Jump to content

trojan.dnschanger virus


structure

Recommended Posts

Hi, I seem to have gotten the trojan.dnschanger virus from some website. First started by shutting firefox down immediately, which caused some kind of error to be reported (over the net I guess). The next error I got was a system spooler app shutdown (however no printer is connected). I also attempted to run windows update, which resulted in some errors, and did not seem to install properly. I was unable to run malwayrebytes, but after changing the file name it seemed to run. I did a FULL scan which found (and removed) 4 infections of the trojan.dnschanger. I also ran AVG prior to malware (because it would not run) and found and quarantined a infection.

I attempted to reset my router because I read that this trojan can infect that. My router is however connected to another computer and everything on that computer seems to run fine. I reset it anyway.

I am now getting a windows system process wont start error when I turn my wireless internet off. Also, my firefox webbrowser is still being redirected to random spam websites. I have since run the malware scan again multiple times and it is not finding anything.

Below is my hijackthis.log, any help would be much appreciated.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:08:43 AM, on 9/30/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18943)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Mike Stuff\iTunes\iTunesHelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Mike Stuff\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Mike Stuff\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Mike Stuff\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [nifezozegi] Rundll32.exe "C:\Windows\system32\jumukuti.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1720092644-1806278224-2529524551-1002\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Mike Stuff\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: QuickSet.lnk = ?

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Vostro 1500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Vostro 1500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Mike Stuff\Poker\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Vostro 1500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Vostro 1500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)

O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)

O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)

O13 - Gopher Prefix:

O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Mike Stuff\TeamViewer\TeamViewer3\TeamViewer_Host.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9814 bytes

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

All scans were done offline.

Windows error "Host process for windows services stopped working and was closed" keeps popping up.

OTL scan results:

OTL logfile created on: 9/30/2010 12:05:17 PM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Vostro 1500\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69.92 Gb Total Space | 8.36 Gb Free Space | 11.95% Space Free | Partition Type: NTFS

Drive D: | 2.00 Gb Total Space | 1.39 Gb Free Space | 69.59% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: VOSTRO1500-PC

Current User Name: Vostro 1500

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/30 09:44:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Vostro 1500\Desktop\OTL.exe

PRC - [2010/09/23 08:37:44 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/07/21 09:50:01 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe

PRC - [2010/07/16 09:31:27 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe

PRC - [2010/07/16 09:31:24 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2010/07/16 09:31:21 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2010/07/16 09:30:37 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2010/07/16 09:30:36 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/04/11 01:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe

PRC - [2008/09/19 08:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe

PRC - [2008/09/19 04:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe

PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Mike Stuff\Logitech\SetPoint\SetPoint.exe

PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

PRC - [2008/04/23 03:38:16 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

PRC - [2008/01/19 02:33:35 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe

PRC - [2007/12/06 08:06:54 | 000,090,112 | ---- | M] () -- C:\Mike Stuff\TeamViewer\TeamViewer3\TeamViewer_Host.exe

PRC - [2007/09/14 00:05:40 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2007/06/27 05:17:02 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

PRC - [2007/06/27 05:17:00 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe

PRC - [2007/04/27 08:34:18 | 001,123,872 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe

PRC - [2007/04/16 16:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe

PRC - [2006/11/05 11:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

PRC - [2006/11/05 10:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe

PRC - [2006/10/03 11:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

========== Modules (SafeList) ==========

MOD - [2010/09/30 09:44:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Vostro 1500\Desktop\OTL.exe

MOD - [2009/10/30 03:28:33 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985

d\msvcr80.dll

MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

MOD - [2008/05/02 03:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Mike Stuff\Logitech\SetPoint\lgscroll.dll

MOD - [2008/01/19 02:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/07/21 09:50:01 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)

SRV - [2010/07/16 09:31:21 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2008/09/19 04:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)

SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/12/06 08:06:54 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Mike Stuff\TeamViewer\TeamViewer3\TeamViewer_Host.exe -- (TeamViewer)

SRV - [2007/06/27 05:17:00 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2010/07/16 09:31:26 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2010/07/16 09:30:37 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010/06/02 09:05:59 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2007/09/04 15:25:34 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2007/09/04 15:25:34 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2007/09/04 15:25:34 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2007/06/27 05:17:04 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2007/06/25 04:13:14 | 007,110,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007/06/04 00:21:04 | 000,182,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2007/05/11 01:40:28 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2007/05/09 07:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/05/09 07:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/05/09 07:46:08 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/05/09 06:22:56 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)

DRV - [2007/04/29 00:24:30 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/04/29 00:24:28 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)

DRV - [2007/04/29 00:24:28 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)

DRV - [2007/04/29 00:24:28 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)

DRV - [2007/03/21 14:33:46 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)

DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2006/06/30 01:53:44 | 000,003,712 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LBeepKE.sys -- (LBeepKE)

DRV - [2006/05/10 10:56:54 | 000,027,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidKE.Sys -- (LHidKe)

DRV - [2006/05/10 10:56:50 | 000,071,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMOUKE.sys -- (LMouKE)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1720092644-1806278224-2529524551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig

IE - HKU\S-1-5-21-1720092644-1806278224-2529524551-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1720092644-1806278224-2529524551-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-21-1720092644-1806278224-2529524551-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-21-1720092644-1806278224-2529524551-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://news.google.com/nwshp?hl=en&tab=wn"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/23 08:39:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Mike Stuff\Firefox\components [2010/09/30 00:03:04 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Mike Stuff\Firefox\plugins [2010/09/17 08:24:59 | 000,000,000 | ---D | M]

[2008/09/16 07:50:27 | 000,000,000 | ---D | M] -- C:\Users\Vostro 1500\AppData\Roaming\mozilla\Extensions

[2010/09/29 20:19:51 | 000,000,000 | ---D | M] -- C:\Users\Vostro 1500\AppData\Roaming\mozilla\Firefox\Profiles\sgda8bz8.default\extensions

[2010/04/26 19:48:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Vostro 1500\AppData\Roaming\mozilla\Firefox\Profiles\sgda8bz8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-1720092644-1806278224-2529524551-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )

O4 - HKLM..\Run: [iSUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\.DEFAULT..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\S-1-5-18..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\S-1-5-19..\Run: [nifezozegi] C:\Windows\System32\jumukuti.DLL File not found

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [nifezozegi] C:\Windows\System32\jumukuti.DLL File not found

