Jump to content

Problems after removing security suite virus


Recommended Posts

Hello,

After removing the security suite virus I found that I couldn't use my google search in firefox or explorer. After reading around, I've come to believe it's probably tdss. I then tried kapersky's tdss killer, but it didn't seem to work so here I am. I used avast for my virus scan instead of the one you recommended, since it's already on my computer. I'm not computer savvy at all so bear with me here, but you help would be greatly appreciated thank you :)

Here are the logs/attachments you requested (hope I did them right!):

DDS (Ver_10-03-17.01) - NTFSx86

Run by ;) at 9:21:07.56 on Fri 08/20/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_16

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1535.992 [GMT 2:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\PixArt\PAC7311\Monitor.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\:)\Desktop\dds.scr

C:\Windows\system32\conhost.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://news.bbc.co.uk/

uInternet Settings,ProxyServer = http=127.0.0.1:6522

uInternet Settings,ProxyOverride = <local>

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [PAC7311_Monitor] c:\windows\pixart\pac7311\Monitor.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\;)\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\;)\appdata\roaming\mozilla\firefox\profiles\825p4lpd.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\;)\appdata\local\yahoo!\browserplus\2.9.2\plugins\npybrowserplus_2.9.2.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-25 162640]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-25 19024]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-25 51792]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-25 40384]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-25 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-25 40384]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-1-23 273960]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-9-14 88192]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

S3 PAC7311;PLEOMAX PWC-2100 Pleo Chat Cam ;c:\windows\system32\drivers\PA707UCM.SYS [2007-3-14 449024]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-31 1343400]

=============== Created Last 30 ================

2010-08-20 07:15:22 176 ----a-w- c:\users\;)\defogger_reenable

2010-08-19 18:45:16 0 d-----w- C:\TDSSKiller_Quarantine

2010-08-19 17:31:13 0 d-----w- c:\users\^_^\appdata\roaming\Malwarebytes

2010-08-19 17:29:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-19 17:29:15 0 d-----w- c:\programdata\Malwarebytes

2010-08-19 17:29:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-19 17:29:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-19 17:21:06 0 d--h--w- c:\windows\PIF

2010-08-19 17:14:07 0 d-----w- c:\program files\CCleaner

2010-08-19 15:27:58 0 d-----w- c:\users\^_^\appdata\roaming\646959B6EAC0442364F68CB24D46A9C8

2010-08-16 17:52:28 0 d-----w- c:\users\^_^\appdata\roaming\Ariane Software

2010-08-12 14:17:27 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-12 14:17:06 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-08-12 14:17:06 197632 ----a-w- c:\windows\system32\ir32_32.dll

==================== Find3M ====================

2010-07-13 12:03:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll

2010-06-22 02:47:35 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-22 02:47:21 307200 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-06-22 02:47:13 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys

2010-06-16 05:48:35 224256 ----a-w- c:\windows\system32\schannel.dll

2010-06-08 06:02:06 1233920 ----a-w- c:\windows\system32\msxml3.dll

2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 9:21:59.53 ===============

Link to post
Share on other sites

  • Replies 55
  • Created
  • Last Reply

Top Posters In This Topic

Hello ,

And ^_^ My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

I ran Combofix, but at completed stage 3 a window popped up saying that the 'Find String (QGREP) Utility' has stopped working and so Windows will close the program. But when I click on 'close program' the same window keeps popping back up and it won't move on.

Hmm what should I do? I'm just leaving it like that for now...

Thanks!

Link to post
Share on other sites

ok thanks it worked, here it is:

ComboFix 10-08-18.05 - ;) 08/20/2010 15:02:18.2.1 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1535.1003 [GMT 2:00]

Running from: c:\users\:)\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\;)\AppData\Local\Windows Server

c:\users\;)\AppData\Local\Windows Server\flags.ini

c:\users\;)\AppData\Local\Windows Server\hlp.dat

c:\users\;)\AppData\Local\Windows Server\server.dat

c:\users\^_^\AppData\Local\Windows Server\uses32.dat

c:\users\^_^\AppData\Roaming\646959B6EAC0442364F68CB24D46A9C8

c:\users\^_^\AppData\Roaming\646959B6EAC0442364F68CB24D46A9C8\enemies-names.txt

c:\users\:)\AppData\Roaming\646959B6EAC0442364F68CB24D46A9C8\local.ini

c:\users\^_^\AppData\Roaming\646959B6EAC0442364F68CB24D46A9C8\lsrslt.ini

Infected copy of c:\windows\explorer.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

Infected copy of c:\windows\System32\wininit.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

.

((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))

.

2010-08-20 13:19 . 2010-08-20 13:24 -------- d-----w- c:\users\^_^\AppData\Local\temp

2010-08-20 13:19 . 2010-08-20 13:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-08-20 12:59 . 2010-08-20 13:00 -------- d-----w- C:\32788R22FWJFW

2010-08-19 18:45 . 2010-08-19 18:45 -------- d-----w- C:\TDSSKiller_Quarantine

2010-08-19 17:31 . 2010-08-19 17:31 -------- d-----w- c:\users\^_^\AppData\Roaming\Malwarebytes

2010-08-19 17:29 . 2010-08-19 17:29 -------- d-----w- c:\programdata\Malwarebytes

2010-08-19 17:29 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-19 17:29 . 2010-08-19 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-19 17:29 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-19 17:21 . 2010-08-19 17:21 -------- d--h--w- c:\windows\PIF

2010-08-19 17:14 . 2010-08-19 17:14 -------- d-----w- c:\program files\CCleaner

2010-08-19 15:29 . 2010-08-19 18:09 -------- d-----w- c:\users\^_^\AppData\Local\eeitvoatr

2010-08-19 15:28 . 2010-08-19 18:09 -------- d-----w- c:\users\^_^\AppData\Local\yccwubwfd

2010-08-19 15:28 . 2010-08-19 18:09 -------- d-----w- c:\users\^_^\AppData\Local\pokwuhjmk

2010-08-16 17:52 . 2010-08-16 17:52 -------- d-----w- c:\users\^_^\AppData\Roaming\Ariane Software

2010-08-12 14:17 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-12 14:17 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-08-12 14:17 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-20 11:41 . 2010-01-23 17:36 -------- d-----w- c:\users\^_^\AppData\Roaming\Skype

2010-08-20 11:35 . 2010-01-24 05:45 -------- d-----w- c:\users\^_^\AppData\Roaming\skypePM

2010-08-19 16:08 . 2010-01-24 06:11 -------- d-----w- c:\program files\BitTorrent

2010-08-19 16:07 . 2010-01-24 06:35 -------- d-----w- c:\users\^_^\AppData\Roaming\BitTorrent

2010-08-19 14:54 . 2010-03-05 11:25 -------- d-----w- c:\users\^_^\AppData\Roaming\vlc

2010-08-13 06:08 . 2010-01-24 03:15 -------- d-----w- c:\programdata\Microsoft Help

2010-07-29 21:27 . 2010-02-14 14:08 -------- d-----w- c:\users\^_^\AppData\Roaming\dvdcss

2010-07-13 12:03 . 2010-07-13 12:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2010-06-30 06:25 . 2010-08-12 14:15 978432 ----a-w- c:\windows\system32\wininet.dll

2010-06-26 10:30 . 2010-06-26 10:10 -------- d-----w- c:\users\^_^\AppData\Roaming\Audacity

2010-06-26 10:10 . 2010-06-26 10:10 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)

2010-06-22 02:47 . 2010-08-12 14:15 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-22 02:47 . 2010-08-12 14:15 307200 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-06-22 02:47 . 2010-08-12 14:15 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-06-19 06:33 . 2010-08-12 14:15 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-06-19 06:33 . 2010-08-12 14:15 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-06-19 06:23 . 2010-08-12 14:15 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-06-19 04:07 . 2010-08-12 14:15 2326016 ----a-w- c:\windows\system32\win32k.sys

2010-06-16 05:48 . 2010-08-12 14:15 224256 ----a-w- c:\windows\system32\schannel.dll

2010-06-08 06:02 . 2010-08-12 14:15 1233920 ----a-w- c:\windows\system32\msxml3.dll

2010-05-27 07:24 . 2010-06-09 08:36 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 03:49 . 2010-06-09 08:36 293888 ----a-w- c:\windows\system32\atmfd.dll

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

------- Sigcheck -------

[-] 2009-10-31 . 8D85EEDAC20B7F87DA10C416E8F7D4A1 . 2614272 . . [6.1.7600.16385] . . c:\windows\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PAC7311_Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-01-19 2743104]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-04 149280]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\^_^\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

R3 PAC7311;PLEOMAX PWC-2100 Pleo Chat Cam ;c:\windows\system32\DRIVERS\PA707UCM.SYS [2007-03-14 449024]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-31 1343400]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-03 691696]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-01-19 51792]

S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2006-09-14 88192]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://news.bbc.co.uk/

uInternet Settings,ProxyServer = http=127.0.0.1:6522

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\^_^\AppData\Roaming\Mozilla\Firefox\Profiles\825p4lpd.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/

FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\^_^\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\taskhost.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\conhost.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Completion time: 2010-08-20 15:27:44 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-20 13:27

Pre-Run: 18,282,328,064 bytes free

Post-Run: 18,220,584,960 bytes free

- - End Of File - - 85FA12FAF773FDB698156E1C7B39E2D7

Link to post
Share on other sites

Please let me know how things are running after the following fix:

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

omg....so I did the combofix log, pasted it, then right before I sent this I did a search on google to see if it worked to test it like you said, and another huge security warning came up saying I had a lot of viruses and stuff. But it looked like the usual fake stuff so I just closed out of it all. I'm sending you the log I did right before all this happened, but I must say....I think the problem isn't fixed yet :S Sorry, maybe I shouldn't have gotten onto google yet!

ComboFix 10-08-18.05 - ;) 08/20/2010 16:25:49.3.1 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1535.969 [GMT 2:00]

Running from: c:\users\^_^\Desktop\ComboFix.exe

Command switches used :: c:\users\^_^\Desktop\CFScript.txt

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

Infected copy of c:\windows\explorer.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

Infected copy of c:\windows\System32\wininit.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

.

