,166,206 | ---- | M] () -- C:\Users\Jaye\Desktop\tmb 19-11-10.wmv [2010/11/18 21:58:12 | 000,208,208 | ---- | M] () -- C:\Users\Jaye\Desktop\united096.jpg [2010/11/16 10:47:19 | 001,147,473 | ---- | M] () -- C:\Users\Jaye\Desktop\funktion.ai [2010/11/15 00:59:09 | 001,364,522 | ---- | M] () -- C:\Users\Jaye\Desktop\wrar393.exe [2010/11/14 22:01:51 | 007,334,440 | ---- | M] () -- C:\Users\Jaye\Desktop\robrich.wmv [2010/11/14 17:17:36 | 002,730,469 | ---- | M] () -- C:\Users\Jaye\Desktop\pania012.jpg [2010/11/14 17:17:14 | 000,002,743 | ---- | M] () -- C:\Users\Jaye\Desktop\Inv00000411.pdf [2010/11/14 16:05:41 | 000,032,463 | ---- | M] () -- C:\Users\Jaye\Desktop\funktion2.png [2010/11/13 20:03:01 | 000,028,628 | ---- | M] () -- C:\Users\Jaye\Desktop\funktion.png [2010/11/13 12:37:13 | 008,855,559 | ---- | M] () -- C:\Users\Jaye\Desktop\aaliyah - rock the boat.mp3 [2010/11/12 15:32:21 | 000,008,115 | ---- | M] () -- C:\Users\Jaye\Desktop\Dimensions Of A Paper Sizes - A0, A1, A2, A3, A4, A5, A6, A7, A8, A9, A10 - In Inches & mm.mht [2010/11/12 12:45:59 | 000,000,213 | ---- | M] () -- C:\Users\Jaye\AppData\Roaming\onyx 3 preferences [2010/11/11 03:52:34 | 001,622,345 | ---- | M] () -- C:\Users\Jaye\Desktop\Amazing Photoshop light effect in 10 Steps _ Abduzeedo _ Graphic Design Inspiration and Photoshop Tutorials.mht [2010/11/09 17:23:52 | 000,059,392 | ---- | M] () -- C:\Users\Jaye\Desktop\Untitled.MSWMM [2010/11/09 16:03:32 | 000,133,632 | ---- | M] () -- C:\Users\Jaye\Desktop\application_for_Audition[kor_eg].doc [2010/11/04 15:43:25 | 000,000,165 | -H-- | M] () -- C:\Users\Jaye\Desktop\~$price (Autosaved).xlsx [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/12/04 13:44:42 | 000,629,057 | ---- | C] () -- C:\Users\Jaye\Desktop\RkU3.8.388.590.rar [2010/12/02 13:27:09 | 000,296,448 | ---- | C] () -- C:\Users\Jaye\Desktop\ytx2k2rm.exe [2010/12/02 13:27:05 | 000,630,272 | ---- | C] () -- C:\Users\Jaye\Desktop\dds.scr [2010/12/02 13:20:04 | 000,000,176 | ---- | C] () -- C:\Users\Jaye\defogger_reenable [2010/12/02 13:19:39 | 000,050,477 | ---- | C] () -- C:\Users\Jaye\Desktop\Defogger.exe [2010/12/02 12:17:32 | 3220,340,736 | -HS- | C] () -- C:\hiberfil.sys [2010/12/01 16:15:59 | 003,973,792 | ---- | C] () -- C:\Users\Jaye\Desktop\02 Again & Again.mp3 [2010/12/01 13:21:31 | 000,168,364 | ---- | C] () -- C:\Users\Jaye\Desktop\Wonder Girls - Irony.mp3.sfk [2010/12/01 13:20:25 | 005,863,552 | ---- | C] () -- C:\Users\Jaye\Desktop\Wonder Girls - Irony.mp3 [2010/11/30 21:29:49 | 000,161,513 | ---- | C] () -- C:\Users\Jaye\Desktop\Application for Australian Business Number.mht [2010/11/30 19:27:15 | 000,349,806 | ---- | C] () -- C:\Users\Jaye\Desktop\pop_101105_b.jpg [2010/11/30 17:39:42 | 008,753,292 | ---- | C] () -- C:\Users\Jaye\Desktop\pokitpalad.ai [2010/11/30 17:36:02 | 000,395,229 | ---- | C] () -- C:\Users\Jaye\Desktop\crossoverad.png [2010/11/30 17:34:45 | 000,042,095 | ---- | C] () -- C:\Users\Jaye\Desktop\pokitpalad.png [2010/11/30 15:28:12 | 008,450,615 | ---- | C] () -- C:\Users\Jaye\Desktop\nicola.mp3 [2010/11/30 02:42:27 | 003,331,504 | ---- | C] () -- C:\Users\Jaye\Desktop\Tom Jones - Sex Bomb.mp3 [2010/11/26 23:24:34 | 000,028,672 | ---- | C] () -- C:\Users\Jaye\Desktop\Multidate_adventure_passport_intro.doc [2010/11/26 23:23:03 | 002,798,592 | ---- | C] () -- C:\Users\Jaye\Desktop\GG18338_-_Crossover_Dance_Studios.doc [2010/11/25 23:50:54 | 000,264,543 | ---- | C] () -- C:\Users\Jaye\Desktop\bboy workshops2.png [2010/11/19 21:36:15 | 015,166,206 | ---- | C] () -- C:\Users\Jaye\Desktop\tmb 19-11-10.wmv [2010/11/18 21:58:12 | 000,208,208 | ---- | C] () -- C:\Users\Jaye\Desktop\united096.jpg [2010/11/16 22:21:57 | 000,318,267 | ---- | C] () -- C:\Users\Jaye\Desktop\jo1.png [2010/11/15 00:58:59 | 001,364,522 | ---- | C] () -- C:\Users\Jaye\Desktop\wrar393.exe [2010/11/14 21:58:03 | 007,334,440 | ---- | C] () -- C:\Users\Jaye\Desktop\robrich.wmv [2010/11/14 18:19:44 | 000,058,274 | ---- | C] () -- C:\Users\Jaye\Desktop\PokitPal_Specs.pdf [2010/11/14 17:17:14 | 000,002,743 | ---- | C] () -- C:\Users\Jaye\Desktop\Inv00000411.pdf [2010/11/14 17:17:09 | 002,730,469 | ---- | C] () -- C:\Users\Jaye\Desktop\pania012.jpg [2010/11/14 16:05:36 | 000,032,463 | ---- | C] () -- C:\Users\Jaye\Desktop\funktion2.png [2010/11/14 12:39:42 | 001,147,473 | ---- | C] () -- C:\Users\Jaye\Desktop\funktion.ai [2010/11/13 20:02:36 | 000,028,628 | ---- | C] () -- C:\Users\Jaye\Desktop\funktion.png [2010/11/13 12:35:19 | 008,855,559 | ---- | C] () -- C:\Users\Jaye\Desktop\aaliyah - rock the boat.mp3 [2010/11/12 15:32:20 | 000,008,115 | ---- | C] () -- C:\Users\Jaye\Desktop\Dimensions Of A Paper Sizes - A0, A1, A2, A3, A4, A5, A6, A7, A8, A9, A10 - In