Jump to content

Redirect problem and windows host process closing


Recommended Posts

Hi guys,

let me say thankyou in advance for any help and attention that will be provided on this website.

My computer seems to be infected, when running my browsers I am getting redirected to advert websites, the problem seemed to start about a week ago when i downloaded an adobe acrobat pro torrent (this maybe frowned upon but i am being honest for the sake of the problem). I have tried quite a few things to clean up my computer, i did remove a trojan with Hitman a few days ago but the problems still persist.

I am also getting this error which causes changes in my windows appearence.

'host process for windows services stopped working and was closed'

I have run an updated malwarebytes scan which hasn't helped the sutuation, i have run adaware, spybot, avira, CWShredder and IObit security and none of these have sorted things. I have included the results of my hijackthis scan below.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:34:24, on 07/12/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18975)

Boot mode: Normal

Running processes:

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Windows\PixArt\PAC7302\Monitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\WeFi\WeFi.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\Users\Lucy\Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: MessengerPlusLive UK TB Toolbar - {fcf7bd65-beb7-48cd-8d51-268eb6802e56} - C:\Program Files\MessengerPlusLive_UK_TB\tbMess.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: MessengerPlusLive UK TB Toolbar - {fcf7bd65-beb7-48cd-8d51-268eb6802e56} - C:\Program Files\MessengerPlusLive_UK_TB\tbMess.dll

O3 - Toolbar: MessengerPlusLive UK TB Toolbar - {fcf7bd65-beb7-48cd-8d51-268eb6802e56} - C:\Program Files\MessengerPlusLive_UK_TB\tbMess.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HYTHJVPC - Sysinternals - www.sysinternals.com - C:\Users\Lucy\AppData\Local\Temp\HYTHJVPC.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

O23 - Service: WeFi Engine Service (WefiEngSvc) - WeFi - C:\Program Files\WeFi\WefiEngSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

O23 - Service: XGOHX - Sysinternals - www.sysinternals.com - C:\Users\Lucy\AppData\Local\Temp\XGOHX.exe

--

End of file - 9057 bytes

Once again thankyou to anyone kind enough to offer me assistance, i bow to your knowledge.

matt

Link to post
Share on other sites

Hello mattiematmat

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Link to post
Share on other sites

Hi Kahdah, here is the extra information you requested;

OTL logfile created on: 07/12/2010 16:42:22 - Run 1OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Lucy\Documents

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 62.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 62.49 Gb Free Space | 26.83% Space Free | Partition Type: NTFS

Drive D: | 3.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LUCY-PC | User Name: Lucy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Lucy\Documents\OTL.exe (OldTimer Tools)

PRC - C:\Users\Lucy\Downloads\ftp68bbx.exe ()

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)

PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

PRC - C:\Program Files\IObit\IObit Security 360\is360tray.exe (IObit)

PRC - C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)

PRC - C:\Program Files\WeFi\WefiEngSvc.exe (WeFi)

PRC - C:\Program Files\WeFi\WeFi.exe (WeFi)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Windows\System32\WerFault.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Lucy\Documents\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (XGOHX) -- C:\Users\Lucy\AppData\Local\Temp\XGOHX.exe (Sysinternals - www.sysinternals.com)

SRV - (HYTHJVPC) -- C:\Users\Lucy\AppData\Local\Temp\HYTHJVPC.exe (Sysinternals - www.sysinternals.com)

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

SRV - (IS360service) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)

SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (WefiEngSvc) -- C:\Program Files\WeFi\WefiEngSvc.exe (WeFi)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (vsdatant7) -- C:\Windows\System32\drivers\vsdatant.win7.sys File not found

DRV - (UIUSys) -- C:\Windows\System32\DRIVERS\UIUSYS.SYS File not found

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (MEMSWEEP2) -- C:\Windows\System32\BBB0.tmp File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (catchme) -- C:\Users\Lucy\AppData\Local\Temp\catchme.sys File not found

DRV - (AFGSp50) -- C:\Windows\System32\Drivers\AFGSp50.sys File not found

DRV - (AFGMp50) -- C:\Windows\System32\Drivers\AFGMp50.sys File not found

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (RapportCerberus_19917) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys (Trusteer Ltd.)

DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)

DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)

DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys ()

DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)

DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)

DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys ()

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\..\URLSearchHook: {fcf7bd65-beb7-48cd-8d51-268eb6802e56} - C:\Program Files\MessengerPlusLive_UK_TB\tbMess.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\..\URLSearchHook: {fcf7bd65-beb7-48cd-8d51-268eb6802e56} - C:\Program Files\MessengerPlusLive_UK_TB\tbMess.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/05/01 02:02:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/01 22:15:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/01 22:15:14 | 000,000,000 | ---D | M]

[2010/12/01 22:15:49 | 000,000,000 | ---D | M] -- C:\Users\Lucy\AppData\Roaming\mozilla\Extensions

[2010/12/01 22:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/12/06 19:29:37 | 000,000,000 | ---D | M] -- C:\Users\Lucy\AppData\Roaming\mozilla\Firefox\Profiles\nhqfasru.default\extensions

[2010/12/02 07:47:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lucy\AppData\Roaming\mozilla\Firefox\Profiles\nhqfasru.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/12/01 22:15:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/12/01 22:15:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/05/30 06:50:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/16 12:04:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/11/26 21:20:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/10/27 06:13:43 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/10/27 06:13:43 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/10/27 06:13:43 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2006/10/26 19:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

[2010/09/23 14:42:24 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/09/18 09:24:11 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/09/18 09:24:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/09/18 09:24:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/09/18 09:24:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/09/18 09:24:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/09/18 09:24:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/09/18 09:24:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2010/08/13 08:12:34 | 000,035,136 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

[2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/10/27 05:24:34 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/10/27 05:24:34 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/10/27 05:24:34 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/10/27 05:24:34 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (MessengerPlusLive UK TB Toolbar) - {fcf7bd65-beb7-48cd-8d51-268eb6802e56} - C:\Program Files\MessengerPlusLive_UK_TB\tbMess.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (MessengerPlusLive UK TB Toolbar) - {fcf7bd65-beb7-48cd-8d51-268eb6802e56} - C:\Program Files\MessengerPlusLive_UK_TB\tbMess.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (MessengerPlusLive UK TB Toolbar) - {FCF7BD65-BEB7-48CD-8D51-268EB6802E56} - C:\Program Files\MessengerPlusLive_UK_TB\tbMess.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)

O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [software Informer] C:\Program Files\Software Informer\softinfo.exe File not found

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Lucy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Lucy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005/06/14 01:40:45 | 000,000,145 | R--- | M] () - D:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{09ded497-2c77-11df-aec5-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{09ded497-2c77-11df-aec5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup\rsrc\AUTORUN.EXE -- [2005/08/26 00:11:23 | 000,045,056 | R--- | M] ()

O33 - MountPoints2\{09ded497-2c77-11df-aec5-806e6f6e6963}\Shell\dinstall\command - "" = D:\DirectX\dxsetup.exe -- [2004/07/09 12:08:36 | 000,472,576 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{1c9f3fe8-560a-11df-83e3-001a80f3d432}\Shell - "" = AutoRun

O33 - MountPoints2\{1c9f3fe8-560a-11df-83e3-001a80f3d432}\Shell\AutoRun\command - "" = G:\AutoRunMorrowind.exe -- File not found

O33 - MountPoints2\{1c9f3fe8-560a-11df-83e3-001a80f3d432}\Shell\install\command - "" = G:\Setup.exe -- File not found

O33 - MountPoints2\{9731a090-cf8a-11df-a691-001a80f3d432}\Shell - "" = AutoRun

O33 - MountPoints2\{9731a090-cf8a-11df-a691-001a80f3d432}\Shell\AutoRun\command - "" = G:\Autoplay.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\NoAutoRun.exe -- File not found

O33 - MountPoints2\I\Shell - "" = AutoRun

O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\NoAutoRun.exe -- File not found

O33 - MountPoints2\J\Shell - "" = AutoRun

O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\NoAutoRun.exe -- File not found

O33 - MountPoints2\K\Shell - "" = AutoRun

O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\NoAutoRun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/07 16:41:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Lucy\Documents\OTL.exe