((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))

.

2010-08-20 14:34 . 2010-08-20 14:34 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-08-20 14:34 . 2010-08-20 14:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-08-20 14:23 . 2010-08-20 14:24 -------- d-----w- C:\32788R22FWJFW

2010-08-20 13:19 . 2010-08-20 14:37 -------- d-----w- c:\users\^_^\AppData\Local\temp

2010-08-19 18:45 . 2010-08-19 18:45 -------- d-----w- C:\TDSSKiller_Quarantine

2010-08-19 17:31 . 2010-08-19 17:31 -------- d-----w- c:\users\^_^\AppData\Roaming\Malwarebytes

2010-08-19 17:29 . 2010-08-19 17:29 -------- d-----w- c:\programdata\Malwarebytes

2010-08-19 17:29 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-19 17:29 . 2010-08-19 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-19 17:29 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-19 17:21 . 2010-08-19 17:21 -------- d--h--w- c:\windows\PIF

2010-08-19 17:14 . 2010-08-19 17:14 -------- d-----w- c:\program files\CCleaner

2010-08-19 15:29 . 2010-08-19 18:09 -------- d-----w- c:\users\^_^\AppData\Local\eeitvoatr

2010-08-19 15:28 . 2010-08-19 18:09 -------- d-----w- c:\users\^_^\AppData\Local\yccwubwfd

2010-08-19 15:28 . 2010-08-19 18:09 -------- d-----w- c:\users\^_^\AppData\Local\pokwuhjmk

2010-08-16 17:52 . 2010-08-16 17:52 -------- d-----w- c:\users\^_^\AppData\Roaming\Ariane Software

2010-08-12 14:17 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-12 14:17 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-08-12 14:17 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-20 11:41 . 2010-01-23 17:36 -------- d-----w- c:\users\^_^\AppData\Roaming\Skype

2010-08-20 11:35 . 2010-01-24 05:45 -------- d-----w- c:\users\^_^\AppData\Roaming\skypePM

2010-08-19 16:08 . 2010-01-24 06:11 -------- d-----w- c:\program files\BitTorrent

2010-08-19 16:07 . 2010-01-24 06:35 -------- d-----w- c:\users\^_^\AppData\Roaming\BitTorrent

2010-08-19 14:54 . 2010-03-05 11:25 -------- d-----w- c:\users\^_^\AppData\Roaming\vlc

2010-08-13 06:08 . 2010-01-24 03:15 -------- d-----w- c:\programdata\Microsoft Help

2010-07-29 21:27 . 2010-02-14 14:08 -------- d-----w- c:\users\^_^\AppData\Roaming\dvdcss

2010-07-13 12:03 . 2010-07-13 12:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2010-06-30 06:25 . 2010-08-12 14:15 978432 ----a-w- c:\windows\system32\wininet.dll

2010-06-26 10:30 . 2010-06-26 10:10 -------- d-----w- c:\users\^_^\AppData\Roaming\Audacity

2010-06-26 10:10 . 2010-06-26 10:10 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)

2010-06-22 02:47 . 2010-08-12 14:15 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-22 02:47 . 2010-08-12 14:15 307200 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-06-22 02:47 . 2010-08-12 14:15 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-06-19 06:33 . 2010-08-12 14:15 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-06-19 06:33 . 2010-08-12 14:15 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-06-19 06:23 . 2010-08-12 14:15 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-06-19 04:07 . 2010-08-12 14:15 2326016 ----a-w- c:\windows\system32\win32k.sys

2010-06-16 05:48 . 2010-08-12 14:15 224256 ----a-w- c:\windows\system32\schannel.dll

2010-06-08 06:02 . 2010-08-12 14:15 1233920 ----a-w- c:\windows\system32\msxml3.dll

2010-05-27 07:24 . 2010-06-09 08:36 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 03:49 . 2010-06-09 08:36 293888 ----a-w- c:\windows\system32\atmfd.dll

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

------- Sigcheck -------

[-] 2009-10-31 . C343E62E49A74BE90A647996E9DB120A . 2614272 . . [6.1.7600.16385] . . c:\windows\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PAC7311_Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-01-19 2743104]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-04 149280]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\^_^\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

R3 PAC7311;PLEOMAX PWC-2100 Pleo Chat Cam ;c:\windows\system32\DRIVERS\PA707UCM.SYS [2007-03-14 449024]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-31 1343400]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-03 691696]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-01-19 51792]

S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2006-09-14 88192]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://news.bbc.co.uk/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\^_^\AppData\Roaming\Mozilla\Firefox\Profiles\825p4lpd.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/

FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\^_^\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\taskhost.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\conhost.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Completion time: 2010-08-20 16:41:41 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-20 14:41

ComboFix2.txt 2010-08-20 13:27

Pre-Run: 18,264,702,976 bytes free

Post-Run: 18,225,782,784 bytes free

- - End Of File - - CA81E069CAA6A191A620D547049DE3ED

Link to post
Share on other sites

Lets have a closer look here.

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

ok thanks~~here you go^^

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows 7

Version 6.1.7600

Number of processors #1

==============================================

>Drivers

==============================================

0x8CE08000 C:\Windows\system32\DRIVERS\atikmdag.sys 6193152 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)

0x8280F000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)

0x8280F000 PnpManager 4259840 bytes

0x8280F000 RAW 4259840 bytes

0x8280F000 WMIxWDM 4259840 bytes

0x90A20000 C:\Windows\system32\DRIVERS\bcmwl6.sys 2519040 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)

0x8F350000 Win32k 2400256 bytes

0x8F350000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x8782A000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)

0x8747F000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)

0x8C6EC000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x8768C000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)

0x82EDF000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)

0x94E01000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0x90684000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)

0x82E0C000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)

0x82F8A000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)

0x94F70000 C:\Windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)

0x8C604000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)

0x87618000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)

0x8C4A1000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x94F1F000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)

0x94ED0000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x8E05C000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x872FF000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x8723D000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)

0x90612000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)

0x8E00C000 C:\Windows\system32\DRIVERS\b57nd60x.sys 282624 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.)

0x8E134000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x90C91000 C:\Windows\system32\drivers\STAC97.sys 274432 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))

0x82E9D000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)

0x8C5B4000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x879AD000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x87743000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)

0x90757000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x8C7A3000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)

0x82C1F000 ACPI_HAL 225280 bytes

0x82C1F000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x8743A000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x90D1C000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)

0x87400000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)

0x8C500000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x87973000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0x90CD4000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x8735F000 C:\Windows\system32\DRIVERS\pcmcia.sys 188416 bytes (Microsoft Corporation, PCMCIA Bus Driver)

0x877A6000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)

0x875AE000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x872A1000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0x8C68E000 C:\Windows\System32\Drivers\aswSP.SYS 159744 bytes (ALWIL Software, avast! self protection module)

0x877D3000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)

0x87781000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)

0x873AC000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)

0x90734000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0x8E0E3000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x94EA2000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)

0x8C6B5000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x8720C000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0x873D8000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0x8C539000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x8F5E0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)

0x8E1D0000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)

0x90792000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x8C577000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)

0x8C416000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0x90709000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x90D03000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)

0x8C668000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0x90D50000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)

0x90D8C000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)

0x90DC3000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0x90DE6000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x8C7DC000 C:\Windows\system32\drivers\aswMonFlt.sys 94208 bytes (ALWIL Software, avast! File System Minifilter for Windows 2003/Vista)

0x90A00000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x8E105000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0x8C475000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)

0x8E0B6000 C:\Windows\system32\DRIVERS\gtipci21.sys 90112 bytes (Texas Instruments, Texas Instruments PCI GemCore IFD Handler)

0x8738D000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)

0x875D9000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0x90668000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x8C591000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0x90DB1000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)

0x8C6D6000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)

0x90722000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x87818000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x8E1AA000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes

0x8746E000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)

0x8E178000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x872CB000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)

0x82E84000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x8C558000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)

0x8E1EB000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x87800000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)

0x90658000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)

0x8C5A4000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)

0x872EF000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)

0x8E0A7000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x8C680000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)

0x8C569000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x8C467000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x87351000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0x87675000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)

0x8E126000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x8722F000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)

0x90DA4000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)

0x8E189000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)

0x90D75000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)

0x90D68000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)

0x94EC3000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x8C437000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)

0x8C40A000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)

0x8E0D7000 C:\Windows\System32\DRIVERS\scfilter.sys 49152 bytes (Microsoft Corporation, Microsoft Smart Card Reader Filter Driver)

0x87200000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x872E4000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)

0x8E196000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes

0x8E1C5000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)

0x8C45C000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x90DDB000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x8E0CC000 C:\Windows\system32\DRIVERS\SMCLIB.SYS 45056 bytes (Microsoft Corporation, Smart Card Driver Library)

0x8C48C000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x8E051000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0x87296000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)

0x8C497000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)

0x8E1BB000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x8C400000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0x8C5F5000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0x8E11C000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)

0x94E98000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x90D82000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)

0x90C87000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)

0x873CF000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)

0x873A3000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)

0x8E1A1000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes

0x87683000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0x94FE2000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0x8F5B0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x879A4000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)

0x9067B000 C:\Windows\system32\DRIVERS\vwifimp.sys 36864 bytes (Microsoft Corporation, Virtual WiFi Miniport Driver)

0x87285000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x82E95000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x872DC000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)

0x87810000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)

0x80BD5000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)

0x8728E000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x8C444000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8C44C000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)

0x8C454000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)

0x879EC000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0x87432000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x8734A000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)

0x877F8000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x907AD000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)

0x8C532000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)

0x94FDA000 C:\Users\;)\AppData\Local\Temp\mbr.sys 24576 bytes

0x8C4FB000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (ALWIL Software, avast! TDI RDR Driver)

0x8C6E8000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0x90A19000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (ALWIL Software, avast! File System Access Blocking Driver)

