Jump to content

Recommended Posts

Hey, I guess I'll start off when my laptop was first infected. About 2 weeks ago I noticed I got some rouge kits and before I could restart my laptop into Safe Mode, it got the Blue Screen of Death. So I was able to get it to start up in Safe mode and was able to run MalWareBytes'. Even after it cleaned the computer the Vista Antivirus 2011 kept coming back, but I eventually restored the system to a week previous of the infection. A few days went by when I noticed that Vista Antivirus 2011 was back, but this time it seemed to bring some "friends". I am not able to access the internet and for awhile MalWareBytes gave me the Error: 730 message. I have just reinstalled Malwarebytes' and did a manual update (which is 15 days old, but better than 115 days old I guess). So I have just scanned my laptop and got rid of 5 infected viri or malware, and I don't know if I can connect to the internet yet as I am doing a full scan now. It seems that Vista Antivirus 2011 is gone, but I want to make sure its gone for good! So I came here in look for help. Just tell me what to do, and I'll do it!

Thanks for the help,

Kevin

Link to post
Share on other sites

Hi Kevin and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

Yes, that is okay! :)

First, please download and run unhide.exe to make any hidden files by malware visible. Do this before running combofix!

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

I was able to run Unhide, and I just started to run Combofix, but when it starts out it says something along the lines of "These tools cant be used because it needs administrator rights", but it has started to scan for infected files so I don't know if the first part affected the scanning proccess.

Ok, I have finished scanning 3 different times because it keeps saying it found a rootkit and needs to reboot, and it has not yet produced a log yet.

Link to post
Share on other sites

If it does not finish, try this first.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Ok after running TTDSkiller it deleted the roguekit and combofix was able to run through the whole process and made the log. The Combofix log was created but after Combofix was finished everything I tried to open (whether it was a text dcument or any other type of file) it came back with the error: "Illegal operation attempted on a registry key that has been marked for deletion." Don't undestand what this means or what I should do about it since it wont let me open anything.

Thanks,

Kevin

TTDS Log:

2011/05/24 13:43:00.0800 1852 TDSS rootkit removing tool 2.5.2.0 May 24 2011 11:01:23

2011/05/24 13:43:00.0800 1852 ================================================================================

2011/05/24 13:43:00.0800 1852 SystemInfo:

2011/05/24 13:43:00.0800 1852

2011/05/24 13:43:00.0800 1852 OS Version: 6.0.6001 ServicePack: 1.0

2011/05/24 13:43:00.0800 1852 Product type: Workstation

2011/05/24 13:43:00.0800 1852 ComputerName: STELLACHURCH-PC

2011/05/24 13:43:00.0800 1852 UserName: stellachurch

2011/05/24 13:43:00.0800 1852 Windows directory: C:\Windows

2011/05/24 13:43:00.0800 1852 System windows directory: C:\Windows

2011/05/24 13:43:00.0800 1852 Processor architecture: Intel x86

2011/05/24 13:43:00.0800 1852 Number of processors: 2

2011/05/24 13:43:00.0800 1852 Page size: 0x1000

2011/05/24 13:43:00.0800 1852 Boot type: Safe boot

2011/05/24 13:43:00.0800 1852 ================================================================================

2011/05/24 13:43:02.0375 1852 Initialize success

2011/05/24 13:43:08.0725 1868 ================================================================================

2011/05/24 13:43:08.0725 1868 Scan started

2011/05/24 13:43:08.0725 1868 Mode: Manual;

2011/05/24 13:43:08.0725 1868 ================================================================================

2011/05/24 13:43:09.0910 1868 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

2011/05/24 13:43:09.0988 1868 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/05/24 13:43:10.0051 1868 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/05/24 13:43:10.0097 1868 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/05/24 13:43:10.0160 1868 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/05/24 13:43:10.0316 1868 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys

2011/05/24 13:43:10.0378 1868 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

2011/05/24 13:43:10.0456 1868 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/05/24 13:43:10.0550 1868 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

2011/05/24 13:43:10.0612 1868 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

2011/05/24 13:43:10.0643 1868 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

2011/05/24 13:43:10.0706 1868 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/05/24 13:43:10.0784 1868 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