[2010/12/07 16:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2010/12/07 14:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/12/07 12:24:25 | 000,000,000 | ---D | C] -- C:\Users\Lucy\Desktop\GooredFix Backups

[2010/12/01 22:15:29 | 000,000,000 | ---D | C] -- C:\Users\Lucy\AppData\Roaming\Mozilla

[2010/12/01 19:22:52 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Lucy\Documents\HijackThis.exe

[2010/12/01 18:35:59 | 000,000,000 | ---D | C] -- C:\Users\Lucy\AppData\Roaming\IObit

[2010/12/01 18:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit

[2010/12/01 18:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\IObit

[2010/12/01 12:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2010/12/01 12:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5

[2010/12/01 11:34:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/12/01 11:34:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/12/01 11:34:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/12/01 11:34:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/12/01 11:34:02 | 000,000,000 | --SD | C] -- C:\ComboFix

[2010/12/01 11:33:36 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/12/01 11:33:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/11/27 20:36:04 | 000,000,000 | ---D | C] -- C:\Users\Lucy\Pavark

[2010/11/27 20:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2010/11/27 19:26:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/11/27 19:26:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/11/27 19:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/27 08:26:56 | 000,000,000 | ---D | C] -- C:\Users\Lucy\AppData\Local\Sunbelt Software

[2010/11/27 08:25:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}

[2010/11/26 21:20:15 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/11/26 21:20:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/11/26 21:20:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/11/22 21:00:30 | 000,000,000 | ---D | C] -- C:\Users\Lucy\AppData\Local\Real

[2010/11/22 09:42:13 | 000,028,248 | R--- | C] (Adobe Systems Incorporated.) -- C:\Windows\System32\AdobePDF.dll

[2010/11/17 20:11:30 | 000,000,000 | ---D | C] -- C:\Users\Lucy\Documents\My Chat Logs

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/07 16:41:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lucy\Documents\OTL.exe

[2010/12/07 16:33:44 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\WefiStartup.job

[2010/12/07 16:33:20 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/12/07 16:33:19 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/12/07 16:32:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/12/07 16:32:52 | 245,970,417 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/12/07 14:08:11 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2010/12/04 23:31:44 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job

[2010/12/03 22:45:19 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2010/12/01 22:15:18 | 000,001,748 | ---- | M] () -- C:\Users\Lucy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/12/01 22:15:18 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/12/01 19:23:09 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lucy\Documents\HijackThis.exe

[2010/12/01 18:36:00 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk

[2010/12/01 18:36:00 | 000,000,132 | ---- | M] () -- C:\Users\Lucy\Desktop\IObit Freeware.url

[2010/12/01 13:57:07 | 000,000,436 | ---- | M] () -- C:\Windows\System32\.crusader

[2010/12/01 12:36:04 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk

[2010/12/01 11:23:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\GWKDVAVKT

[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/11/28 20:43:29 | 000,072,192 | ---- | M] () -- C:\Users\Lucy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/27 19:26:37 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/27 08:33:50 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2010/11/27 08:28:31 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk

[2010/11/27 08:25:15 | 000,001,031 | ---- | M] () -- C:\Users\Lucy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2010/11/27 08:25:15 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2010/11/24 07:02:42 | 002,486,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/11/22 20:59:17 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll

[2010/11/22 20:58:48 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll

[2010/11/22 20:58:48 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll

[2010/11/22 11:41:00 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2010/11/10 19:16:15 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/07 16:32:52 | 245,970,417 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010/12/07 14:08:11 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2010/12/04 23:31:44 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job

[2010/12/01 22:15:18 | 000,001,748 | ---- | C] () -- C:\Users\Lucy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/12/01 22:15:18 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/12/01 18:36:00 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk

[2010/12/01 18:36:00 | 000,000,132 | ---- | C] () -- C:\Users\Lucy\Desktop\IObit Freeware.url

[2010/12/01 13:57:07 | 000,000,436 | ---- | C] () -- C:\Windows\System32\.crusader

[2010/12/01 12:39:22 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2010/12/01 12:34:50 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk

[2010/12/01 11:34:27 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2010/12/01 11:34:27 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2010/12/01 11:34:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010/12/01 11:34:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/12/01 11:34:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010/12/01 11:23:03 | 000,000,000 | ---- | C] () -- C:\Windows\System32\GWKDVAVKT