0x94FE0000 C:\Windows\system32\Drivers\PROCEXP113.SYS 8192 bytes

0x90A17000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

==============================================

>Stealth

==============================================

Nothing detected :)

Link to post
Share on other sites

Thats actually a good thing. ;)

I have seen more of this infection, but not a lot is known about it.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

Link to post
Share on other sites

whoa, what kind of infection is it? k here you go~~

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Ultimate Edition

Windows Information: (build 7600), 32-bit

Logical Drives Mask: 0x0000000c

Kernel Drivers (total 191):

0x8280F000 \SystemRoot\system32\ntkrnlpa.exe

0x82C1F000 \SystemRoot\system32\halmacpi.dll

0x80BD5000 \SystemRoot\system32\kdcom.dll

0x82E0C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x82E84000 \SystemRoot\system32\PSHED.dll

0x82E95000 \SystemRoot\system32\BOOTVID.dll

0x82E9D000 \SystemRoot\system32\CLFS.SYS

0x82EDF000 \SystemRoot\system32\CI.dll

0x82F8A000 \SystemRoot\system32\drivers\Wdf01000.sys

0x8722F000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x8723D000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x87285000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x8728E000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x87296000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x872A1000 \SystemRoot\system32\DRIVERS\pci.sys

0x872CB000 \SystemRoot\System32\drivers\partmgr.sys

0x872DC000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x872E4000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x872EF000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x872FF000 \SystemRoot\System32\drivers\volmgrx.sys

0x8734A000 \SystemRoot\system32\DRIVERS\intelide.sys

0x87351000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x8735F000 \SystemRoot\system32\DRIVERS\pcmcia.sys

0x8738D000 \SystemRoot\System32\drivers\mountmgr.sys

0x873A3000 \SystemRoot\system32\DRIVERS\atapi.sys

0x873AC000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x873CF000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x8743A000 \SystemRoot\system32\drivers\fltmgr.sys

0x8746E000 \SystemRoot\system32\drivers\fileinfo.sys

0x8747F000 \SystemRoot\System32\Drivers\Ntfs.sys

0x875AE000 \SystemRoot\System32\Drivers\msrpc.sys

0x875D9000 \SystemRoot\System32\Drivers\ksecdd.sys

0x87618000 \SystemRoot\System32\Drivers\cng.sys

0x87675000 \SystemRoot\System32\drivers\pcw.sys

0x87683000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x8768C000 \SystemRoot\system32\drivers\ndis.sys

0x87743000 \SystemRoot\system32\drivers\NETIO.SYS

0x87781000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x8782A000 \SystemRoot\System32\drivers\tcpip.sys

0x87973000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x879A4000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x879AD000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x879EC000 \SystemRoot\System32\Drivers\spldr.sys

0x877A6000 \SystemRoot\System32\drivers\rdyboost.sys

0x87800000 \SystemRoot\System32\Drivers\mup.sys

0x87810000 \SystemRoot\System32\drivers\hwpolicy.sys

0x87400000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x87818000 \SystemRoot\system32\DRIVERS\disk.sys

0x877D3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x873D8000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x877F8000 \SystemRoot\System32\Drivers\Null.SYS

0x87432000 \SystemRoot\System32\Drivers\Beep.SYS

0x87200000 \SystemRoot\System32\drivers\vga.sys

0x8720C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x8C437000 \SystemRoot\System32\drivers\watchdog.sys

0x8C444000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x8C44C000 \SystemRoot\system32\drivers\rdpencdd.sys

0x8C454000 \SystemRoot\system32\drivers\rdprefmp.sys

0x8C45C000 \SystemRoot\System32\Drivers\Msfs.SYS

0x8C467000 \SystemRoot\System32\Drivers\Npfs.SYS

0x8C475000 \SystemRoot\system32\DRIVERS\tdx.sys

0x8C48C000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x8C497000 \SystemRoot\System32\Drivers\aswTdi.SYS

0x8C4A1000 \SystemRoot\system32\drivers\afd.sys

0x8C4FB000 \SystemRoot\System32\Drivers\aswRdr.SYS

0x8C500000 \SystemRoot\System32\DRIVERS\netbt.sys

0x8C532000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x8C539000 \SystemRoot\system32\DRIVERS\pacer.sys

0x8C558000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x8C569000 \SystemRoot\system32\DRIVERS\netbios.sys

0x8C577000 \SystemRoot\system32\DRIVERS\serial.sys

0x8C591000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x8C5A4000 \SystemRoot\system32\DRIVERS\termdd.sys

0x8C5B4000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x8C5F5000 \SystemRoot\system32\drivers\nsiproxy.sys

0x8C400000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x8C40A000 \SystemRoot\System32\drivers\discache.sys

0x8C604000 \SystemRoot\system32\drivers\csc.sys

0x8C668000 \SystemRoot\System32\Drivers\dfsc.sys

0x8C680000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x8C68E000 \SystemRoot\System32\Drivers\aswSP.SYS

0x8C6B5000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x8C6D6000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x8C6E8000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x8CE08000 \SystemRoot\system32\DRIVERS\atikmdag.sys

0x8C6EC000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x8C7A3000 \SystemRoot\System32\drivers\dxgmms1.sys

0x8E00C000 \SystemRoot\system32\DRIVERS\b57nd60x.sys

0x8E051000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x8E05C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x8E0A7000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x8E0B6000 \SystemRoot\system32\DRIVERS\gtipci21.sys

0x8E0CC000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS

0x8E0D7000 \SystemRoot\System32\DRIVERS\scfilter.sys

0x90A20000 \SystemRoot\system32\DRIVERS\bcmwl6.sys

0x90C87000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x90C91000 \SystemRoot\system32\drivers\STAC97.sys

0x90CD4000 \SystemRoot\system32\drivers\portcls.sys

0x90D03000 \SystemRoot\system32\drivers\drmk.sys

0x90D1C000 \SystemRoot\system32\drivers\ks.sys

0x90D50000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x90D68000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x90D75000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x90D82000 \SystemRoot\system32\DRIVERS\serenum.sys

0x90D8C000 \SystemRoot\system32\DRIVERS\parport.sys

0x90DA4000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x90DB1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x90DC3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x90DDB000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x8E0E3000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x90DE6000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x90A00000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x8E105000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x8E11C000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x90A17000 \SystemRoot\system32\DRIVERS\swenum.sys

0x8E126000 \SystemRoot\system32\DRIVERS\umbus.sys

0x8E134000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x8E178000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x8E189000 \SystemRoot\System32\Drivers\crashdmp.sys

0x8E196000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x8E1A1000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x8E1AA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x8F350000 \SystemRoot\System32\win32k.sys

0x8E1BB000 \SystemRoot\System32\drivers\Dxapi.sys

0x8E1C5000 \SystemRoot\system32\DRIVERS\monitor.sys

0x8F5B0000 \SystemRoot\System32\TSDDD.dll

0x8F5E0000 \SystemRoot\System32\cdd.dll

0x8E1D0000 \SystemRoot\system32\drivers\luafv.sys

0x8C7DC000 \??\C:\Windows\system32\drivers\aswMonFlt.sys

0x90A19000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0x8C416000 \SystemRoot\system32\drivers\WudfPf.sys

0x8E1EB000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x90612000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x90658000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x90668000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x9067B000 \SystemRoot\system32\DRIVERS\vwifimp.sys

0x90684000 \SystemRoot\system32\drivers\HTTP.sys

0x90709000 \SystemRoot\system32\DRIVERS\bowser.sys

0x90722000 \SystemRoot\System32\drivers\mpsdrv.sys

0x90734000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x90757000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x90792000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x907AD000 \SystemRoot\system32\DRIVERS\parvdm.sys

0x94E01000 \SystemRoot\system32\drivers\peauth.sys

0x94E98000 \SystemRoot\System32\Drivers\secdrv.SYS

0x94EA2000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x94EC3000 \SystemRoot\System32\drivers\tcpipreg.sys

0x94ED0000 \SystemRoot\System32\DRIVERS\srv2.sys

0x94F1F000 \SystemRoot\System32\DRIVERS\srv.sys

0x94F70000 \SystemRoot\system32\drivers\spsys.sys

0x94FDA000 \??\C:\Users\;)\AppData\Local\Temp\mbr.sys

0x94FE0000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS

0x77BA0000 \Windows\System32\ntdll.dll

0x47E80000 \Windows\System32\smss.exe

0x77DE0000 \Windows\System32\apisetschema.dll

0x004F0000 \Windows\System32\autochk.exe

0x77CF0000 \Windows\System32\kernel32.dll

0x77B10000 \Windows\System32\oleaut32.dll

0x77CE0000 \Windows\System32\lpk.dll

0x77A80000 \Windows\System32\clbcatq.dll

0x77880000 \Windows\System32\iertutil.dll

0x77830000 \Windows\System32\gdi32.dll

0x777F0000 \Windows\System32\ws2_32.dll

0x776F0000 \Windows\System32\wininet.dll

0x77670000 \Windows\System32\comdlg32.dll

0x77510000 \Windows\System32\ole32.dll

0x77500000 \Windows\System32\nsi.dll

0x774F0000 \Windows\System32\psapi.dll

0x773B0000 \Windows\System32\urlmon.dll

0x772E0000 \Windows\System32\user32.dll

0x772D0000 \Windows\System32\normaliz.dll

0x77200000 \Windows\System32\msctf.dll

0x771D0000 \Windows\System32\imagehlp.dll

0x77170000 \Windows\System32\shlwapi.dll

0x76520000 \Windows\System32\shell32.dll

0x76470000 \Windows\System32\msvcrt.dll

0x763D0000 \Windows\System32\advapi32.dll

0x76380000 \Windows\System32\Wldap32.dll

0x76360000 \Windows\System32\imm32.dll

0x76300000 \Windows\System32\difxapi.dll

0x76260000 \Windows\System32\usp10.dll

0x76240000 \Windows\System32\sechost.dll

0x76190000 \Windows\System32\rpcrt4.dll

0x75FF0000 \Windows\System32\setupapi.dll

0x75FA0000 \Windows\System32\KernelBase.dll

0x75E80000 \Windows\System32\crypt32.dll

0x75E60000 \Windows\System32\devobj.dll

0x75E30000 \Windows\System32\wintrust.dll

0x75DA0000 \Windows\System32\comctl32.dll

0x75D70000 \Windows\System32\cfgmgr32.dll

0x75D60000 \Windows\System32\msasn1.dll

Processes (total 41):