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1720092644-1806278224-2529524551-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\S-1-5-21-1720092644-1806278224-2529524551-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1720092644-1806278224-2529524551-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O9 - Extra Button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Vostro 1500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()

O9 - Extra 'Tools' menuitem : Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Vostro 1500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Mike Stuff\Poker\PokerStars\PokerStarsUpdate.exe (PokerStars)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1720092644-1806278224-2529524551-1000\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)

O16 - DPF: ActiveGS.cab http://www.virtualapple.org/activegs.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Vostro 1500\Pictures\walpaper\palawan-island-wallpapers_13328_1280x1024.jpg

O24 - Desktop BackupWallPaper: C:\Users\Vostro 1500\Pictures\walpaper\palawan-island-wallpapers_13328_1280x1024.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/30 11:37:57 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Vostro 1500\Desktop\HJTInstall.exe

[2010/09/30 11:37:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Vostro 1500\Desktop\OTL.exe

[2010/09/30 01:32:07 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/09/06 18:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/09/01 22:26:52 | 000,000,000 | ---D | C] -- C:\Users\Vostro 1500\Desktop\new

[2010/08/12 22:56:26 | 000,000,000 | ---D | C] -- C:\Users\Vostro 1500\AppData\Roaming\HEM Data

[2010/08/04 10:48:07 | 000,000,000 | ---D | C] -- C:\Users\Vostro 1500\AppData\Roaming\gtk-2.0

[2010/08/04 10:42:35 | 000,000,000 | ---D | C] -- C:\Users\Vostro 1500\AppData\Roaming\.purple

[2010/08/02 11:01:27 | 000,000,000 | ---D | C] -- C:\Users\Vostro 1500\AppData\Roaming\DivX

[2010/07/28 01:52:06 | 000,000,000 | ---D | C] -- C:\Users\Vostro 1500\Documents\StarCraft II

[2010/07/28 01:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment

[2010/07/27 21:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment

[2010/07/16 09:31:24 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

[2010/07/13 00:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/07/05 16:29:25 | 000,000,000 | ---D | C] -- C:\Users\Vostro 1500\Desktop\cornhole

[2009/10/25 19:58:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Vostro 1500\AppData\Roaming\pcouffin.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/30 12:08:13 | 002,883,584 | -HS- | M] () -- C:\Users\Vostro 1500\NTUSER.DAT

[2010/09/30 12:08:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/09/30 12:07:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/30 12:06:12 | 000,241,423 | ---- | M] () -- C:\Users\Vostro 1500\AppData\Roaming\nvModes.001

[2010/09/30 12:03:54 | 000,002,485 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk

[2010/09/30 12:03:42 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/30 12:03:42 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/30 12:03:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/30 12:03:00 | 2145,583,104 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/30 12:02:24 | 000,524,288 | -HS- | M] () -- C:\Users\Vostro 1500\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms

[2010/09/30 12:02:24 | 000,065,536 | -HS- | M] () -- C:\Users\Vostro 1500\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf

[2010/09/30 12:01:45 | 002,592,697 | -H-- | M] () -- C:\Users\Vostro 1500\AppData\Local\IconCache.db

[2010/09/30 10:25:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/09/30 09:45:15 | 000,133,632 | ---- | M] () -- C:\Users\Vostro 1500\Desktop\RKUnhookerLE.EXE

[2010/09/30 09:44:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Vostro 1500\Desktop\OTL.exe

[2010/09/30 08:35:42 | 065,481,338 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2010/09/30 08:08:17 | 000,001,602 | ---- | M] () -- C:\Users\Vostro 1500\Desktop\HijackThis.lnk

[2010/09/30 06:53:00 | 000,000,750 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/30 01:51:38 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Vostro 1500\Desktop\HJTInstall.exe

[2010/09/30 01:31:51 | 257,047,581 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/09/30 00:18:11 | 000,241,423 | ---- | M] () -- C:\Users\Vostro 1500\AppData\Roaming\nvModes.dat

[2010/09/29 23:08:31 | 000,001,682 | ---- | M] () -- C:\Users\Vostro 1500\Desktop\Cake Poker.lnk

[2010/09/29 08:01:10 | 000,002,581 | ---- | M] () -- C:\Users\Vostro 1500\Desktop\Shortcut to HoldemManager.exe.lnk

[2010/09/29 08:00:29 | 000,002,713 | ---- | M] () -- C:\Users\Vostro 1500\Desktop\TableNinja.lnk

[2010/09/28 02:42:15 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat

[2010/09/27 23:45:12 | 000,002,319 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2010/09/19 23:18:48 | 000,040,448 | ---- | M] () -- C:\Users\Vostro 1500\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/07 00:45:30 | 075,673,604 | ---- | M] () -- C:\Users\Vostro 1500\Desktop\capture-2.mp4

[2010/09/07 00:28:56 | 049,026,341 | ---- | M] () -- C:\Users\Vostro 1500\Desktop\session 2.mp4

[2010/09/06 18:42:24 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/08/31 20:46:40 | 046,619,750 | ---- | M] () -- C:\Users\Vostro 1500\Desktop\short session.mp4

[2010/08/30 10:30:29 | 000,103,759 | ---- | M] () -- C:\Untitled.wma

[2010/08/25 19:15:53 | 000,001,587 | ---- | M] () -- C:\Users\Vostro 1500\Application Data\Microsoft\Internet Explorer\Quick Launch\Full Tilt Poker - Copy.lnk

[2010/08/24 04:40:16 | 000,002,660 | ---- | M] () -- C:\Users\Vostro 1500\popopopPreferences.xml

[2010/08/23 20:29:32 | 000,008,268 | ---- | M] () -- C:\Users\Vostro 1500\AppData\Local\d3d9caps.dat

[2010/08/14 23:07:39 | 000,001,846 | ---- | M] () -- C:\Users\Vostro 1500\Desktop\Universal Replayer.lnk

[2010/08/13 01:22:12 | 000,329,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/08/09 18:00:46 | 000,002,707 | ---- | M] () -- C:\Users\Vostro 1500\Desktop\TableNinjaFT.lnk

[2010/08/09 12:58:44 | 000,001,870 | ---- | M] () -- C:\Users\Vostro 1500\Desktop\Trillian.lnk

[2010/08/04 13:07:10 | 000,000,218 | ---- | M] () -- C:\Users\Vostro 1500\.recently-used.xbel

[2010/08/04 10:42:00 | 000,000,673 | ---- | M] () -- C:\Users\Public\Desktop\Pidgin.lnk