[2010/11/27 19:26:37 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/27 08:25:15 | 000,001,031 | ---- | C] () -- C:\Users\Lucy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2010/11/27 08:25:15 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2010/10/09 20:37:33 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini

[2010/09/13 18:24:00 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/08/04 22:36:59 | 000,000,769 | ---- | C] () -- C:\Windows\System32\Remover.ini

[2010/08/04 22:36:57 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini

[2010/05/15 15:14:35 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2010/05/15 15:14:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI

[2010/05/15 15:02:03 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini

[2010/05/09 14:24:37 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/05/02 17:01:54 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll

[2010/05/02 17:01:54 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll

[2010/05/02 17:01:54 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll

[2010/05/02 16:12:13 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2010/04/30 16:09:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010/03/28 19:13:43 | 000,072,192 | ---- | C] () -- C:\Users\Lucy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/11 10:46:28 | 000,001,356 | ---- | C] () -- C:\Users\Lucy\AppData\Local\d3d9caps.dat

[2010/03/11 10:09:46 | 000,155,648 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

[2010/02/21 03:48:22 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2009/10/21 11:22:00 | 000,312,832 | ---- | C] () -- C:\Windows\System32\drivers\yk60x86.sys

[2009/08/16 09:08:36 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/05/29 14:52:26 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009/05/29 14:47:06 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll

[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/04/30 15:51:29 | 000,000,000 | ---D | M] -- C:\Users\Lucy\AppData\Roaming\AnvSoft

[2010/03/11 13:19:20 | 000,000,000 | ---D | M] -- C:\Users\Lucy\AppData\Roaming\Azureus

[2010/12/01 12:36:33 | 000,000,000 | ---D | M] -- C:\Users\Lucy\AppData\Roaming\BitTorrent

[2010/04/30 16:08:19 | 000,000,000 | ---D | M] -- C:\Users\Lucy\AppData\Roaming\CheckPoint

[2010/05/02 16:11:03 | 000,000,000 | ---D | M] -- C:\Users\Lucy\AppData\Roaming\DAEMON Tools Lite

[2010/06/27 15:35:13 | 000,000,000 | ---D | M] -- C:\Users\Lucy\AppData\Roaming\Facebook

[2010/12/01 18:35:59 | 000,000,000 | ---D | M] -- C:\Users\Lucy\AppData\Roaming\IObit

[2010/05/19 13:23:36 | 000,000,000 | ---D | M] -- C:\Users\Lucy\AppData\Roaming\Juniper Networks

[2010/05/09 10:30:11 | 000,000,000 | ---D | M] -- C:\Users\Lucy\AppData\Roaming\Opera

[2010/05/15 18:03:28 | 000,000,000 | ---D | M] -- C:\Users\Lucy\AppData\Roaming\ScanSoft

[2010/05/02 09:02:18 | 000,000,000 | ---D | M] -- C:\Users\Lucy\AppData\Roaming\Sony

[2010/08/17 11:50:59 | 000,000,000 | ---D | M] -- C:\Users\Lucy\AppData\Roaming\Trusteer

[2010/03/11 15:58:07 | 000,000,000 | ---D | M] -- C:\Users\Lucy\AppData\Roaming\Uniblue

[2010/03/11 15:56:42 | 000,000,000 | ---D | M] -- C:\Users\Lucy\AppData\Roaming\uTorrent

[2010/04/30 17:53:17 | 000,000,000 | ---D | M] -- C:\Users\Lucy\AppData\Roaming\VistaCodecs

[2010/12/04 23:31:44 | 000,000,290 | ---- | M] () -- C:\Windows\Tasks\Hitman Pro 3.5 Boot Task.job

[2010/12/07 14:58:43 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010/12/07 16:33:44 | 000,000,290 | ---- | M] () -- C:\Windows\Tasks\WefiStartup.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:C895616B

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 07/12/2010 16:42:22 - Run 1OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Lucy\Documents

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 62.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 62.49 Gb Free Space | 26.83% Space Free | Partition Type: NTFS