0 System Idle Process

4 System

256 C:\Windows\System32\smss.exe

364 csrss.exe

440 csrss.exe

456 C:\Windows\System32\wininit.exe

480 C:\Windows\System32\winlogon.exe

548 C:\Windows\System32\services.exe

556 C:\Windows\System32\lsass.exe

564 C:\Windows\System32\lsm.exe

664 C:\Windows\System32\svchost.exe

740 C:\Windows\System32\svchost.exe

788 C:\Windows\System32\Ati2evxx.exe

820 C:\Windows\System32\svchost.exe

936 C:\Windows\System32\svchost.exe

964 C:\Windows\System32\svchost.exe

1112 C:\Windows\System32\svchost.exe

1176 C:\Windows\System32\Ati2evxx.exe

1356 C:\Windows\System32\svchost.exe

1460 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

1784 C:\Windows\System32\spoolsv.exe

1828 C:\Windows\System32\taskhost.exe

1836 C:\Windows\System32\svchost.exe

1908 C:\Windows\System32\svchost.exe

296 C:\Program Files\CDBurnerXP\NMSAccessU.exe

384 C:\Windows\System32\sppsvc.exe

536 C:\Windows\System32\svchost.exe

2256 C:\Windows\System32\dwm.exe

2744 C:\Windows\PixArt\PAC7311\Monitor.exe

2752 C:\Program Files\Alwil Software\Avast5\AvastUI.exe

2764 C:\Program Files\Java\jre6\bin\jusched.exe

3532 C:\Windows\System32\SearchIndexer.exe

2536 C:\Windows\System32\svchost.exe

3608 C:\Windows\System32\wuauclt.exe

184 C:\Windows\explorer.exe

2344 C:\Windows\System32\SearchProtocolHost.exe

3860 C:\Windows\System32\SearchFilterHost.exe

3660 C:\Windows\System32\audiodg.exe

3396 C:\Users\:)\Desktop\MBRCheck.exe

2908 C:\Windows\System32\conhost.exe

1884 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541040G9AT00, Rev: MB2OA61A

Size Device Name MBR Status

--------------------------------------------

37 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Link to post
Share on other sites

That one is clean as well. ;)

KASPERSKY ONLINE SCAN

-----------------------------------

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)

    • Scan Options:

    • Scan Archives
      Scan Mail Bases

    [*]Click OK

    [*]Now under select a target to scan:

    • Select My Computer

    [*]This will program will start and scan your system.

    [*]The scan will take a while so be patient and let it run.

    [*]Once the scan is complete it will display if your system has been infected.

    • Now click on the Save as Text button:

    [*]Save the file to your desktop.

    [*]Copy and paste that information in your next post.

Link to post
Share on other sites

wow that one took a bit of time^_^

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Friday, August 20, 2010

Operating system: Microsoft Professional (build 7600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Friday, August 20, 2010 11:53:52

Records in database: 4129292

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

Scan statistics:

Objects scanned: 74077

Threats found: 2

Infected objects found: 4

Suspicious objects found: 0

Scan duration: 02:43:10

File name / Threat / Threats count

C:\Users\;)\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\6d209115-558f7533 Infected: Exploit.Java.Agent.f 1

C:\Users\:)\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\6b2b9ddd-1259ddfb Infected: Exploit.Java.Agent.f 1

C:\Users\;)\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\13ced5ee-39a0cc53 Infected: Exploit.Java.Agent.a 1

C:\Users\;)\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\13ced5ee-39a0cc53 Infected: Exploit.Java.Agent.f 1

Selected area has been scanned.

Link to post
Share on other sites

Lets have a closer look here at what might be wrong.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscanbutton.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

OTL logfile created on: 8/20/2010 10:08:28 PM - Run 1

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\;)\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 37.26 Gb Total Space | 16.79 Gb Free Space | 45.05% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: _-PC

Current User Name: :)

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/20 22:08:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\;)\Desktop\OTL.exe

PRC - [2010/07/24 20:06:20 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/04/04 03:52:14 | 000,022,816 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe

PRC - [2010/04/04 03:52:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe

PRC - [2010/01/19 13:57:44 | 002,743,104 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/01/19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2009/11/12 06:48:58 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

PRC - [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe

PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2006/11/03 04:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7311\Monitor.exe

========== Modules (SafeList) ==========

MOD - [2010/08/20 22:08:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\;)\Desktop\OTL.exe

MOD - [2009/07/14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll

MOD - [2009/07/14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll

MOD - [2009/07/14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll

MOD - [2009/07/14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll

MOD - [2009/07/14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll

MOD - [2009/07/14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll

MOD - [2009/07/14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll

MOD - [2009/07/14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/03/31 15:04:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/01/24 09:42:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/01/19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/01/19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/01/19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2009/11/12 06:48:58 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2009/07/14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009/07/14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009/07/14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009/07/14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009/07/14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009/07/14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009/07/14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/07/14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009/07/14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/07/14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009/07/14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009/07/14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)

SRV - [2009/07/14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009/07/14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\;)\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2010/03/03 15:21:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010/01/19 15:13:58 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/01/19 13:46:52 | 000,046,544 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/01/19 13:43:40 | 000,023,248 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/01/19 13:43:23 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2010/01/19 13:42:57 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2009/12/11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009/11/12 06:48:58 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\StarOpen.sys -- (StarOpen)

DRV - [2009/08/26 08:10:28 | 000,273,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009/07/14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009/07/14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009/07/14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009/07/14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009/07/14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009/07/14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009/07/14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009/07/14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009/07/14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)

DRV - [2009/07/14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009/07/14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009/07/14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009/07/14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009/07/14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009/07/14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009/07/14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009/07/14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009/07/14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009/07/14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009/07/14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009/07/14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009/07/14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009/07/14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009/07/14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009/07/14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009/07/14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)

DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009/07/14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009/07/14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009/07/14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009/07/14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009/07/14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009/07/14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009/07/14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009/07/14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)

DRV - [2009/07/14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2009/07/14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)

DRV - [2009/07/14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009/07/14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009/07/14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009/07/14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/07/14 01:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)

DRV - [2009/07/14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009/07/14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)

DRV - [2009/07/14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009/07/14 01:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009/07/14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009/07/14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009/07/14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009/07/14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009/07/14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)

DRV - [2009/07/14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009/07/14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)

DRV - [2009/07/14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2009/07/14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2009/07/14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2009/07/14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009/07/14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009/07/14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009/07/14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2009/07/07 17:45:32 | 002,506,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)

DRV - [2008/12/01 15:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2007/03/14 03:57:56 | 000,449,024 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311)

DRV - [2006/09/14 10:55:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtipci21.sys -- (GTIPCI21)

DRV - [2004/11/01 06:52:46 | 000,272,568 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\STAC97.sys -- (STAC97)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1409081942-2149379982-1161357908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/

IE - HKU\S-1-5-21-1409081942-2149379982-1161357908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1409081942-2149379982-1161357908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 16 41 9B 50 9C CA 01 [binary data]

IE - HKU\S-1-5-21-1409081942-2149379982-1161357908-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/24 20:06:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 20:06:22 | 000,000,000 | ---D | M]

[2010/01/23 19:33:56 | 000,000,000 | ---D | M] -- C:\Users\:)\AppData\Roaming\mozilla\Extensions

[2010/07/03 13:11:48 | 000,000,000 | ---D | M] -- C:\Users\;)\AppData\Roaming\mozilla\Firefox\Profiles\825p4lpd.default\extensions

[2010/01/24 10:25:44 | 000,001,504 | ---- | M] () -- C:\Users\;)\AppData\Roaming\Mozilla\FireFox\Profiles\825p4lpd.default\searchplugins\imdb.xml

[2010/01/24 10:23:20 | 000,001,679 | ---- | M] () -- C:\Users\:)\AppData\Roaming\Mozilla\FireFox\Profiles\825p4lpd.default\searchplugins\thepiratebayorg.xml

[2010/01/24 10:27:19 | 000,004,140 | ---- | M] () -- C:\Users\:)\AppData\Roaming\Mozilla\FireFox\Profiles\825p4lpd.default\searchplugins\youtube.xml

[2010/04/04 03:52:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/01/14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/08/20 16:36:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PAC7311_Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe (PixArt Imaging Incorporation)

O4 - Startup: C:\Users\;)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1409081942-2149379982-1161357908-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1409081942-2149379982-1161357908-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/20 22:07:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\;)\Desktop\OTL.exe

[2010/08/20 16:41:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2010/08/20 16:23:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/08/20 16:23:43 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2010/08/20 15:19:49 | 000,000,000 | ---D | C] -- C:\Users\;)\AppData\Local\temp

[2010/08/20 13:44:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/08/20 13:44:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/08/20 13:44:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/08/20 13:43:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/08/20 13:43:29 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/08/19 20:45:16 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2010/08/19 20:37:39 | 000,000,000 | ---D | C] -- C:\Users\:)\Desktop\tdsskiller

[2010/08/19 19:31:13 | 000,000,000 | ---D | C] -- C:\Users\;)\AppData\Roaming\Malwarebytes

[2010/08/19 19:29:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/08/19 19:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/08/19 19:29:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/08/19 19:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/08/19 19:21:06 | 000,000,000 | -H-D | C] -- C:\Windows\PIF

[2010/08/19 19:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/08/19 19:11:57 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\;)\Desktop\mbam-setup.exe

[2010/08/19 17:29:07 | 000,000,000 | ---D | C] -- C:\Users\;)\AppData\Local\eeitvoatr

[2010/08/19 17:28:47 | 000,000,000 | ---D | C] -- C:\Users\:)\AppData\Local\yccwubwfd