[2010/08/04 10:16:27 | 000,000,357 | -H-- | M] () -- C:\IPH.PH

[2010/07/28 03:23:31 | 000,000,104 | ---- | M] () -- C:\Users\Vostro 1500\Desktop\Recycle Bin - Shortcut.lnk

[2010/07/28 02:17:44 | 000,000,697 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk

[2010/07/17 15:56:40 | 000,012,532 | ---- | M] () -- C:\Users\Vostro 1500\Documents\NEW Michael_Komarek's_resume.doc

[2010/07/16 09:31:26 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys

[2010/07/16 09:31:24 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

[2010/07/16 09:30:37 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/30 11:37:57 | 000,133,632 | ---- | C] () -- C:\Users\Vostro 1500\Desktop\RKUnhookerLE.EXE

[2010/09/30 08:08:17 | 000,001,602 | ---- | C] () -- C:\Users\Vostro 1500\Desktop\HijackThis.lnk

[2010/09/30 01:36:01 | 2145,583,104 | -HS- | C] () -- C:\hiberfil.sys

[2010/09/30 01:31:51 | 257,047,581 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010/09/28 02:42:15 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2010/09/07 00:44:41 | 075,673,604 | ---- | C] () -- C:\Users\Vostro 1500\Desktop\capture-2.mp4

[2010/09/07 00:28:37 | 049,026,341 | ---- | C] () -- C:\Users\Vostro 1500\Desktop\session 2.mp4

[2010/09/06 18:42:24 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/08/31 16:51:08 | 046,619,750 | ---- | C] () -- C:\Users\Vostro 1500\Desktop\short session.mp4

[2010/08/30 10:30:29 | 000,103,759 | ---- | C] () -- C:\Untitled.wma

[2010/08/25 19:15:53 | 000,001,587 | ---- | C] () -- C:\Users\Vostro 1500\Application Data\Microsoft\Internet Explorer\Quick Launch\Full Tilt Poker - Copy.lnk

[2010/08/14 23:07:40 | 000,002,660 | ---- | C] () -- C:\Users\Vostro 1500\popopopPreferences.xml

[2010/08/14 23:07:39 | 000,001,846 | ---- | C] () -- C:\Users\Vostro 1500\Desktop\Universal Replayer.lnk

[2010/08/04 13:07:10 | 000,000,218 | ---- | C] () -- C:\Users\Vostro 1500\.recently-used.xbel

[2010/08/04 10:42:00 | 000,000,673 | ---- | C] () -- C:\Users\Public\Desktop\Pidgin.lnk

[2010/08/04 10:14:51 | 000,000,357 | -H-- | C] () -- C:\IPH.PH

[2010/07/28 03:23:31 | 000,000,104 | ---- | C] () -- C:\Users\Vostro 1500\Desktop\Recycle Bin - Shortcut.lnk

[2010/07/28 01:52:06 | 000,000,697 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk

[2010/07/17 15:56:15 | 000,012,532 | ---- | C] () -- C:\Users\Vostro 1500\Documents\NEW Michael_Komarek's_resume.doc

[2010/04/26 23:39:14 | 000,005,077 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf

[2010/02/09 15:18:56 | 000,000,045 | ---- | C] () -- C:\Users\Vostro 1500\AppData\Local\machpro.dat

[2009/10/25 19:58:59 | 000,000,034 | ---- | C] () -- C:\Users\Vostro 1500\AppData\Roaming\pcouffin.log

[2009/10/25 19:58:09 | 000,087,608 | ---- | C] () -- C:\Users\Vostro 1500\AppData\Roaming\inst.exe

[2009/10/25 19:58:09 | 000,007,887 | ---- | C] () -- C:\Users\Vostro 1500\AppData\Roaming\pcouffin.cat

[2009/10/25 19:58:09 | 000,001,144 | ---- | C] () -- C:\Users\Vostro 1500\AppData\Roaming\pcouffin.inf

[2009/08/10 19:44:28 | 000,000,760 | ---- | C] () -- C:\Users\Vostro 1500\AppData\Roaming\setup_ldm.iss

[2009/06/16 18:39:09 | 000,005,028 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda

[2009/06/03 17:35:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/04/26 04:09:22 | 000,000,526 | ---- | C] () -- C:\Users\Vostro 1500\AppData\Local\.ipc_copyrecord

[2009/04/26 04:02:06 | 000,000,024 | ---- | C] () -- C:\Users\Vostro 1500\AppData\Local\84756-11986-27475-00TC1-94865

[2009/02/05 16:50:30 | 000,000,162 | ---- | C] () -- C:\Windows\QUICKEN.INI

[2009/02/03 12:48:44 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2008/11/26 15:26:07 | 001,590,840 | -HS- | C] () -- C:\Windows\System32\iruramuj.ini

[2008/07/21 22:14:40 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI

[2007/12/13 18:34:36 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat

[2007/10/03 03:15:27 | 000,000,000 | ---- | C] () -- C:\Windows\Realtime.INI

[2007/09/19 05:28:38 | 000,008,268 | ---- | C] () -- C:\Users\Vostro 1500\AppData\Local\d3d9caps.dat

[2007/09/15 20:49:37 | 000,000,570 | ---- | C] () -- C:\Users\Vostro 1500\AppData\Roaming\wklnhst.dat

[2007/09/13 19:26:26 | 000,241,423 | ---- | C] () -- C:\Users\Vostro 1500\AppData\Roaming\nvModes.001

[2007/09/13 18:06:32 | 000,241,423 | ---- | C] () -- C:\Users\Vostro 1500\AppData\Roaming\nvModes.dat

[2007/09/12 20:31:07 | 000,040,448 | ---- | C] () -- C:\Users\Vostro 1500\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/09/04 15:25:58 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2007/09/04 15:25:49 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007/09/04 07:41:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll

[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2010/08/09 12:54:18 | 000,000,000 | ---D | M] -- C:\Users\Vostro 1500\AppData\Roaming\.purple

[2007/09/18 23:41:32 | 000,000,000 | ---D | M] -- C:\Users\Vostro 1500\AppData\Roaming\Bioshock

[2010/08/04 10:48:07 | 000,000,000 | ---D | M] -- C:\Users\Vostro 1500\AppData\Roaming\gtk-2.0

[2010/09/27 18:30:59 | 000,000,000 | ---D | M] -- C:\Users\Vostro 1500\AppData\Roaming\HEM Data

[2007/12/22 17:48:09 | 000,000,000 | ---D | M] -- C:\Users\Vostro 1500\AppData\Roaming\iWin