2011/05/24 13:43:10.0893 1868 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/05/24 13:43:10.0955 1868 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/05/24 13:43:11.0080 1868 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/05/24 13:43:11.0127 1868 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

2011/05/24 13:43:11.0189 1868 athr (6046a55f79de9c581b8d5e9c1366cc81) C:\Windows\system32\DRIVERS\athr.sys

2011/05/24 13:43:11.0392 1868 atikmdag (932481db5f321e7bd56d3d7baa1fb3c3) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/05/24 13:43:11.0579 1868 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/05/24 13:43:11.0673 1868 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys

2011/05/24 13:43:11.0798 1868 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys

2011/05/24 13:43:11.0891 1868 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys

2011/05/24 13:43:11.0985 1868 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/05/24 13:43:12.0172 1868 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys

2011/05/24 13:43:12.0219 1868 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/05/24 13:43:12.0281 1868 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/05/24 13:43:12.0344 1868 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/05/24 13:43:12.0375 1868 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/05/24 13:43:12.0422 1868 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/05/24 13:43:12.0484 1868 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/05/24 13:43:12.0515 1868 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/05/24 13:43:12.0687 1868 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/05/24 13:43:12.0781 1868 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

2011/05/24 13:43:12.0843 1868 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2011/05/24 13:43:12.0905 1868 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

2011/05/24 13:43:13.0030 1868 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/05/24 13:43:13.0077 1868 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

2011/05/24 13:43:13.0171 1868 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/05/24 13:43:13.0217 1868 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/05/24 13:43:13.0264 1868 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/05/24 13:43:13.0405 1868 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys

2011/05/24 13:43:13.0514 1868 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

2011/05/24 13:43:13.0576 1868 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys

2011/05/24 13:43:13.0685 1868 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/05/24 13:43:13.0779 1868 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

2011/05/24 13:43:13.0873 1868 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/05/24 13:43:13.0997 1868 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

2011/05/24 13:43:14.0138 1868 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/05/24 13:43:14.0294 1868 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

2011/05/24 13:43:14.0325 1868 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

2011/05/24 13:43:14.0403 1868 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/05/24 13:43:14.0528 1868 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/05/24 13:43:14.0590 1868 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/05/24 13:43:14.0621 1868 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/05/24 13:43:14.0731 1868 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

2011/05/24 13:43:14.0777 1868 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/05/24 13:43:14.0824 1868 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/05/24 13:43:14.0902 1868 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2011/05/24 13:43:15.0011 1868 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/05/24 13:43:15.0074 1868 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/05/24 13:43:15.0105 1868 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/05/24 13:43:15.0152 1868 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/05/24 13:43:15.0214 1868 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

2011/05/24 13:43:15.0245 1868 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/05/24 13:43:15.0308 1868 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

2011/05/24 13:43:15.0401 1868 HSF_DPV (9efa5fec26cec696a66a891ac90b412d) C:\Windows\system32\DRIVERS\HSX_DPV.sys

2011/05/24 13:43:15.0511 1868 HSXHWAZL (7e775360ece92156ced6ed3b1daf6208) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

2011/05/24 13:43:15.0573 1868 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys

2011/05/24 13:43:15.0635 1868 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/05/24 13:43:15.0713 1868 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/05/24 13:43:15.0807 1868 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/05/24 13:43:15.0947 1868 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/05/24 13:43:16.0010 1868 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/05/24 13:43:16.0135 1868 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys

2011/05/24 13:43:16.0259 1868 IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys

2011/05/24 13:43:16.0369 1868 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

2011/05/24 13:43:16.0431 1868 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

2011/05/24 13:43:16.0509 1868 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/05/24 13:43:16.0603 1868 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/05/24 13:43:16.0665 1868 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/05/24 13:43:16.0774 1868 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys

2011/05/24 13:43:16.0821 1868 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/05/24 13:43:16.0868 1868 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

2011/05/24 13:43:16.0930 1868 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/05/24 13:43:17.0055 1868 ISWKL (6c614b6fd20194835c77346f6c34156e) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys

2011/05/24 13:43:17.0102 1868 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/05/24 13:43:17.0164 1868 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/05/24 13:43:17.0227 1868 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/05/24 13:43:17.0289 1868 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