[2010/08/19 17:28:40 | 000,000,000 | ---D | C] -- C:\Users\^_^\AppData\Local\pokwuhjmk

[2010/08/16 19:52:28 | 000,000,000 | ---D | C] -- C:\Users\^_^\AppData\Roaming\Ariane Software

[2010/08/12 16:17:06 | 000,197,632 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll

[2010/08/12 16:17:06 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll

[2010/08/12 16:15:57 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2010/08/12 16:15:56 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2010/08/12 16:15:53 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll

[2010/08/12 16:15:42 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010/08/12 16:15:42 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010/08/12 16:15:42 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010/08/12 16:15:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010/08/12 16:15:42 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010/08/12 16:15:41 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010/08/12 16:15:41 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010/08/12 16:15:41 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2010/08/12 16:15:38 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010/07/23 21:18:49 | 000,000,000 | ---D | C] -- C:\Users\^_^\Desktop\IcelandWednesday

========== Files - Modified Within 30 Days ==========

[2010/08/20 22:08:29 | 001,572,864 | -HS- | M] () -- C:\Users\^_^\NTUSER.DAT

[2010/08/20 22:08:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\^_^\Desktop\OTL.exe

[2010/08/20 22:03:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/08/20 21:36:11 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/08/20 21:36:11 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/08/20 17:48:12 | 000,080,384 | ---- | M] () -- C:\Users\^_^\Desktop\MBRCheck.exe

[2010/08/20 17:35:16 | 000,133,632 | ---- | M] () -- C:\Users\^_^\Desktop\RKUnhookerLE.EXE

[2010/08/20 16:41:47 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/08/20 16:41:47 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/08/20 16:41:47 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/08/20 16:37:10 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini

[2010/08/20 16:36:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/08/20 16:36:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/08/20 16:35:33 | 1207,513,088 | -HS- | M] () -- C:\hiberfil.sys

[2010/08/20 14:56:54 | 001,350,866 | -H-- | M] () -- C:\Users\^_^\AppData\Local\IconCache.db

[2010/08/20 13:41:33 | 003,819,959 | R--- | M] () -- C:\Users\^_^\Desktop\ComboFix.exe

[2010/08/20 09:35:15 | 000,004,093 | ---- | M] () -- C:\Users\^_^\Desktop\Attach.zip

[2010/08/20 09:19:44 | 000,293,376 | ---- | M] () -- C:\Users\^_^\Desktop\0gv5zd1p.exe

[2010/08/20 09:19:08 | 000,525,824 | ---- | M] () -- C:\Users\^_^\Desktop\dds.scr

[2010/08/20 09:15:46 | 000,000,176 | ---- | M] () -- C:\Users\^_^\defogger_reenable

[2010/08/20 09:14:41 | 000,050,477 | ---- | M] () -- C:\Users\^_^\Desktop\Defogger.exe

[2010/08/19 20:36:20 | 001,133,429 | ---- | M] () -- C:\Users\^_^\Desktop\tdsskiller.zip

[2010/08/19 19:14:08 | 000,000,969 | ---- | M] () -- C:\Users\^_^\Desktop\CCleaner.lnk

[2010/08/19 19:07:12 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\^_^\Desktop\mbam-setup.exe

[2010/08/13 17:23:27 | 000,409,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/07/29 08:30:49 | 000,197,632 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll

[2010/07/29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\System32\iccvid.dll

========== Files Created - No Company Name ==========

[2010/08/20 17:48:09 | 000,080,384 | ---- | C] () -- C:\Users\^_^\Desktop\MBRCheck.exe

[2010/08/20 17:35:15 | 000,133,632 | ---- | C] () -- C:\Users\^_^\Desktop\RKUnhookerLE.EXE

[2010/08/20 13:44:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2010/08/20 13:44:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010/08/20 13:44:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010/08/20 13:44:04 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe

[2010/08/20 13:44:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/08/20 13:41:19 | 003,819,959 | R--- | C] () -- C:\Users\^_^\Desktop\ComboFix.exe

[2010/08/20 09:35:15 | 000,004,093 | ---- | C] () -- C:\Users\^_^\Desktop\Attach.zip

[2010/08/20 09:19:43 | 000,293,376 | ---- | C] () -- C:\Users\^_^\Desktop\0gv5zd1p.exe

[2010/08/20 09:19:07 | 000,525,824 | ---- | C] () -- C:\Users\^_^\Desktop\dds.scr

[2010/08/20 09:15:22 | 000,000,176 | ---- | C] () -- C:\Users\^_^\defogger_reenable

[2010/08/20 09:14:41 | 000,050,477 | ---- | C] () -- C:\Users\^_^\Desktop\Defogger.exe

[2010/08/19 20:35:56 | 001,133,429 | ---- | C] () -- C:\Users\^_^\Desktop\tdsskiller.zip

[2010/08/19 19:14:08 | 000,000,969 | ---- | C] () -- C:\Users\^_^\Desktop\CCleaner.lnk

[2010/01/24 07:45:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/01/23 19:40:59 | 000,192,512 | ---- | C] () -- C:\Windows\System32\stac97co.dll

[2009/11/12 06:48:58 | 000,005,504 | ---- | C] () -- C:\Windows\System32\StarOpen.sys

[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2008/12/01 13:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2007/01/31 07:48:36 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP7311.ini

< End of report >

OTL Extras logfile created on: 8/20/2010 10:08:28 PM - Run 1

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\^_^\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 37.26 Gb Total Space | 16.79 Gb Free Space | 45.05% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: _-PC

Current User Name: ^_^

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1409081942-2149379982-1161357908-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{08E264F0-E675-8E6D-0042-8741FD41E654}" = ATI Catalyst Install Manager

"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4FEC0D0D-1279-4C46-B6F8-B73C5247A6A9}" = Foxit Reader

"{5932A5C4-BB44-4CFB-AD66-1B826F4D788B}" = CDBurnerXP

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0

"{D0AF9E67-E130-4C27-8F69-D3D6FE6D59EE}" = PLEOMAX PWC-2100 Pleo Chat Cam

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

That doesn't show anything noticeable.

OTL

-----

  1. Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"

/md5start
explorer.exe
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

[*]Push runscanbutton.png

[*]A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites

here you go~~

OTL logfile created on: 8/20/2010 10:44:13 PM - Run 2

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\;)\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 37.26 Gb Total Space | 16.78 Gb Free Space | 45.05% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: _-PC

Current User Name: ;)

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/20 22:43:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\;)\Desktop\OTL.exe

PRC - [2010/07/24 20:06:20 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/04/04 03:52:14 | 000,022,816 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe

PRC - [2010/04/04 03:52:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe

PRC - [2010/01/19 13:57:44 | 002,743,104 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/01/19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2009/11/12 06:48:58 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

PRC - [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe

PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2006/11/03 04:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7311\Monitor.exe

========== Modules (SafeList) ==========

MOD - [2010/08/20 22:43:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\;)\Desktop\OTL.exe

MOD - [2009/07/14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll

MOD - [2009/07/14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll

MOD - [2009/07/14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll

MOD - [2009/07/14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll

MOD - [2009/07/14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll

MOD - [2009/07/14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll

MOD - [2009/07/14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll

MOD - [2009/07/14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/03/31 15:04:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/01/24 09:42:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/01/19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/01/19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/01/19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2009/11/12 06:48:58 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2009/07/14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009/07/14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009/07/14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009/07/14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009/07/14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009/07/14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009/07/14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/07/14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009/07/14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/07/14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009/07/14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009/07/14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)

SRV - [2009/07/14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009/07/14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\;)\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2010/03/03 15:21:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010/01/19 15:13:58 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/01/19 13:46:52 | 000,046,544 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/01/19 13:43:40 | 000,023,248 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/01/19 13:43:23 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2010/01/19 13:42:57 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2009/12/11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009/11/12 06:48:58 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\StarOpen.sys -- (StarOpen)

DRV - [2009/08/26 08:10:28 | 000,273,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009/07/14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009/07/14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009/07/14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009/07/14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009/07/14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009/07/14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009/07/14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009/07/14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009/07/14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)

DRV - [2009/07/14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009/07/14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009/07/14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009/07/14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009/07/14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009/07/14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009/07/14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009/07/14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009/07/14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009/07/14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009/07/14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009/07/14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009/07/14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009/07/14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009/07/14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009/07/14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009/07/14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)

DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009/07/14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009/07/14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009/07/14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009/07/14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009/07/14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009/07/14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009/07/14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009/07/14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)

DRV - [2009/07/14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2009/07/14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)

DRV - [2009/07/14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009/07/14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009/07/14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009/07/14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/07/14 01:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)

DRV - [2009/07/14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009/07/14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)

DRV - [2009/07/14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009/07/14 01:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009/07/14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009/07/14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009/07/14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009/07/14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009/07/14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)

DRV - [2009/07/14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009/07/14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)

DRV - [2009/07/14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2009/07/14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2009/07/14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2009/07/14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009/07/14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009/07/14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009/07/14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2009/07/07 17:45:32 | 002,506,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)

DRV - [2008/12/01 15:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2007/03/14 03:57:56 | 000,449,024 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311)

DRV - [2006/09/14 10:55:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtipci21.sys -- (GTIPCI21)

DRV - [2004/11/01 06:52:46 | 000,272,568 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\STAC97.sys -- (STAC97)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 16 41 9B 50 9C CA 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/24 20:06:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 20:06:22 | 000,000,000 | ---D | M]

[2010/01/23 19:33:56 | 000,000,000 | ---D | M] -- C:\Users\:)\AppData\Roaming\mozilla\Extensions

[2010/07/03 13:11:48 | 000,000,000 | ---D | M] -- C:\Users\:)\AppData\Roaming\mozilla\Firefox\Profiles\825p4lpd.default\extensions

[2010/01/24 10:25:44 | 000,001,504 | ---- | M] () -- C:\Users\;)\AppData\Roaming\Mozilla\FireFox\Profiles\825p4lpd.default\searchplugins\imdb.xml