Drive D: | 3.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LUCY-PC | User Name: Lucy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{551077AB-2533-450E-8EB6-4AA61FA78D93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8BF80656-9A5A-4E87-B456-76A2DBDDCE25}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{DA6D570A-1F89-4785-AEBE-7D85568D905C}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{07AC37B5-ED7E-4D6D-8ECD-43E440FAB6BF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{08138714-4163-4741-9FE8-BFC2769A4434}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{0EB394FE-5686-4675-B099-9A8A4FCAC1DA}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |

"{0F731E7C-453B-4D24-B81A-E50B8F9F21EE}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

"{2E6CB5A6-94CD-4E8B-9B23-1FEE4FEA289F}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"{3394BC22-6E07-4F40-B3E1-759855906258}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

"{3E0E5ABB-03C6-453E-AD66-BB9F28068738}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{3EC77A18-9CB6-4421-AD35-B162104EB537}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |

"{44E35778-26B6-4486-B914-307DB3C1BA8E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{451AC896-CE7B-4139-AB1B-935D84715479}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |

"{6FADA91C-B1E4-4C99-94D4-413291FF7646}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{74D2443C-5932-4027-802A-F0B4FA5D770D}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"{7653D654-CDA6-44DD-BC99-B7B326E00C7D}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

"{8BD01569-D00E-4074-AABB-8DD9EE600650}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{935DD727-0A85-4364-B4C5-63429FD4F775}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |

"{98CF990D-F49F-4826-8238-01895C8A08B8}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |

"{992AC05F-4970-4D01-A622-E1C13FB132AE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{9982D462-D193-4E12-A224-0F738AB4CA27}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{CB1A49E3-C41D-4433-BA5D-18AB3892983B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E7BC5E94-E8D7-47CA-B31F-A3D2EC3E5168}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |

"{FEC7CE21-E959-4EE9-BBC6-6BBDDE7A4CF6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"TCP Query User{A123B02B-57E9-4C44-B5EA-9E0CC56769C3}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |

"UDP Query User{3D10E34C-8D0A-432A-8A61-0BDF6412D068}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 22

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3

"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes

"{312FA0F1-8EB0-472B-BF50-B863C5D92A76}" = Blaine's Custom Speed Effects

"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer

"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4

"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center

"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite

"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC VGA Camer@ Plus

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec

"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5

"{B0513493-04B9-4F21-B4AB-83E750D54256}" = Adobe Photoshop Lightroom 2.7

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup

"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings

"Ad-Aware" = Ad-Aware

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3

"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3

"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2

"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3

"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings

"Any Video Converter_is1" = Any Video Converter 3.0.5

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"BitTorrent" = BitTorrent

"BookSmart

Link to post
Share on other sites

Yes indeed you do.

One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still want to clean it please do the following

===================

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

========

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

kahdah :)

i would like to clean this computer, i will though get hold of a copy of windows for a fresh install, i understand the importance of having a secure system, i haven't done any online banking since being infected.

I have included the two logs you requested below,

ComboFix 10-12-06.04 - Lucy 07/12/2010 19:43:43.2.2 - x86

Microsoft

Link to post
Share on other sites

Hi sorry, i mistakenly thought i had posted it.

2010/12/07 19:26:41.0899 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01

2010/12/07 19:26:41.0899 ================================================================================

2010/12/07 19:26:41.0899 SystemInfo:

2010/12/07 19:26:41.0899

2010/12/07 19:26:41.0899 OS Version: 6.0.6002 ServicePack: 2.0

2010/12/07 19:26:41.0900 Product type: Workstation

2010/12/07 19:26:41.0900 ComputerName: LUCY-PC

2010/12/07 19:26:41.0900 UserName: Lucy

2010/12/07 19:26:41.0900 Windows directory: C:\Windows

2010/12/07 19:26:41.0900 System windows directory: C:\Windows

2010/12/07 19:26:41.0900 Processor architecture: Intel x86

2010/12/07 19:26:41.0900 Number of processors: 2

2010/12/07 19:26:41.0900 Page size: 0x1000

2010/12/07 19:26:41.0900 Boot type: Normal boot

2010/12/07 19:26:41.0900 ================================================================================

2010/12/07 19:26:43.0010 Initialize success

2010/12/07 19:26:55.0705 ================================================================================