Inches & mm.mht [2010/11/11 04:57:36 | 001,622,345 | ---- | C] () -- C:\Users\Jaye\Desktop\Amazing Photoshop light effect in 10 Steps _ Abduzeedo _ Graphic Design Inspiration and Photoshop Tutorials.mht [2010/11/09 17:22:12 | 000,059,392 | ---- | C] () -- C:\Users\Jaye\Desktop\Untitled.MSWMM [2010/11/09 16:03:32 | 000,133,632 | ---- | C] () -- C:\Users\Jaye\Desktop\application_for_Audition[kor_eg].doc [2010/11/04 15:43:25 | 000,000,165 | -H-- | C] () -- C:\Users\Jaye\Desktop\~$price (Autosaved).xlsx [2010/06/03 08:01:35 | 000,001,356 | ---- | C] () -- C:\Users\Jaye\AppData\Local\d3d9caps.dat [2010/04/29 14:04:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/03/16 19:55:13 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010/03/16 19:55:13 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010/02/02 01:18:54 | 000,000,213 | ---- | C] () -- C:\Users\Jaye\AppData\Roaming\onyx 3 preferences [2009/12/31 00:55:07 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/09/24 17:40:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/08 03:49:34 | 000,175,104 | ---- | C] () -- C:\Users\Jaye\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/07 17:58:18 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/06/16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2009/04/08 06:08:28 | 000,073,040 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/04/08 06:05:29 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2009/04/08 05:33:38 | 000,073,040 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007/12/22 10:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006/11/02 23:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 18:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005/07/23 15:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll ========== LOP Check ========== [2010/09/14 00:34:28 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\.minecraft [2010/08/04 14:40:51 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Any Video Converter [2010/06/20 03:20:55 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Braid [2010/06/20 03:18:46 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Broken Rules [2010/06/20 03:38:16 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Crayon Physics Deluxe [2009/08/09 22:26:21 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\DAEMON Tools Lite [2010/08/17 08:01:39 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Desktopicon [2009/12/09 02:58:09 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\FrostWire [2010/06/07 23:01:30 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\GetRightToGo [2009/09/14 06:01:18 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\LG Electronics [2010/06/20 03:23:56 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Mount&Blade [2009/10/19 15:42:16 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\NetMedia Providers [2010/01/25 00:38:26 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Nifflas [2010/04/29 12:52:53 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Opera [2009/10/19 15:42:16 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Publish Providers [2009/08/31 02:00:04 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Red Alert 3 [2009/10/24 06:14:10 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Red Alert 3 Uprising [2009/11/21 22:52:54 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\runic games [2009/09/16 01:33:06 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\ScummVM [2009/10/19 15:42:15 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Sony [2010/03/16 19:58:20 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Ubisoft [2010/07/30 14:56:52 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\uTorrent [2009/11/24 16:24:29 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Vodafone [2010/07/03 16:58:47 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\ZombieDriver [2010/11/18 12:22:06 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
-
Hey thanks for the reply. Here are the OTL log, Extra and RKU Report. I also tried to run GMER but it caused a blue screen crash. Hope you can help! DDS DDS (Ver_10-11-27.01) - NTFSx86 Run by Jaye at 13:46:45.65 on 04/12/2010 Sat Internet Explorer: 7.0.6002.18005 SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\ZoneLabs\vsmon.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\System Control Manager\MSIService.exe C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe C:\Program Files\System Control Manager\MGSysCtrl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe D:\Program Files\3 Mobile Broadband\3 Mobile Broadband.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe D:\Program Files\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\WUDFHost.