[2010/01/24 10:23:20 | 000,001,679 | ---- | M] () -- C:\Users\;)\AppData\Roaming\Mozilla\FireFox\Profiles\825p4lpd.default\searchplugins\thepiratebayorg.xml

[2010/01/24 10:27:19 | 000,004,140 | ---- | M] () -- C:\Users\;)\AppData\Roaming\Mozilla\FireFox\Profiles\825p4lpd.default\searchplugins\youtube.xml

[2010/04/04 03:52:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/01/14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/08/20 16:36:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PAC7311_Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe (PixArt Imaging Incorporation)

O4 - Startup: C:\Users\;)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/20 22:07:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\:)\Desktop\OTL.exe

[2010/08/20 16:41:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2010/08/20 16:23:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/08/20 16:23:43 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2010/08/20 15:19:49 | 000,000,000 | ---D | C] -- C:\Users\;)\AppData\Local\temp

[2010/08/20 13:44:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/08/20 13:44:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/08/20 13:44:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/08/20 13:43:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/08/20 13:43:29 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/08/19 20:45:16 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2010/08/19 20:37:39 | 000,000,000 | ---D | C] -- C:\Users\;)\Desktop\tdsskiller

[2010/08/19 19:31:13 | 000,000,000 | ---D | C] -- C:\Users\;)\AppData\Roaming\Malwarebytes

[2010/08/19 19:29:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/08/19 19:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/08/19 19:29:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/08/19 19:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/08/19 19:21:06 | 000,000,000 | -H-D | C] -- C:\Windows\PIF

[2010/08/19 19:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/08/19 19:11:57 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\:)\Desktop\mbam-setup.exe

[2010/08/19 17:29:07 | 000,000,000 | ---D | C] -- C:\Users\^_^\AppData\Local\eeitvoatr

[2010/08/19 17:28:47 | 000,000,000 | ---D | C] -- C:\Users\^_^\AppData\Local\yccwubwfd

[2010/08/19 17:28:40 | 000,000,000 | ---D | C] -- C:\Users\^_^\AppData\Local\pokwuhjmk

[2010/08/16 19:52:28 | 000,000,000 | ---D | C] -- C:\Users\^_^\AppData\Roaming\Ariane Software

[2010/08/12 16:17:06 | 000,197,632 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll

[2010/08/12 16:17:06 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll

[2010/08/12 16:15:57 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2010/08/12 16:15:56 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2010/08/12 16:15:53 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll

[2010/08/12 16:15:42 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010/08/12 16:15:42 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010/08/12 16:15:42 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010/08/12 16:15:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010/08/12 16:15:42 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010/08/12 16:15:41 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010/08/12 16:15:41 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010/08/12 16:15:41 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2010/08/12 16:15:38 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010/07/23 21:18:49 | 000,000,000 | ---D | C] -- C:\Users\^_^\Desktop\IcelandWednesday

========== Files - Modified Within 30 Days ==========

[2010/08/20 22:45:10 | 001,572,864 | -HS- | M] () -- C:\Users\^_^\NTUSER.DAT

[2010/08/20 22:43:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\^_^\Desktop\OTL.exe

[2010/08/20 22:36:12 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/08/20 22:36:12 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/08/20 22:03:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/08/20 17:48:12 | 000,080,384 | ---- | M] () -- C:\Users\^_^\Desktop\MBRCheck.exe

[2010/08/20 17:35:16 | 000,133,632 | ---- | M] () -- C:\Users\^_^\Desktop\RKUnhookerLE.EXE

[2010/08/20 16:41:47 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/08/20 16:41:47 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/08/20 16:41:47 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/08/20 16:37:10 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini

[2010/08/20 16:36:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/08/20 16:36:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/08/20 16:35:33 | 1207,513,088 | -HS- | M] () -- C:\hiberfil.sys

[2010/08/20 14:56:54 | 001,350,866 | -H-- | M] () -- C:\Users\^_^\AppData\Local\IconCache.db

[2010/08/20 13:41:33 | 003,819,959 | R--- | M] () -- C:\Users\^_^\Desktop\ComboFix.exe

[2010/08/20 09:35:15 | 000,004,093 | ---- | M] () -- C:\Users\^_^\Desktop\Attach.zip

[2010/08/20 09:19:44 | 000,293,376 | ---- | M] () -- C:\Users\^_^\Desktop\0gv5zd1p.exe

[2010/08/20 09:19:08 | 000,525,824 | ---- | M] () -- C:\Users\^_^\Desktop\dds.scr

[2010/08/20 09:15:46 | 000,000,176 | ---- | M] () -- C:\Users\^_^\defogger_reenable

[2010/08/20 09:14:41 | 000,050,477 | ---- | M] () -- C:\Users\^_^\Desktop\Defogger.exe

[2010/08/19 20:36:20 | 001,133,429 | ---- | M] () -- C:\Users\^_^\Desktop\tdsskiller.zip

[2010/08/19 19:14:08 | 000,000,969 | ---- | M] () -- C:\Users\^_^\Desktop\CCleaner.lnk

[2010/08/19 19:07:12 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\^_^\Desktop\mbam-setup.exe

[2010/08/13 17:23:27 | 000,409,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/07/29 08:30:49 | 000,197,632 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll

[2010/07/29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\System32\iccvid.dll

========== Files Created - No Company Name ==========

[2010/08/20 17:48:09 | 000,080,384 | ---- | C] () -- C:\Users\^_^\Desktop\MBRCheck.exe

[2010/08/20 17:35:15 | 000,133,632 | ---- | C] () -- C:\Users\^_^\Desktop\RKUnhookerLE.EXE

[2010/08/20 13:44:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2010/08/20 13:44:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010/08/20 13:44:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010/08/20 13:44:04 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe

[2010/08/20 13:44:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/08/20 13:41:19 | 003,819,959 | R--- | C] () -- C:\Users\^_^\Desktop\ComboFix.exe

[2010/08/20 09:35:15 | 000,004,093 | ---- | C] () -- C:\Users\^_^\Desktop\Attach.zip

[2010/08/20 09:19:43 | 000,293,376 | ---- | C] () -- C:\Users\^_^\Desktop\0gv5zd1p.exe

[2010/08/20 09:19:07 | 000,525,824 | ---- | C] () -- C:\Users\^_^\Desktop\dds.scr

[2010/08/20 09:15:22 | 000,000,176 | ---- | C] () -- C:\Users\^_^\defogger_reenable

[2010/08/20 09:14:41 | 000,050,477 | ---- | C] () -- C:\Users\^_^\Desktop\Defogger.exe

[2010/08/19 20:35:56 | 001,133,429 | ---- | C] () -- C:\Users\^_^\Desktop\tdsskiller.zip

[2010/08/19 19:14:08 | 000,000,969 | ---- | C] () -- C:\Users\^_^\Desktop\CCleaner.lnk

[2010/01/24 07:45:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/01/23 19:40:59 | 000,192,512 | ---- | C] () -- C:\Windows\System32\stac97co.dll

[2009/11/12 06:48:58 | 000,005,504 | ---- | C] () -- C:\Windows\System32\StarOpen.sys

[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2008/12/01 13:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2007/01/31 07:48:36 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP7311.ini

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >

[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C343E62E49A74BE90A647996E9DB120A -- C:\Windows\explorer.exe

[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< %systemroot%\system32\*.dll /lockedfiles >

[2009/07/14 03:16:15 | 000,193,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\sppcomapi.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >

Link to post
Share on other sites

That sure looks like an invalid copy of explorer.exe

Lets first upload it to see what we might be dealing with.

UPLOAD A FILE

--------------------

We need to check a file. Please click this link VirusTotal

When the page has finished loading, click the Choose file button and navigate to the following file and click Send file.

c:\windows\explorer.exe

If you get the message that the file has already been scanned before, please click Reanalyse file now.

Please post back the results of the scan in your next post.

Link to post
Share on other sites

ok the buttons i had to push were a little different and a different report didn't pop up in the end so I just copied and pasted, here you go thanks!

Antivirus Version Last Update Result

AhnLab-V3 2010.08.21.00 2010.08.20 -

AntiVir 8.2.4.38 2010.08.20 TR/Spy.2614272.1

Antiy-AVL 2.0.3.7 2010.08.16 -

Authentium 5.2.0.5 2010.08.21 -

Avast 4.8.1351.0 2010.08.20 -

Avast5 5.0.332.0 2010.08.20 Win32:Bamital-X

AVG 9.0.0.851 2010.08.20 -

BitDefender 7.2 2010.08.21 Win32.Loader.O

CAT-QuickHeal 11.00 2010.08.21 -

ClamAV 0.96.2.0-git 2010.08.21 -

Comodo 5800 2010.08.21 -

DrWeb 5.0.2.03300 2010.08.21 modification of Win32.Dat.2

Emsisoft 5.0.0.37 2010.08.21 Virus.Win32.Bamital!IK

eSafe 7.0.17.0 2010.08.19 -

eTrust-Vet 36.1.7804 2010.08.21 Win32/Patcher.F

F-Prot 4.6.1.107 2010.08.21 -

F-Secure 9.0.15370.0 2010.08.21 Win32.Loader.O

Fortinet 4.1.143.0 2010.08.20 -

GData 21 2010.08.21 Win32.Loader.O

Ikarus T3.1.1.88.0 2010.08.21 Virus.Win32.Bamital

Jiangmin 13.0.900 2010.08.21 -

Kaspersky 7.0.0.125 2010.08.21 Trojan.Win32.Patched.kl

McAfee 5.400.0.1158 2010.08.21 -

Microsoft 1.6103 2010.08.21 Virus:Win32/Bamital.C

NOD32 5383 2010.08.20 -

Norman 6.05.11 2010.08.20 Suspicious_Gen2.BVZHO

nProtect 2010-08-21.01 2010.08.21 Win32.Loader.O

Panda 10.0.2.7 2010.08.20 -

PCTools 7.0.3.5 2010.08.21 -

Prevx 3.0 2010.08.21 -

Rising 22.61.04.04 2010.08.20 Trojan.Win32.Generic.522824EA

Sophos 4.56.0 2010.08.21 -

Sunbelt 6769 2010.08.21 -

SUPERAntiSpyware 4.40.0.1006 2010.08.20 -

Symantec 20101.1.1.7 2010.08.21 Suspicious.Mystic

TheHacker 6.5.2.1.352 2010.08.20 -

TrendMicro 9.120.0.1004 2010.08.21 -

TrendMicro-HouseCall 9.120.0.1004 2010.08.21 -

VBA32 3.12.14.0 2010.08.20 -

ViRobot 2010.8.16.3990 2010.08.21 Win32.Patched.AF

VirusBuster 5.0.27.0 2010.08.20 -

Additional informationShow all

MD5 : c343e62e49a74be90a647996e9db120a

SHA1 : b683d9cafd8159cd03a454a7dfb004413cc3594d

SHA256: 2dab8b44519bffb14aaff937bd67f5a0a590d222c243ab5b38ad378483a2d92a

ssdeep: 49152:wwPj1ubtHXPFvYYYYYYYYYYYRYYYYYYYYYYE3iA7/eFUJN9ojoso2xnorcf:fPsbttvYY