2010/12/07 19:26:55.0705 Scan started

2010/12/07 19:26:55.0705 Mode: Manual;

2010/12/07 19:26:55.0705 ================================================================================

2010/12/07 19:26:58.0054 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2010/12/07 19:26:58.0240 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

2010/12/07 19:26:58.0327 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

2010/12/07 19:26:58.0396 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

2010/12/07 19:26:58.0462 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

2010/12/07 19:26:58.0610 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

2010/12/07 19:26:58.0833 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

2010/12/07 19:26:58.0931 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2010/12/07 19:26:59.0010 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

2010/12/07 19:26:59.0067 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

2010/12/07 19:26:59.0152 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

2010/12/07 19:26:59.0243 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

2010/12/07 19:26:59.0337 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

2010/12/07 19:26:59.0509 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

2010/12/07 19:26:59.0570 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

2010/12/07 19:26:59.0660 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/12/07 19:26:59.0722 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2010/12/07 19:26:59.0849 athr (7fa516fc81dd5931f389b56279a27a3e) C:\Windows\system32\DRIVERS\athr.sys

2010/12/07 19:26:59.0999 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys

2010/12/07 19:27:00.0048 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\Windows\system32\DRIVERS\avipbb.sys

2010/12/07 19:27:00.0178 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2010/12/07 19:27:00.0286 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

2010/12/07 19:27:00.0377 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2010/12/07 19:27:00.0448 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2010/12/07 19:27:00.0541 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2010/12/07 19:27:00.0627 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2010/12/07 19:27:00.0772 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2010/12/07 19:27:00.0875 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2010/12/07 19:27:00.0956 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2010/12/07 19:27:01.0045 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2010/12/07 19:27:01.0532 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/12/07 19:27:01.0644 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2010/12/07 19:27:01.0763 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

2010/12/07 19:27:01.0950 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2010/12/07 19:27:02.0117 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/12/07 19:27:02.0208 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

2010/12/07 19:27:02.0256 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2010/12/07 19:27:02.0328 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

2010/12/07 19:27:02.0439 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

2010/12/07 19:27:02.0599 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

2010/12/07 19:27:02.0713 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2010/12/07 19:27:02.0873 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2010/12/07 19:27:02.0965 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys

2010/12/07 19:27:03.0054 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

2010/12/07 19:27:03.0168 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2010/12/07 19:27:03.0357 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys

2010/12/07 19:27:03.0433 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

2010/12/07 19:27:03.0541 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

2010/12/07 19:27:03.0687 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2010/12/07 19:27:03.0769 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2010/12/07 19:27:03.0951 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

2010/12/07 19:27:04.0034 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2010/12/07 19:27:04.0091 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2010/12/07 19:27:04.0216 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/12/07 19:27:04.0287 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2010/12/07 19:27:04.0401 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2010/12/07 19:27:04.0482 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

2010/12/07 19:27:04.0553 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2010/12/07 19:27:04.0756 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2010/12/07 19:27:04.0926 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/12/07 19:27:05.0083 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2010/12/07 19:27:05.0171 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2010/12/07 19:27:05.0349 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2010/12/07 19:27:05.0421 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

2010/12/07 19:27:05.0617 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

2010/12/07 19:27:05.0772 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys

2010/12/07 19:27:05.0865 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

2010/12/07 19:27:05.0997 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

2010/12/07 19:27:06.0140 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

2010/12/07 19:27:06.0270 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/12/07 19:27:06.0533 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

2010/12/07 19:27:06.0710 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys

2010/12/07 19:27:06.0832 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2010/12/07 19:27:07.0061 IntcAzAudAddService (a82c70cbaec7b10e4c9c1341d729640f) C:\Windows\system32\drivers\RTKVHDA.sys

2010/12/07 19:27:07.0366 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2010/12/07 19:27:07.0443 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2010/12/07 19:27:07.0598 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/12/07 19:27:07.0729 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

2010/12/07 19:27:07.0793 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2010/12/07 19:27:07.0885 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2010/12/07 19:27:07.0951 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

2010/12/07 19:27:08.0013 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/12/07 19:27:08.0059 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2010/12/07 19:27:08.0136 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2010/12/07 19:27:08.0196 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/12/07 19:27:08.0288 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