[2009/08/04 18:14:39 | 000,000,000 | ---D | M] -- C:\Users\Vostro 1500\AppData\Roaming\KeePass

[2010/06/16 15:44:30 | 000,000,000 | ---D | M] -- C:\Users\Vostro 1500\AppData\Roaming\Leadertech

[2009/07/18 22:14:03 | 000,000,000 | ---D | M] -- C:\Users\Vostro 1500\AppData\Roaming\postgresql

[2009/10/06 00:34:17 | 000,000,000 | ---D | M] -- C:\Users\Vostro 1500\AppData\Roaming\RipIt4Me

[2010/04/18 21:10:31 | 000,000,000 | ---D | M] -- C:\Users\Vostro 1500\AppData\Roaming\rjxomsdem

[2007/12/13 18:41:21 | 000,000,000 | ---D | M] -- C:\Users\Vostro 1500\AppData\Roaming\TeamViewer

[2007/09/15 20:49:38 | 000,000,000 | ---D | M] -- C:\Users\Vostro 1500\AppData\Roaming\Template

[2010/09/10 19:21:41 | 000,000,000 | ---D | M] -- C:\Users\Vostro 1500\AppData\Roaming\uTorrent

[2009/10/25 19:58:59 | 000,000,000 | ---D | M] -- C:\Users\Vostro 1500\AppData\Roaming\Vso

[2010/09/30 12:06:56 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker:MID

@Alternate Data Stream - 76 bytes -> C:\Users\Vostro 1500\Documents\StarCraft II:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Vostro 1500\Documents\Quicken:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Vostro 1500\Documents\Quicken backup:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Vostro 1500\Documents\PcSetup:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Vostro 1500\Documents\New-Coupon.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Vostro 1500\Documents\DVDFab:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Vostro 1500\Documents\Camtasia Studio:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Vostro 1500\Desktop\Tournaments for new year:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Vostro 1500\Desktop\torrents:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Vostro 1500\Desktop\PowerHour:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Vostro 1500\Desktop\Poker Note files:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Vostro 1500\Desktop\poker excel:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Vostro 1500\Desktop\PLO Sample book:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Vostro 1500\Desktop\new:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Vostro 1500\Desktop\cornhole:Roxio EMC Stream

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:B0A96209

@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:089A7B08

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:1CFFB598

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8CEFE51A

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C05A8628

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:62E2D794

< End of report >

-----EXTRAS REPORT--------

OTL Extras logfile created on: 9/30/2010 12:05:17 PM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Vostro 1500\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69.92 Gb Total Space | 8.36 Gb Free Space | 11.95% Space Free | Partition Type: NTFS

Drive D: | 2.00 Gb Total Space | 1.39 Gb Free Space | 69.59% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: VOSTRO1500-PC

Current User Name: Vostro 1500

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1720092644-1806278224-2529524551-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Mike Stuff\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1720092644-1806278224-2529524551-1000]

"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0FD1E549-0F9A-46DE-8A59-78D80DCA7394}" = lport=445 | protocol=6 | dir=in | name=microsoft directory services |

"{140D01F3-833D-4974-8263-AC4C372C09BB}" = lport=10421 | protocol=17 | dir=in | name=singleclick discovery protocol |

"{26850C4C-F22E-4A31-8D28-DA27E91A9C95}" = lport=137 | protocol=17 | dir=in | name=netbios name service |

"{2E970527-FD67-4415-A1BF-90785F901D65}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |

"{4041A467-3C88-4EF4-B91C-7D2E234211BB}" = rport=139 | protocol=6 | dir=out | app=system |

"{65D08E93-1207-4439-A581-0E1BFCB356E7}" = lport=137 | protocol=17 | dir=in | app=system |

"{71D61EC8-BC0A-4768-AEBA-6C5BFA0F4545}" = rport=137 | protocol=17 | dir=out | app=system |

"{7AF31DF6-F14C-43EC-B078-7A92489B4ABF}" = rport=138 | protocol=17 | dir=out | app=system |

"{8A506789-7F9B-41CD-A0DC-3602EDB52AB7}" = lport=138 | protocol=17 | dir=in | name=netbios datagram service |

"{AE0B82D7-08E5-44A7-B9E2-E824A6D5F8B3}" = lport=139 | protocol=6 | dir=in | app=system |

"{C68CBF3C-ED4C-411C-8031-9545411B4A77}" = lport=10426 | protocol=17 | dir=in | name=singleclick icc |

"{D98E7AC9-63FE-45C1-BAED-C1092545CAC2}" = rport=445 | protocol=6 | dir=out | app=system |

"{DA0D4334-1DEB-4A8D-B5AD-B9E5E29EADB0}" = lport=139 | protocol=6 | dir=in | name=netbios file/printer sharing |

"{DF786CAC-D0AF-405B-B9C8-B72EF75AC986}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |

"{E5316FDA-1C6C-4D85-9D0D-F3C8D1BE3C66}" = lport=138 | protocol=17 | dir=in | app=system |

"{FB3474C4-84AC-4AD3-B6BF-3D7F1B5CC962}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01BD4CE4-E540-4B6A-9E24-366FDEB1077B}" = protocol=17 | dir=in | app=c:\mike stuff\skype\phone\skype.exe |

"{0D6F43F3-2831-40E9-BA5C-C545E4BFB8D8}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{0DA4B3C1-9F0F-45ED-9CCF-C148DEF4A3EF}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |

"{1D5B9122-5683-4CFF-9694-F5E81952E19E}" = protocol=17 | dir=in | app=c:\users\vostro 1500\desktop\utorrent.exe |

"{1F02F64F-C1A5-4545-9487-DB74E44298D8}" = protocol=17 | dir=in | app=c:\program files\dell network assistant\ezi_hnm2.exe |

"{30ABB705-F513-4E22-88A9-AF4FD7259C87}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |

"{353D8624-D8EB-4204-B389-2FEA97905F49}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{3723BBF9-402C-4186-99B9-0A062B906FE3}" = protocol=17 | dir=in | app=c:\windows\system32\logonui.exe |

"{374FB04C-8A16-4110-84E9-9DFF7E49C534}" = protocol=17 | dir=in | app=c:\windows\asam.exe |

"{3C1E0AB1-25F5-461F-98DB-B6097FC1614E}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

"{43D044DF-B78E-48B9-AED0-5E085BE9DC48}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |

"{4451717A-87A9-47FA-9CDB-6A4959736980}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |