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\notepad.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Jaye\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.ask.com?o=14200&l=dis uDefault_Page_URL = hxxp://www.msi.com mDefault_Page_URL = hxxp://www.msi.com.tw BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [AdobeBridge] uRun: [steam] "d:\program files\steam\steam.exe" -silent uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [Mobile Partner] "d:\program files\3 mobile broadband\3 Mobile Broadband.exe" mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [ZoneAlarm Client] "d:\program files\zone labs\zonealarm\zlclient.exe" mRun: [skytel] c:\program files\realtek\audio\hda\Skytel.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - d:\progra~1\nuclea~1\videoget\plugins\VIDEOG~1.DLL IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-29 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-29 17744] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-29 50768] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-29 40384] R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2009-4-8 159744] R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-7-3 9216] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-29 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-29 40384] R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-4-8 54784] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-6-27 101120] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-4-8 45600] R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-7-15 51288] R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-12 43608] R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2009-8-7 31616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\games\dragon age\bin_ship\daupdatersvc.service.exe [2010-8-22 25832] S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2009-11-24 113664] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-13 54632] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-8-16 38224] S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2009-4-8 3658752] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] =============== Created Last 30 ================ 2010-12-01 23:47:13 -------- d-----w- C:\TDSSKiller_Quarantine 2010-11-30 15:24:53 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{526c7bcb-f47a-41ec-932f-cd43451ffb34}\mpengine.dll 2010-11-25 13:44:01 15256 ----a-w- c:\users\jaye\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll 2010-11-18 01:01:03 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat ==================== Find3M ==================== 2010-10-18 23:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2010-09-08 17:23:42 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-09-08 17:07:35 834048 ----a-w- c:\windows\system32\wininet.dll 2010-09-08 15:23:27 389632 ----a-w- c:\windows\system32\html.iec 2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr 2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll 2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll ============= FINISH: 13:47:26.37 ===============
-
My computer has started acting strangely and I think it might be infected by something. I'm not very good at tech stuff so I hope you can help me. First of all, on startup, there is an unusally long black screen loading after I log into my profile. After that, programs which normally run at startup are failing to load. This includes windows notification services, msn messenger, avast realtime shields and steam. Attempting to turn on the realtime shields of avast does nothing. I also cannot connect to the internet, as each time I attempt to connect it says connection terminated. I used another computer to get malwarebytes. I also copied the updated rules file to the infected computer. The malwarebytes scan crashes after about 5 minutes. The happens consistantly. The file that it was scanning when i crashed last time was: c:\\windows\system32\vds.exe. I have run a full scan with avast turning up no results. Also tdsskiller returned no results. I ran rkill and it came up with these processes terminated: c:\\windows\system32\DllHost.exe c:\\windows\system32\DllHost.exe c:\\windows\system32\conime.exe Also I attempted to do a system restore, but I was told that I couldn't do one for an unspecified reason. Also I can't remember what it was, but I tried to do something and windows told me I couldn't access my host files or something. Not sure if it is relevant. Also I can't start the windows firewall service, but I don't know if that's because I have zone alarm also installed. That's about all the info I have! Hope you can help! Jaye