YYYYYYYYYRYYYYYYYYYYE3q

File size : 2614272 bytes

First seen: 2010-08-21 08:39:14

Last seen : 2010-08-21 08:39:14

TrID:

Win32 Executable Generic (42.3%)

Win32 Dynamic Link Library (generic) (37.6%)

Generic Win/DOS Executable (9.9%)

DOS Executable Generic (9.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:

publisher....: Microsoft Corporation

copyright....: © Microsoft Corporation. All rights reserved.

product......: Microsoft_ Windows_ Operating System

description..: Windows Explorer

original name: EXPLORER.EXE

internal name: explorer

file version.: 6.1.7600.20563 (win7_ldr.091030-1504)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x2A8CB

timedatestamp....: 0x4AEBA51D (Sat Oct 31 02:46:53 2009)

machinetype......: 0x14c (I386)

[[ 4 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0xAF1FF, 0xAF200, 6.39, 402074f94dc6a7714699c17138b81c0e

.data, 0xB1000, 0x2FCC, 0x2800, 0.95, 1408cc5d5952a7ece5e6486fb4c726d9

.rsrc, 0xB4000, 0x1C2E80, 0x1C3000, 5.52, 2e169938829b374a6e240f7d3358fa34

.reloc, 0x277000, 0x9304, 0x9400, 6.75, ef0fce9734bdcda1f733595e3a005d3a

[[ 19 import(s) ]]

ADVAPI32.dll: RegCloseKey, RegCreateKeyW, RegGetValueW, RegOpenKeyExW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCreateKeyExW, RegQueryValueExW, EventRegister, EventUnregister, EventWrite, EventEnabled, GetLengthSid, GetTokenInformation, OpenProcessToken, RegSetValueExW, TraceMessage, RegOpenKeyW, RegDeleteValueW, RegEnumValueW, RegQueryInfoKeyW, ConvertStringSidToSidW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, RegEnumKeyExW, CreateWellKnownSid, StartServiceW, CryptAcquireContextW, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, CryptReleaseContext, StartTraceW, EnableTraceEx, StopTraceW, LsaLookupSids, IsValidSid, GetSidSubAuthorityCount, GetSidSubAuthority, LsaOpenPolicy, LsaFreeMemory, LsaClose, OpenThreadToken, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, CheckTokenMembership, QueryServiceStatus

KERNEL32.dll: LoadLibraryExA, DelayLoadFailureHook, CreateFileW, GetFileSize, ReadFile, RaiseException, FlushInstructionCache, SetLastError, OpenThread, GetSystemTimeAsFileTime, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetLocalTime, InterlockedCompareExchange, FindFirstFileW, lstrcmpiW, FindNextFileW, FindClose, GetFileAttributesW, GetSystemTime, SystemTimeToFileTime, ExpandEnvironmentStringsW, InterlockedIncrement, InterlockedDecrement, GetLastError, SetInformationJobObject, CreateJobObjectW, GetPriorityClass, SetPriorityClass, SearchPathW, GetSystemDefaultUILanguage, UnmapViewOfFile, MapViewOfFile, GetTimeZoneInformation, GetDynamicTimeZoneInformation, GetBinaryTypeW, QueryPerformanceFrequency, QueueUserWorkItem, GetTickCount64, MulDiv, GetLongPathNameW, GetThreadPriority, MultiByteToWideChar, GlobalGetAtomNameW, GetCurrentThread, SetThreadPriority, LoadLibraryExW, GetProductInfo, TerminateThread, CreateIoCompletionPort, GetQueuedCompletionStatus, DeleteFileW, GetWindowsDirectoryW, GetProcessId, CompareStringW, QueryFullProcessImageNameW, CompareFileTime, CreateFileMappingW, ResetEvent, WideCharToMultiByte, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, DuplicateHandle, GetCurrentDirectoryW, WaitForMultipleObjects, GetComputerNameW, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, FindResourceExW, LoadResource, LockResource, OpenProcess, CloseHandle, LocalFree, LocalAlloc, QueryInformationJobObject, Sleep, ResumeThread, AssignProcessToJobObject, CreateThread, CreateProcessW, WaitForSingleObject, FreeLibrary, GetProcAddress, LoadLibraryW, GetUserDefaultUILanguage, CreateEventW, lstrlenW, HeapFree, HeapAlloc, GetProcessHeap, GetCurrentProcess, HeapSetInformation, GetVersionExW, DeleteCriticalSection, InitializeCriticalSection, HeapDestroy, GetPrivateProfileStringW, GetModuleFileNameW, GetCommandLineW, GetSystemDirectoryW, ExitProcess, RegisterApplicationRestart, SetProcessShutdownParameters, GetStartupInfoW, ReleaseMutex, CreateMutexW, SetErrorMode, SetProcessDEPPolicy, GetUserDefaultLangID, SetEvent, LeaveCriticalSection, EnterCriticalSection, GetTickCount, OpenEventW, SetTermsrvAppInstallMode, GetCurrentProcessId, GetModuleHandleW, GetCurrentThreadId, TerminateProcess, UnhandledExceptionFilter, CompareStringOrdinal, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedExchange, VirtualAlloc, VirtualFree, LoadLibraryA

GDI32.dll: GetStockObject, SetWindowOrgEx, StretchBlt, GetTextMetricsW, CombineRgn, Polyline, CreatePen, GetTextColor, ExtCreateRegion, GetRegionData, SetLayout, GetLayout, GetTextExtentPoint32W, OffsetRgn, LPtoDP, GetRgnBox, OffsetViewportOrgEx, GdiFlush, ExtTextOutW, SetDIBits, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, GetBkColor, SetBkMode, CreateBitmap, PatBlt, CreateCompatibleBitmap, OffsetWindowOrgEx, SetBkColor, SetTextColor, GetTextExtentPointW, GetClipBox, CreateDIBSection, GetObjectW, CreateRectRgnIndirect, DeleteObject, CreateCompatibleDC, SelectObject, BitBlt, GetDeviceCaps, CreateFontIndirectW, DeleteDC, GdiAlphaBlend

USER32.dll: PtInRect, GetWindowRect, GetWindow, SendMessageW, EnumChildWindows, GetWindowLongW, CharPrevW, CharNextW, GetSystemMetrics, CreateWindowExW, DialogBoxParamW, GetClassInfoW, GetClassInfoExW, GetMenuItemInfoW, GetMenuItemCount, GetClassNameW, GetKeyboardLayout, ActivateKeyboardLayout, IsChild, InsertMenuW, GetMenuStringW, SetMenuItemInfoW, InsertMenuItemW, IsWinEventHookInstalled, IsProcessDPIAware, GetNextDlgGroupItem, GetNextDlgTabItem, GetDlgCtrlID, MoveWindow, IsRectEmpty, UnionRect, ChildWindowFromPointEx, GetGUIThreadInfo, SetClassLongW, GetClassLongW, WindowFromDC, CharUpperW, UnregisterClassW, FrameRect, GetWindowDC, SendMessageCallbackW, UpdateLayeredWindow, GetUserObjectInformationW, GetThreadDesktop, GetProcessWindowStation, GetIconInfo, ShowWindowAsync, FlashWindowEx, EndTask, SetThreadDesktop, GetMenuState, SetScrollInfo, GetScrollInfo, SetScrollPos, BringWindowToTop, DeregisterShellHookWindow, IsZoomed, CloseDesktop, OpenInputDesktop, RegisterShellHookWindow, InternalGetWindowText, GetWindowInfo, GetLayeredWindowAttributes, SetLayeredWindowAttributes, GetCaretBlinkTime, UnhookWindowsHookEx, CallNextHookEx, SetWindowsHookExW, GetUpdateRect, SystemParametersInfoW, FindWindowW, ReleaseDC, GetDC, DispatchMessageW, TranslateMessage, GetMessageW, DestroyMenu, GetMenuDefaultItem, CreatePopupMenu, PostMessageW, MsgWaitForMultipleObjectsEx, PeekMessageW, SetWindowLongW, ShutdownBlockReasonCreate, LoadStringW, DestroyWindow, PostQuitMessage, SetWindowPos, KillTimer, SetTimer, SetPropW, ShowWindow, MapWindowPoints, RegisterClassW, LoadCursorW, SetActiveWindow, UpdateLayeredWindowIndirect, GetLastInputInfo, SendDlgItemMessageW, EndDialog, GetDesktopWindow, GetShellWindow, DestroyIcon, GetMonitorInfoW, CopyRect, ModifyMenuW, CheckMenuItem, EnableMenuItem, GhostWindowFromHungWindow, DeleteMenu, ReleaseCapture, GetCursorPos, DefWindowProcW, TrackMouseEvent, GetDoubleClickTime, InvalidateRect, LockWorkStation, TileWindows, UpdateWindow, CascadeWindows, GetWindowTextW, TrackPopupMenu, ClientToScreen, WindowFromPoint, AppendMenuW, EndPaint, DrawEdge, FillRect, LockSetForegroundWindow, InflateRect, IsWindowVisible, GetForegroundWindow, GetParent, WaitMessage, RegisterWindowMessageW, TrackPopupMenuEx, GetClientRect, MonitorFromRect, EqualRect, SubtractRect, RedrawWindow, EnumDisplayMonitors, SetWindowTextW, IntersectRect, GetWindowPlacement, SendNotifyMessageW, RemovePropW, SetWindowCompositionAttribute, HungWindowFromGhostWindow, SetFocus, SendMessageTimeoutW, EnumWindows, UnregisterHotKey, RegisterHotKey, MonitorFromWindow, IsWindow, SetCursor, GetAsyncKeyState, SetForegroundWindow, ChildWindowFromPoint, SetCursorPos, GetMessagePos, IsIconic, LoadIconW, DeferWindowPos, OffsetRect, GetWindowThreadProcessId, ScreenToClient, GetAncestor, MonitorFromPoint, SetRectEmpty, ChangeWindowMessageFilterEx, LoadAcceleratorsW, TranslateAcceleratorW, GetKeyState, SetWindowRgn, GetWindowRgnBox, LoadImageW, GetFocus, GetActiveWindow, MessageBeep, BeginPaint, SwitchToThisWindow, GetLastActivePopup, EndDeferWindowPos, BeginDeferWindowPos, SetWindowPlacement, IsHungAppWindow, RegisterClipboardFormatW, SetRect, GetSysColorBrush, GetPropW, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetMenuDefaultItem, GetCapture, DrawIconEx, GetMessageExtraInfo, SetGestureConfig, AdjustWindowRect, CalculatePopupWindowPosition, DrawTextW, SetCapture, CallWindowProcW, CheckDlgButton, IsDlgButtonChecked, IsWindowEnabled, GetDlgItemInt, SetDlgItemInt, GetDlgItem, EnableWindow, SetWinEventHook, MsgWaitForMultipleObjects, RegisterClassExW, CopyIcon, AdjustWindowRectEx, GetSysColor, DrawFocusRect, NotifyWinEvent, ExitWindowsEx, GetSystemMenu