"{463DBB90-37CB-4E6E-9007-749AD269DE14}" = protocol=17 | dir=in | app=f:\my stuff\starcraft ii\versions\base15405\sc2.exe |

"{4AD1D23A-BC2D-43B0-9857-9E055F41293E}" = protocol=17 | dir=in | app=c:\mike stuff\utorrent\utorrent.exe |

"{4C21424B-AF47-4323-8411-423A89CCD53D}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |

"{51ED91B6-2D72-4599-B65E-79FD7361E546}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |

"{521E1F5F-B0FF-4D01-9617-8EFB4213B275}" = protocol=6 | dir=in | app=c:\mike stuff\utorrent\utorrent.exe |

"{5458CB17-AC80-4932-9F03-A15AB44DBDD8}" = protocol=17 | dir=in | app=c:\mike stuff\utorrent\utorrent.exe |

"{5A540678-CF06-4E38-BE08-CD75B6DED086}" = protocol=17 | dir=in | app=c:\mike stuff\utorrent\utorrent.exe |

"{5F653DC8-09A0-46C8-A4AC-78691955BC51}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |

"{6C3DEDDD-2C1A-451E-9B1F-9C4278C9AD60}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |

"{70270FE8-EC45-4663-AB41-A85E1FBF1C0A}" = protocol=6 | dir=in | app=c:\program files\dell network assistant\ezi_hnm2.exe |

"{76C75180-B2FF-4BC7-9999-C02FF4A3CD67}" = protocol=6 | dir=in | app=f:\my stuff\starcraft ii\versions\base15405\sc2.exe |

"{7CDE9EC1-7F91-4CFC-9B8C-83F9928B7101}" = protocol=17 | dir=in | app=c:\mike stuff\utorrent\utorrent.exe |

"{7D70EB11-6776-490F-800C-CF14222FE806}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |

"{7F4F4D33-F390-4842-9F3B-A062CCBA4B56}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |

"{84FD560E-7811-498F-8516-B4904E98A206}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{85F4E7BC-2AAB-4A1E-BAC8-9D5606F15BAE}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

"{86A11BAA-9ADC-4472-81C2-D5132F4F65F0}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |

"{87A9CDBF-75A5-4CAA-915F-92C8F760CFA7}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |

"{8D01F940-A70A-43A5-BF79-5FECA2249124}" = protocol=6 | dir=in | app=c:\mike stuff\utorrent\utorrent.exe |

"{94CC2122-EBD3-4849-90B9-0F7E1643EB93}" = dir=in | app=c:\mike stuff\itunes\itunes.exe |

"{99C3ABFB-723F-4F3A-9E61-2226651C0999}" = protocol=6 | dir=in | app=c:\windows\asam.exe |

"{A5DD0ACB-AFD4-472C-9A18-2EC49FBBB4D8}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |

"{AB033656-640C-4CFF-9F2F-8FC1ECFAC275}" = protocol=6 | dir=in | app=f:\my stuff\starcraft ii\starcraft ii.exe |

"{B7C7774A-8535-4DAA-AC41-45A9756F7099}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{B909E11D-7EED-46A5-8755-3B29035281DE}" = protocol=6 | dir=in | app=c:\users\vostro 1500\desktop\utorrent.exe |

"{BF311F2C-2623-4776-AD48-B8B90B0D27DD}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |

"{C98C3219-6F65-46FA-A17F-DECE7694CAF4}" = protocol=6 | dir=in | app=c:\windows\system32\logonui.exe |

"{CCCF894C-105A-4E20-923B-19C695AB31D0}" = protocol=6 | dir=in | app=c:\mike stuff\utorrent\utorrent.exe |

"{D0047FD6-5A9A-4FF2-AFD3-9A99B258736A}" = protocol=6 | dir=in | app=c:\users\vostro 1500\desktop\utorrent.exe |

"{D23FC974-5A88-4210-A69C-7A1DF91D3794}" = protocol=17 | dir=in | app=f:\my stuff\starcraft ii\starcraft ii.exe |

"{D87D601D-EC33-45B6-91E3-FCEB4F4128CF}" = dir=in | app=c:\mike stuff\skype\plugin manager\skypepm.exe |

"{DC57DA11-793A-4F94-9247-D176A6383AC6}" = protocol=17 | dir=in | app=c:\users\vostro 1500\desktop\utorrent.exe |

"{EBF3A0BC-949B-4141-8DEB-2B2252CAE7BE}" = protocol=6 | dir=in | app=c:\mike stuff\utorrent\utorrent.exe |

"{F92ED185-7CC2-4586-A274-36A7DE0C9E38}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |

"TCP Query User{30796FBE-5547-403C-B615-120A2B309468}C:\mike stuff\games\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\mike stuff\games\starcraft\starcraft.exe |

"TCP Query User{41AB7881-2017-4CB1-A9F6-FF1E743D4040}C:\users\vostro 1500\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\vostro 1500\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

"TCP Query User{623C9700-68F6-4D9D-8F6E-285DAEC40363}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{7035A5BF-CF01-4D4E-8EA4-C8ACA8B3C377}C:\mike stuff\gametap\bin\release\gametap.exe" = protocol=6 | dir=in | app=c:\mike stuff\gametap\bin\release\gametap.exe |

"TCP Query User{BC0D9DE4-CFC4-4179-B8A3-5A0E924B470D}C:\mike stuff\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\mike stuff\firefox\firefox.exe |

"TCP Query User{D2892008-F857-4A89-9A3C-912E51B450B9}C:\mike stuff\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\mike stuff\games\warcraft iii\war3.exe |

"UDP Query User{17B35BB7-95A5-4D19-8241-0DFCC465D28B}C:\mike stuff\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\mike stuff\games\warcraft iii\war3.exe |

"UDP Query User{6F4CCB7B-D53C-4A56-9937-442A4072DE82}C:\mike stuff\gametap\bin\release\gametap.exe" = protocol=17 | dir=in | app=c:\mike stuff\gametap\bin\release\gametap.exe |

"UDP Query User{76A4FE3B-F739-4DFB-A1AF-605F5B94C8C6}C:\mike stuff\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\mike stuff\firefox\firefox.exe |

"UDP Query User{DE9F7ED7-7C4A-417C-9E02-411E126F845A}C:\mike stuff\games\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\mike stuff\games\starcraft\starcraft.exe |

"UDP Query User{ECF8A6C0-D39B-4FC2-AAB3-CEB51C63074A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{FDE396ED-40AE-48D5-B7F7-C3125BBE5899}C:\users\vostro 1500\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\vostro 1500\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java 6 Update 19

"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{33FF2328-8CE0-425E-AEDC-BEF9AED09153}" = Tourney Manager

"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EB3B7E8-1466-405A-B5BC-44513AF85E34}_is1" = UltimateBet

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater

"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{76B95614-082C-4A11-9F38-BDE036C005CF}" = Generate Full Tilt Summaries

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5

"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B307D9D-899A-4B51-A722-2A240D3C7748}" = Holdem Manager

"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup

"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs

"{CC65635F-3A3A-48CB-8976-A1F32ED1ECA4}" = TableNinja

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

Hi, unfortunately your system is infected with a nasty rootkit. Please read the following information first.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

yikes! thanks for your quick responses and help, it is more than appreciated.