2010/12/07 19:27:08.0370 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2010/12/07 19:27:08.0575 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2010/12/07 19:27:08.0681 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys

2010/12/07 19:27:08.0734 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/12/07 19:27:08.0829 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

2010/12/07 19:27:08.0893 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

2010/12/07 19:27:08.0977 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

2010/12/07 19:27:09.0045 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2010/12/07 19:27:09.0136 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2010/12/07 19:27:09.0199 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

2010/12/07 19:27:09.0267 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

2010/12/07 19:27:09.0413 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2010/12/07 19:27:09.0507 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2010/12/07 19:27:09.0604 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2010/12/07 19:27:09.0705 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2010/12/07 19:27:09.0912 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2010/12/07 19:27:10.0089 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

2010/12/07 19:27:10.0165 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2010/12/07 19:27:10.0271 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2010/12/07 19:27:10.0382 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2010/12/07 19:27:10.0500 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/12/07 19:27:10.0609 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/12/07 19:27:10.0662 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/12/07 19:27:10.0816 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys

2010/12/07 19:27:10.0919 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

2010/12/07 19:27:10.0984 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2010/12/07 19:27:11.0068 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2010/12/07 19:27:11.0197 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2010/12/07 19:27:11.0253 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/12/07 19:27:11.0529 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2010/12/07 19:27:11.0598 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2010/12/07 19:27:11.0680 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/12/07 19:27:11.0747 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2010/12/07 19:27:11.0787 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2010/12/07 19:27:11.0909 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2010/12/07 19:27:12.0031 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2010/12/07 19:27:12.0149 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/12/07 19:27:12.0230 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/12/07 19:27:12.0316 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/12/07 19:27:12.0389 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2010/12/07 19:27:12.0490 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2010/12/07 19:27:12.0544 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2010/12/07 19:27:12.0672 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2010/12/07 19:27:12.0801 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2010/12/07 19:27:12.0868 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2010/12/07 19:27:12.0959 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2010/12/07 19:27:13.0072 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2010/12/07 19:27:13.0135 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2010/12/07 19:27:13.0193 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

2010/12/07 19:27:13.0358 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

2010/12/07 19:27:13.0432 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

2010/12/07 19:27:13.0559 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/12/07 19:27:13.0716 PAC7302 (81a0921e2a3fdcf840e43af64bf96ea2) C:\Windows\system32\DRIVERS\PAC7302.SYS

2010/12/07 19:27:13.0795 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2010/12/07 19:27:13.0871 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2010/12/07 19:27:13.0932 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2010/12/07 19:27:14.0010 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2010/12/07 19:27:14.0096 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

2010/12/07 19:27:14.0189 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/12/07 19:27:14.0321 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2010/12/07 19:27:14.0546 pgfilter (2cf226173b467ab48f89d77e89936951) C:\Program Files\PeerGuardian2\pgfilter.sys

2010/12/07 19:27:14.0717 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2010/12/07 19:27:14.0790 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

2010/12/07 19:27:14.0898 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2010/12/07 19:27:15.0003 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys

2010/12/07 19:27:15.0172 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

2010/12/07 19:27:15.0245 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2010/12/07 19:27:15.0329 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2010/12/07 19:27:15.0484 RapportCerberus_19917 (539fbdcff37a24102c507092b333ec2b) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys

2010/12/07 19:27:15.0676 RapportPG (c9b8a131aaf77d969cbc3987537b319d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

2010/12/07 19:27:15.0799 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2010/12/07 19:27:15.0848 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/12/07 19:27:15.0980 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/12/07 19:27:16.0022 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2010/12/07 19:27:16.0078 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2010/12/07 19:27:16.0154 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/12/07 19:27:16.0211 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

2010/12/07 19:27:16.0299 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2010/12/07 19:27:16.0411 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2010/12/07 19:27:16.0516 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2010/12/07 19:27:16.0604 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2010/12/07 19:27:16.0753 SecDrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\Windows\system32\drivers\SECDRV.SYS

2010/12/07 19:27:16.0836 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2010/12/07 19:27:16.0916 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2010/12/07 19:27:16.0964 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2010/12/07 19:27:17.0074 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys

2010/12/07 19:27:17.0151 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

2010/12/07 19:27:17.0194 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

2010/12/07 19:27:17.0237 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

2010/12/07 19:27:17.0280 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2010/12/07 19:27:17.0355 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

2010/12/07 19:27:17.0424 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

2010/12/07 19:27:17.0495 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

2010/12/07 19:27:17.0593 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2010/12/07 19:27:17.0651 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2010/12/07 19:27:17.0741 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

2010/12/07 19:27:17.0741 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

2010/12/07 19:27:17.0749 sptd - detected Locked file (1)

2010/12/07 19:27:17.0806 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys

2010/12/07 19:27:17.0885 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys

2010/12/07 19:27:17.0946 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys

2010/12/07 19:27:18.0030 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2010/12/07 19:27:18.0119 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2010/12/07 19:27:18.0185 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2010/12/07 19:27:18.0249 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2010/12/07 19:27:18.0314 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2010/12/07 19:27:18.0449 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys

2010/12/07 19:27:18.0540 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys

2010/12/07 19:27:18.0600 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys

2010/12/07 19:27:18.0682 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2010/12/07 19:27:18.0747 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2010/12/07 19:27:18.0809 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2010/12/07 19:27:18.0886 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2010/12/07 19:27:19.0089 ti21sony (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys

2010/12/07 19:27:19.0249 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/12/07 19:27:19.0334 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2010/12/07 19:27:19.0399 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2010/12/07 19:27:19.0462 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

2010/12/07 19:27:19.0541 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2010/12/07 19:27:19.0668 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

2010/12/07 19:27:19.0757 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

2010/12/07 19:27:19.0804 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2010/12/07 19:27:19.0885 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2010/12/07 19:27:19.0939 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2010/12/07 19:27:20.0133 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

2010/12/07 19:27:20.0225 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/12/07 19:27:20.0287 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2010/12/07 19:27:20.0401 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2010/12/07 19:27:20.0456 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2010/12/07 19:27:20.0550 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2010/12/07 19:27:20.0622 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2010/12/07 19:27:20.0707 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2010/12/07 19:27:20.0761 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/12/07 19:27:20.0834 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/12/07 19:27:20.0898 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys

2010/12/07 19:27:20.0955 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/12/07 19:27:20.0990 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2010/12/07 19:27:21.0046 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

2010/12/07 19:27:21.0104 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

2010/12/07 19:27:21.0161 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

2010/12/07 19:27:21.0226 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2010/12/07 19:27:21.0292 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2010/12/07 19:27:21.0433 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2010/12/07 19:27:21.0491 Vsdatant (6be75cfce25e42e79c0757c60d88fecb) C:\Windows\system32\DRIVERS\vsdatant.sys

2010/12/07 19:27:21.0593 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

2010/12/07 19:27:21.0674 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2010/12/07 19:27:21.0738 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/07 19:27:21.0802 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/07 19:27:21.0869 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

2010/12/07 19:27:21.0945 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2010/12/07 19:27:22.0093 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2010/12/07 19:27:22.0253 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

2010/12/07 19:27:22.0373 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/12/07 19:27:22.0542 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/12/07 19:27:22.0638 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys

2010/12/07 19:27:22.0792 yukonwlh (7d12e9f01145196ec8f7508c151cd50a) C:\Windows\system32\DRIVERS\yk60x86.sys

2010/12/07 19:27:22.0902 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/12/07 19:27:22.0914 ================================================================================

2010/12/07 19:27:22.0914 Scan finished

2010/12/07 19:27:22.0914 ================================================================================

2010/12/07 19:27:22.0939 Detected object count: 2

2010/12/07 19:27:50.0111 Locked file(sptd) - User select action: Skip

2010/12/07 19:27:50.0123 \HardDisk0 - will be cured after reboot

2010/12/07 19:27:50.0152 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

Link to post
Share on other sites

No problem.

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan inside archives.
  • Click Scan
  • Wait for the scan to finish
  • Click on the option that says Export to text file.
  • Save it to your desktop and post the contents here in your next reply.
  • Once the log is saved click the option to delete quarantined threats and Uninstall application on close.

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.