msvcrt.dll: _controlfp, _terminate@@YAXXZ, _onexit, _lock, __dllonexit, _unlock, _except_handler4_common, __set_app_type, __p__fmode, memcpy, memmove, _CIsin, _ftol2, _CIcos, _wtoi, wcsncmp, _wcsnicmp, _wcsicmp, bsearch, __p__commode, __setusermatherr, _amsg_exit, _initterm, _wcmdln, exit, _XcptFilter, _exit, _cexit, __wgetmainargs, _ftol2_sse, malloc, _CIsqrt, ceil, realloc, wcschr, iswalpha, wcsstr, free, _vsnwprintf, memset

ntdll.dll: WinSqmSetString, NtQueryInformationProcess, NtSetInformationProcess, WinSqmIsOptedIn, NtOpenThreadToken, NtOpenProcessToken, NtClose, WinSqmAddToStreamEx, NtSetSystemInformation, WinSqmAddToStream, WinSqmEventEnabled, WinSqmSetDWORD, EtwEventWrite, EtwEventEnabled, NtQueryInformationToken, RtlGetProductInfo

SHLWAPI.dll: SHStrDupA, StrCmpW, -, -, PathCommonPrefixW, PathRemoveExtensionW, -, PathIsFileSpecW, -, -, -, StrRetToStrW, -, AssocCreate, -, StrRetToBufW, AssocQueryStringW, -, PathQuoteSpacesW, -, -, SHDeleteKeyW, -, SHRegGetUSValueW, -, -, PathIsNetworkPathW, -, -, -, -, SHOpenRegStream2W, -, -, -, -, -, -, PathRemoveFileSpecW, -, -, -, -, SHRegGetBoolUSValueW, -, -, PathGetDriveNumberW, PathFileExistsW, PathIsDirectoryW, -, -, PathFindExtensionW, StrChrIW, -, -, PathAppendW, SHDeleteValueW, -, SHSetValueW, -, -, PathRemoveArgsW, PathRemoveBlanksW, StrCmpNIW, -, PathGetArgsW, PathFindFileNameW, SHGetValueW, SHCreateThreadRef, SHSetThreadRef, PathCombineW, SHRegGetValueW, -, -, -, -, StrToIntW, -, StrChrW, -, -, -, -, -, -, SHStrDupW, PathStripToRootW, -, -, -, StrTrimW, StrCmpNW, SHQueryInfoKeyW, SHCreateStreamOnFileW, -, -, -, -, -, -, PathIsPrefixW, -, StrCmpIW, PathParseIconLocationW, PathIsRootW, -, -, -, AssocQueryKeyW, PathStripPathW, ChrCmpIW, StrStrIW, -

SHELL32.dll: -, -, -, SHGetPropertyStoreForWindow, -, -, SHGetStockIconInfo, -, -, -, -, -, -, -, -, -, Shell_GetCachedImageIndexW, -, -, -, SHGetLocalizedName, SHCreateDataObject, -, -, -, -, -, -, SHCreateShellItemArrayFromShellItem, SHGetKnownFolderPath, SHCreateShellItemArrayFromIDLists, -, -, SHBindToFolderIDListParentEx, SHGetFileInfoW, -, SHCreateItemWithParent, -, -, -, -, -, SHGetFolderLocation, -, SHParseDisplayName, SHGetSpecialFolderPathW, -, ShellExecuteExW, SHGetKnownFolderIDList, SHBindToObject, -, -, -, -, -, -, -, -, -, -, -, SHGetNameFromIDList, SHCreateShellItem, -, -, -, -, -, -, -, -, -, -, SHGetPathFromIDListW, ShellExecuteW, SHEnableServiceObject, -, SHGetIDListFromObject, -, SHChangeNotifyRegisterThread, -, -, -, -, SHUpdateRecycleBinIcon, -, -, SHCreateItemFromIDList, -, -, SHFileOperationW, SHGetFolderPathEx, -, -, -, -, -, SHGetPathFromIDListA, SHGetFolderPathW, SHBindToParent, -, SHAddToRecentDocs, Shell_NotifyIconW, Shell_NotifyIconGetRect, ExtractIconExW, SHEvaluateSystemCommandTemplate, SHChangeNotify, SHCreateItemFromParsingName, -, DragQueryFileW, -, -, SHGetSpecialFolderLocation, SHBindToFolderIDListParent

ole32.dll: OleInitialize, StringFromGUID2, CoRegisterMessageFilter, RegisterDragDrop, RevokeDragDrop, OleUninitialize, CoRevokeClassObject, CoCreateFreeThreadedMarshaler, CreateBindCtx, PropVariantClear, ReleaseStgMedium, CoInitializeEx, CreateStreamOnHGlobal, CoRegisterClassObject, CoCreateInstance, CoTaskMemFree, CoGetInterfaceAndReleaseStream, CoMarshalInterThreadInterfaceInStream, CoUninitialize, CoInitialize, CoGetMalloc, CoTaskMemAlloc, CLSIDFromString, CoFreeUnusedLibraries

OLEAUT32.dll: -, -, -, -, -, -

EXPLORERFRAME.dll: -, -

UxTheme.dll: DrawThemeTextEx, IsCompositionActive, IsAppThemed, GetThemeMetric, CloseThemeData, OpenThemeData, SetWindowTheme, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, DrawThemeParentBackground, GetWindowTheme, GetThemePartSize, GetThemeBackgroundContentRect, EndBufferedPaint, GetThemeMargins, BeginBufferedPaint, BufferedPaintInit, BufferedPaintUnInit, IsThemeActive, -, GetThemeRect, IsThemePartDefined, GetThemeBackgroundRegion, GetThemeColor, GetThemeBool, DrawThemeIcon, GetBufferedPaintBits, BufferedPaintClear, GetThemeBackgroundExtent

POWRPROF.dll: CallNtPowerInformation, GetPwrCapabilities, PowerDeterminePlatformRole

dwmapi.dll: -, -, DwmEnableBlurBehindWindow, DwmIsCompositionEnabled, DwmSetWindowAttribute, -, DwmQueryThumbnailSourceSize, DwmUnregisterThumbnail, DwmUpdateThumbnailProperties, -, -

slc.dll: SLGetWindowsInformationDWORD

gdiplus.dll: GdipAlloc, GdiplusStartup, GdiplusShutdown, GdipFree, GdipDeleteGraphics, GdipDisposeImage, GdipGetImageWidth, GdipGetImageHeight, GdipCreateBitmapFromHBITMAP, GdipCreateFromHDC, GdipSetCompositingMode, GdipSetInterpolationMode, GdipDrawImageRectI, GdipCloneImage

Secur32.dll: GetUserNameExW

RPCRT4.dll: RpcBindingFree, RpcBindingSetAuthInfoExW, RpcStringFreeW, RpcBindingFromStringBindingW, RpcStringBindingComposeW, I_RpcExceptionFilter, NdrClientCall2

PROPSYS.dll: PropVariantToUInt32, PropVariantToStringAlloc, PropVariantToUInt64, PropVariantToBoolean, VariantToStringAlloc, VariantToStringWithDefault, PropVariantToString, VariantToBooleanWithDefault, VariantToInt32WithDefault, PSCreateMemoryPropertyStore, PropVariantToInt64

Link to post
Share on other sites

ok so I did the System File checker, and it said that it found the corrupted files then was able to repair them. I tried pulling up the log anyways even though you didn't ask for it, but for some reason it didn't work. But I just went ahead and restarted the computer anyways, so that the repairs could take effect. But then I tried firefox again and a google search, and the same thing happened~~it redircted me to another site then a 'security warning' popped up and and everything. Man this thing won't go away!

Link to post
Share on other sites

Can you please rerun Combofix, but before doing so, run TFC:

TFC

--------

Download TFC by OldTimer to your desktop.

(TFC only cleans temp folders. It will not clean URL history, prefetch, or cookies).

Close any open windows.

  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job.

Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean

NOTE:

It's normal after running TFC cleaner that the PC will be slower to boot the first time.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.