I ran the TDSKILLER and it came back with 1 infection. I removed it and rebooted my computer. I will scan one more time with AVG and malwarebytes then attempt to reconnect to the internet and scan again tomorrow. Any thing else that I should do?

2010/09/30 13:43:03.0046 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/09/30 13:43:03.0046 ================================================================================

2010/09/30 13:43:03.0046 SystemInfo:

2010/09/30 13:43:03.0046

2010/09/30 13:43:03.0046 OS Version: 6.0.6002 ServicePack: 2.0

2010/09/30 13:43:03.0046 Product type: Workstation

2010/09/30 13:43:03.0046 ComputerName: VOSTRO1500-PC

2010/09/30 13:43:03.0046 UserName: Vostro 1500

2010/09/30 13:43:03.0046 Windows directory: C:\Windows

2010/09/30 13:43:03.0046 System windows directory: C:\Windows

2010/09/30 13:43:03.0046 Processor architecture: Intel x86

2010/09/30 13:43:03.0046 Number of processors: 2

2010/09/30 13:43:03.0046 Page size: 0x1000

2010/09/30 13:43:03.0046 Boot type: Normal boot

2010/09/30 13:43:03.0046 ================================================================================

2010/09/30 13:43:03.0560 Initialize success

2010/09/30 13:43:14.0153 Deinitialize success

2010/09/30 13:43:19.0316 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/09/30 13:43:19.0316 ================================================================================

2010/09/30 13:43:19.0316 SystemInfo:

2010/09/30 13:43:19.0316

2010/09/30 13:43:19.0316 OS Version: 6.0.6002 ServicePack: 2.0

2010/09/30 13:43:19.0316 Product type: Workstation

2010/09/30 13:43:19.0316 ComputerName: VOSTRO1500-PC

2010/09/30 13:43:19.0316 UserName: Vostro 1500

2010/09/30 13:43:19.0316 Windows directory: C:\Windows

2010/09/30 13:43:19.0316 System windows directory: C:\Windows

2010/09/30 13:43:19.0316 Processor architecture: Intel x86

2010/09/30 13:43:19.0316 Number of processors: 2

2010/09/30 13:43:19.0316 Page size: 0x1000

2010/09/30 13:43:19.0316 Boot type: Normal boot

2010/09/30 13:43:19.0316 ================================================================================

2010/09/30 13:43:19.0769 Initialize success

2010/09/30 13:43:41.0921 ================================================================================

2010/09/30 13:43:41.0921 Scan started

2010/09/30 13:43:41.0921 Mode: Manual;

2010/09/30 13:43:41.0921 ================================================================================

2010/09/30 13:43:42.0498 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2010/09/30 13:43:42.0576 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2010/09/30 13:43:42.0638 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2010/09/30 13:43:42.0716 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2010/09/30 13:43:42.0763 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2010/09/30 13:43:42.0888 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

2010/09/30 13:43:42.0982 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys

2010/09/30 13:43:43.0060 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2010/09/30 13:43:43.0122 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys

2010/09/30 13:43:43.0184 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys

2010/09/30 13:43:43.0247 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys

2010/09/30 13:43:43.0325 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2010/09/30 13:43:43.0372 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2010/09/30 13:43:43.0465 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2010/09/30 13:43:43.0543 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2010/09/30 13:43:43.0590 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/09/30 13:43:43.0652 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2010/09/30 13:43:43.0824 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys

2010/09/30 13:43:43.0855 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\System32\Drivers\avgmfx86.sys

2010/09/30 13:43:43.0949 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\System32\Drivers\avgtdix.sys

2010/09/30 13:43:44.0042 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys

2010/09/30 13:43:44.0105 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys

2010/09/30 13:43:44.0183 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2010/09/30 13:43:44.0323 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2010/09/30 13:43:44.0417 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2010/09/30 13:43:44.0464 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2010/09/30 13:43:44.0573 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2010/09/30 13:43:44.0620 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2010/09/30 13:43:44.0651 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2010/09/30 13:43:44.0713 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2010/09/30 13:43:44.0791 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2010/09/30 13:43:44.0916 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/09/30 13:43:44.0978 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2010/09/30 13:43:45.0072 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2010/09/30 13:43:45.0150 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2010/09/30 13:43:45.0275 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/09/30 13:43:45.0353 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys

2010/09/30 13:43:45.0400 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2010/09/30 13:43:45.0431 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2010/09/30 13:43:45.0462 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2010/09/30 13:43:45.0540 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

2010/09/30 13:43:45.0618 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2010/09/30 13:43:45.0758 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2010/09/30 13:43:45.0852 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys

2010/09/30 13:43:45.0961 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys

2010/09/30 13:43:46.0039 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2010/09/30 13:43:46.0148 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2010/09/30 13:43:46.0226 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2010/09/30 13:43:46.0351 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2010/09/30 13:43:46.0414 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2010/09/30 13:43:46.0460 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2010/09/30 13:43:46.0538 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2010/09/30 13:43:46.0585 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2010/09/30 13:43:46.0663 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/09/30 13:43:46.0741 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2010/09/30 13:43:46.0835 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2010/09/30 13:43:46.0897 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2010/09/30 13:43:46.0960 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2010/09/30 13:43:47.0069 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/09/30 13:43:47.0116 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2010/09/30 13:43:47.0147 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2010/09/30 13:43:47.0225 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2010/09/30 13:43:47.0303 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2010/09/30 13:43:47.0428 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys

2010/09/30 13:43:47.0552 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

2010/09/30 13:43:47.0630 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys

2010/09/30 13:43:47.0693 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2010/09/30 13:43:47.0740 i8042prt (df736b10e72221e0cfbeafbd4c40cd9d) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/09/30 13:43:47.0740 Suspicious file (Forged): C:\Windows\system32\DRIVERS\i8042prt.sys. Real md5: df736b10e72221e0cfbeafbd4c40cd9d, Fake md5: 22d56c8184586b7a1f6fa60be5f5a2bd

2010/09/30 13:43:47.0755 i8042prt - detected Rootkit.Win32.TDSS.tdl3 (0)

2010/09/30 13:43:47.0786 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys

2010/09/30 13:43:47.0849 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2010/09/30 13:43:47.0927 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2010/09/30 13:43:47.0974 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys

2010/09/30 13:43:48.0036 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2010/09/30 13:43:48.0130 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/09/30 13:43:48.0286 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2010/09/30 13:43:48.0332 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2010/09/30 13:43:48.0442 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2010/09/30 13:43:48.0520 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys

2010/09/30 13:43:48.0566 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/09/30 13:43:48.0613 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2010/09/30 13:43:48.0691 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2010/09/30 13:43:48.0754 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/09/30 13:43:48.0800 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/09/30 13:43:48.0910 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2010/09/30 13:43:49.0003 LBeepKE (ac3b39817bfde9735f5654468dbf7d49) C:\Windows\system32\Drivers\LBeepKE.sys

2010/09/30 13:43:49.0128 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys

2010/09/30 13:43:49.0175 LHidKe (dd40c03d85649205ec086722474c8a63) C:\Windows\system32\DRIVERS\LHidKE.Sys

2010/09/30 13:43:49.0253 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/09/30 13:43:49.0331 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys

2010/09/30 13:43:49.0393 LMouKE (2ebd4c02d259944869630a912ec86bce) C:\Windows\system32\DRIVERS\LMouKE.Sys

2010/09/30 13:43:49.0440 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2010/09/30 13:43:49.0487 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2010/09/30 13:43:49.0549 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2010/09/30 13:43:49.0612 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2010/09/30 13:43:49.0658 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2010/09/30 13:43:49.0721 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2010/09/30 13:43:49.0799 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2010/09/30 13:43:49.0924 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2010/09/30 13:43:50.0017 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2010/09/30 13:43:50.0064 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2010/09/30 13:43:50.0126 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2010/09/30 13:43:50.0236 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2010/09/30 13:43:50.0282 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2010/09/30 13:43:50.0407 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2010/09/30 13:43:50.0470 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2010/09/30 13:43:50.0563 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/09/30 13:43:50.0626 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/09/30 13:43:50.0704 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/09/30 13:43:50.0750 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys

2010/09/30 13:43:50.0813 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2010/09/30 13:43:50.0938 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2010/09/30 13:43:51.0016 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2010/09/30 13:43:51.0140 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2010/09/30 13:43:51.0187 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/09/30 13:43:51.0312 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2010/09/30 13:43:51.0390 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2010/09/30 13:43:51.0484 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/09/30 13:43:51.0546 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2010/09/30 13:43:51.0608 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2010/09/30 13:43:51.0702 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2010/09/30 13:43:51.0796 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2010/09/30 13:43:51.0874 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/09/30 13:43:51.0936 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/09/30 13:43:51.0998 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/09/30 13:43:52.0061 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2010/09/30 13:43:52.0139 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2010/09/30 13:43:52.0186 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2010/09/30 13:43:52.0279 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2010/09/30 13:43:52.0326 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2010/09/30 13:43:52.0388 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2010/09/30 13:43:52.0482 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2010/09/30 13:43:52.0544 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2010/09/30 13:43:52.0591 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2010/09/30 13:43:52.0856 nvlddmkm (1e4292406ebb5224cb1124fbd272ade3) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/09/30 13:43:53.0153 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2010/09/30 13:43:53.0184 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2010/09/30 13:43:53.0215 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys

2010/09/30 13:43:53.0356 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/09/30 13:43:53.0418 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2010/09/30 13:43:53.0480 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2010/09/30 13:43:53.0512 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2010/09/30 13:43:53.0590 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2010/09/30 13:43:53.0636 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

2010/09/30 13:43:53.0699 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2010/09/30 13:43:53.0777 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys

2010/09/30 13:43:53.0902 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2010/09/30 13:43:54.0151 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2010/09/30 13:43:54.0229 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2010/09/30 13:43:54.0354 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2010/09/30 13:43:54.0416 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys

2010/09/30 13:43:54.0541 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2010/09/30 13:43:54.0635 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2010/09/30 13:43:54.0682 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2010/09/30 13:43:54.0806 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/09/30 13:43:54.0931 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2010/09/30 13:43:54.0978 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/09/30 13:43:55.0056 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/09/30 13:43:55.0103 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2010/09/30 13:43:55.0181 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2010/09/30 13:43:55.0243 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/09/30 13:43:55.0306 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys

2010/09/30 13:43:55.0384 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2010/09/30 13:43:55.0446 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2010/09/30 13:43:55.0524 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys

2010/09/30 13:43:55.0586 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys

2010/09/30 13:43:55.0602 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys

2010/09/30 13:43:55.0711 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2010/09/30 13:43:55.0789 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2010/09/30 13:43:55.0898 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

2010/09/30 13:43:55.0945 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/09/30 13:43:55.0992 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2010/09/30 13:43:56.0039 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2010/09/30 13:43:56.0117 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2010/09/30 13:43:56.0210 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/09/30 13:43:56.0273 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys

2010/09/30 13:43:56.0320 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/09/30 13:43:56.0382 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2010/09/30 13:43:56.0429 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys

2010/09/30 13:43:56.0476 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2010/09/30 13:43:56.0538 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2010/09/30 13:43:56.0616 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2010/09/30 13:43:56.0710 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2010/09/30 13:43:56.0756 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys

2010/09/30 13:43:56.0819 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys

2010/09/30 13:43:56.0881 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys

2010/09/30 13:43:56.0990 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys

2010/09/30 13:43:57.0084 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2010/09/30 13:43:57.0131 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2010/09/30 13:43:57.0162 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2010/09/30 13:43:57.0193 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2010/09/30 13:43:57.0256 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys

2010/09/30 13:43:57.0349 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys

2010/09/30 13:43:57.0458 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys

2010/09/30 13:43:57.0521 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2010/09/30 13:43:57.0599 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2010/09/30 13:43:57.0677 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2010/09/30 13:43:57.0739 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2010/09/30 13:43:57.0833 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2010/09/30 13:43:57.0942 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/09/30 13:43:58.0004 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2010/09/30 13:43:58.0082 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2010/09/30 13:43:58.0145 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2010/09/30 13:43:58.0223 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2010/09/30 13:43:58.0316 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys

2010/09/30 13:43:58.0410 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2010/09/30 13:43:58.0472 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2010/09/30 13:43:58.0566 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2010/09/30 13:43:58.0613 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2010/09/30 13:43:58.0675 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/09/30 13:43:58.0722 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2010/09/30 13:43:58.0816 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2010/09/30 13:43:58.0878 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2010/09/30 13:43:58.0925 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2010/09/30 13:43:58.0972 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

2010/09/30 13:43:59.0003 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/09/30 13:43:59.0081 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/09/30 13:43:59.0159 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/09/30 13:43:59.0206 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2010/09/30 13:43:59.0284 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys

2010/09/30 13:43:59.0330 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2010/09/30 13:43:59.0408 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys

2010/09/30 13:43:59.0502 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2010/09/30 13:43:59.0580 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2010/09/30 13:43:59.0642 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2010/09/30 13:43:59.0736 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2010/09/30 13:43:59.0783 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2010/09/30 13:43:59.0876 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/09/30 13:43:59.0892 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/09/30 13:43:59.0986 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2010/09/30 13:44:00.0048 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2010/09/30 13:44:00.0220 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2010/09/30 13:44:00.0391 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/09/30 13:44:00.0516 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/09/30 13:44:00.0656 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/09/30 13:44:00.0719 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

2010/09/30 13:44:00.0781 ================================================================================

2010/09/30 13:44:00.0781 Scan finished

2010/09/30 13:44:00.0781 ================================================================================

2010/09/30 13:44:00.0797 Detected object count: 1

2010/09/30 13:44:34.0243 i8042prt (df736b10e72221e0cfbeafbd4c40cd9d) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/09/30 13:44:34.0243 Suspicious file (Forged): C:\Windows\system32\DRIVERS\i8042prt.sys. Real md5: df736b10e72221e0cfbeafbd4c40cd9d, Fake md5: 22d56c8184586b7a1f6fa60be5f5a2bd

2010/09/30 13:44:38.0143 Backup copy not found, trying to cure infected file..

2010/09/30 13:44:38.0143 Cure success, using it..

2010/09/30 13:44:38.0174 C:\Windows\system32\DRIVERS\i8042prt.sys - will be cured after reboot

2010/09/30 13:44:38.0174 Rootkit.Win32.TDSS.tdl3(i8042prt) - User select action: Cure

2010/09/30 13:44:55.0366 Deinitialize success

Link to post
Share on other sites

First off, thanks again for all the help. You guys are great!

I have a few questions considering the severity of this virus. Hopefully you can answer a few of these questions for me.

Why did my anti-virus (AVG Free) not detect this before it was installed? I simply got this virus just by visiting a website (I don't think I actually installed anything) Also, why did I have to use an external malware remover rather than just malwarebytes?

My laptop was the computer infected connected to my router via wifi. I also have a desktop (which I have been using to post) that is connected to the internet via my router. My desktop seems to be fine and I have ran a few scans on it just to be sure but is there any way this virus could have possibly compromised my desktop? I thought I read that this specific virus can infect my router...?

Also, since my laptop can no longer be guaranteed to be 100% safe (as stated in your post) I am wondering what options I have to change that? Can you please explain why that is the case if I have removed the virus? Would you recommend formatting my harddrive or possibly resetting it to factory settings? Can you please link me to some instructions on how I can reformat?

Finally, how did you go come to the conclusion that I had a rootkit on my computer? Was there was a specific line or few in the results I posted? If this requires a long drawn response that I most likely wont understand no need to post a long response, I was just curious.

thanks

Link to post
Share on other sites

Hi, lets try to address all your questions. :)

First of all, this is a very common, but also very advanced rootkit. It is often "distributed" as drive-by download (which means you don't have to download anything, just visit the site, which typically has been hacked in order to unknowingly host the malware).

Unfortunately malware updates a lot faster than security products. AVG is not one of the top AV products, but its not very bad either. A security setup as you have, is adequate, but together with that it is very important to keep all software up to date and to have a safe surfing behavior. More information on all this in a later post.

While it can be quite easy to get infected, it often is a lot harder to get rid of the infection. Especially rootkits hide quite well, and this particular one starts when windows loads the drivers (in this case the Intel ps2 mouse port driver). Once the rootkit is active, it takes control and can cover its tracks.

For that reason we need special tools that are more powerful than regular applications. Typically the use of such tools is not recommended unsupervised because, together with the fact that the tool is more powerful, the risk of "something going wrong" increases, which can cause serious problems like a computer no longer booting at all. Would this have happened here, I would have been able to provide you with instructions to undo the damage.

This rootkit does not infect routers, nor does it spread using flash drives, but it keeps the way open for more company so it is hard to say what else is hiding there without further scanning.

This rootkit uses a backdoor to "phone home" and even now that the rootkit is removed, this backdoor remains (a vulnerability in the windows installation). this may or may not be exploited by future malware.

If you decide to reformat, I will provide you with additional instructions. :)

The following lines were a clear indication of a TDL3 rootkit infection:

!!!!!!!!!!!Hidden driver: 0x86512AEA ?_empty_? 1302 bytes

!!!!!!!!!!!Hidden driver: 0x86325F38 ?_empty_? 0 bytes

0x822AC000 WARNING: suspicious driver modification [iastor.sys::0x86512AEA]

Link to post
Share on other sites

Very informative post. Just to verify before I reconnect to the internet, based off my TSDKILLER results, does it appear that virus has been removed? Can I resume normal activity on my laptop (checking email, connecting to password protected sites, ect.?)?

Also, I would like to guarantee that my computer is 100% safe or at least as safe as possible. Is reformatting the best step to take? Can you please provide a short tutorial on how I can go about doing that.

Thanks

Link to post
Share on other sites

Hi, the rootkit is gone, but before resuming normal activities on this computer, I recommend you take the steps I posted earlier (changing password and so on from a known clean computer).

Also, I would be cautious before resuming normal activities and not do so unless necessary before you know that the computer is clean.

If you want to go through with the cleanup, just let me know and I'll post you additional steps.

If you're not sure how to reformat or need help with reformatting, please review:

These links include step-by-step instructions with screenshots:

Vista users can refer to these instructions:

Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.

Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media. If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead..

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.