2011/05/24 13:43:17.0398 1868 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

2011/05/24 13:43:17.0507 1868 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/05/24 13:43:17.0585 1868 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/05/24 13:43:17.0617 1868 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/05/24 13:43:17.0679 1868 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/05/24 13:43:17.0757 1868 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/05/24 13:43:17.0851 1868 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2011/05/24 13:43:17.0929 1868 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/05/24 13:43:18.0007 1868 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/05/24 13:43:18.0100 1868 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/05/24 13:43:18.0163 1868 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/05/24 13:43:18.0225 1868 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys

2011/05/24 13:43:18.0272 1868 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/05/24 13:43:18.0319 1868 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/05/24 13:43:18.0365 1868 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/05/24 13:43:18.0428 1868 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/05/24 13:43:18.0490 1868 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

2011/05/24 13:43:18.0537 1868 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/05/24 13:43:18.0615 1868 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/05/24 13:43:18.0677 1868 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/05/24 13:43:18.0709 1868 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

2011/05/24 13:43:18.0771 1868 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/05/24 13:43:18.0896 1868 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/05/24 13:43:18.0974 1868 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/05/24 13:43:19.0083 1868 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/05/24 13:43:19.0145 1868 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/05/24 13:43:19.0177 1868 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/05/24 13:43:19.0239 1868 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

2011/05/24 13:43:19.0301 1868 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/05/24 13:43:19.0379 1868 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/05/24 13:43:19.0442 1868 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

2011/05/24 13:43:19.0535 1868 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

2011/05/24 13:43:19.0660 1868 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

2011/05/24 13:43:19.0738 1868 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/05/24 13:43:19.0785 1868 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/05/24 13:43:19.0847 1868 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/05/24 13:43:19.0925 1868 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/05/24 13:43:20.0003 1868 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/05/24 13:43:20.0097 1868 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

2011/05/24 13:43:20.0237 1868 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/05/24 13:43:20.0347 1868 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

2011/05/24 13:43:20.0409 1868 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys

2011/05/24 13:43:20.0440 1868 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/05/24 13:43:20.0549 1868 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

2011/05/24 13:43:20.0659 1868 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys

2011/05/24 13:43:20.0705 1868 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/05/24 13:43:20.0783 1868 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/05/24 13:43:20.0815 1868 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2011/05/24 13:43:20.0877 1868 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2011/05/24 13:43:20.0939 1868 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

2011/05/24 13:43:21.0111 1868 O2MDRDR (36ed541ff0ad27d7f1c1e8f86f026309) C:\Windows\system32\DRIVERS\o2media.sys

2011/05/24 13:43:21.0189 1868 O2SDRDR (f3d467025d365a96b5e51c6229562716) C:\Windows\system32\DRIVERS\o2sd.sys

2011/05/24 13:43:21.0251 1868 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/05/24 13:43:21.0361 1868 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/05/24 13:43:21.0439 1868 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

2011/05/24 13:43:21.0501 1868 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/05/24 13:43:21.0595 1868 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

2011/05/24 13:43:21.0688 1868 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

2011/05/24 13:43:21.0766 1868 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/05/24 13:43:21.0907 1868 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/05/24 13:43:22.0094 1868 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/05/24 13:43:22.0141 1868 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/05/24 13:43:22.0250 1868 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

2011/05/24 13:43:22.0343 1868 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys

2011/05/24 13:43:22.0390 1868 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys

2011/05/24 13:43:22.0437 1868 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys

2011/05/24 13:43:22.0546 1868 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/05/24 13:43:22.0624 1868 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/05/24 13:43:22.0702 1868 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/05/24 13:43:22.0733 1868 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/05/24 13:43:22.0796 1868 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/05/24 13:43:22.0858 1868 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/05/24 13:43:22.0905 1868 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

2011/05/24 13:43:22.0999 1868 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

2011/05/24 13:43:23.0045 1868 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/05/24 13:43:23.0123 1868 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

2011/05/24 13:43:23.0186 1868 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/05/24 13:43:23.0264 1868 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

2011/05/24 13:43:23.0373 1868 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/05/24 13:43:23.0404 1868 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys

2011/05/24 13:43:23.0498 1868 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/05/24 13:43:23.0560 1868 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

2011/05/24 13:43:23.0591 1868 SASKUTIL (67d2688756dd304af655349baad82bff) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2011/05/24 13:43:23.0654 1868 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/05/24 13:43:23.0732 1868 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys

2011/05/24 13:43:23.0810 1868 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/05/24 13:43:23.0888 1868 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/05/24 13:43:23.0935 1868 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/05/24 13:43:24.0013 1868 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/05/24 13:43:24.0106 1868 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

2011/05/24 13:43:24.0138 1868 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

2011/05/24 13:43:24.0184 1868 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

2011/05/24 13:43:24.0216 1868 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/05/24 13:43:24.0278 1868 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

2011/05/24 13:43:24.0340 1868 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/05/24 13:43:24.0372 1868 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/05/24 13:43:24.0465 1868 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

2011/05/24 13:43:24.0606 1868 SNP2UVC (1c550748f896e53b7b0fe7717845132b) C:\Windows\system32\DRIVERS\snp2uvc.sys

2011/05/24 13:43:24.0730 1868 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/05/24 13:43:24.0824 1868 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys

2011/05/24 13:43:24.0886 1868 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys

2011/05/24 13:43:24.0949 1868 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys

2011/05/24 13:43:25.0058 1868 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2011/05/24 13:43:25.0136 1868 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/05/24 13:43:25.0214 1868 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/05/24 13:43:25.0276 1868 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/05/24 13:43:25.0308 1868 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/05/24 13:43:25.0354 1868 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys

2011/05/24 13:43:25.0542 1868 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys

2011/05/24 13:43:25.0620 1868 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys

2011/05/24 13:43:25.0698 1868 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

2011/05/24 13:43:25.0760 1868 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/05/24 13:43:25.0807 1868 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/05/24 13:43:25.0869 1868 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

2011/05/24 13:43:25.0932 1868 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

2011/05/24 13:43:26.0041 1868 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/05/24 13:43:26.0119 1868 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/05/24 13:43:26.0181 1868 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

2011/05/24 13:43:26.0228 1868 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/05/24 13:43:26.0275 1868 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

2011/05/24 13:43:26.0353 1868 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

2011/05/24 13:43:26.0400 1868 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/05/24 13:43:26.0446 1868 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/05/24 13:43:26.0478 1868 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/05/24 13:43:26.0540 1868 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/05/24 13:43:26.0618 1868 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys

2011/05/24 13:43:26.0696 1868 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/05/24 13:43:26.0743 1868 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/05/24 13:43:26.0821 1868 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

2011/05/24 13:43:26.0868 1868 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

2011/05/24 13:43:26.0930 1868 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys

2011/05/24 13:43:27.0024 1868 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2011/05/24 13:43:27.0086 1868 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2011/05/24 13:43:27.0180 1868 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/05/24 13:43:27.0242 1868 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/05/24 13:43:27.0304 1868 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys

2011/05/24 13:43:27.0367 1868 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/05/24 13:43:27.0429 1868 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/05/24 13:43:27.0492 1868 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

2011/05/24 13:43:27.0523 1868 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/05/24 13:43:27.0585 1868 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

2011/05/24 13:43:27.0663 1868 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/05/24 13:43:27.0772 1868 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

2011/05/24 13:43:27.0850 1868 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

2011/05/24 13:43:27.0975 1868 Vsdatant (039f40f0ca0f4de7dce7adf74c27bfae) C:\Windows\system32\DRIVERS\vsdatant.sys

2011/05/24 13:43:28.0131 1868 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/05/24 13:43:28.0194 1868 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/05/24 13:43:28.0272 1868 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/24 13:43:28.0287 1868 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/24 13:43:28.0365 1868 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/05/24 13:43:28.0459 1868 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2011/05/24 13:43:28.0568 1868 winachsf (cf27edac75c87f2b776d9218f02f8301) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2011/05/24 13:43:28.0740 1868 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/05/24 13:43:28.0896 1868 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/05/24 13:43:29.0005 1868 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/05/24 13:43:29.0067 1868 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

2011/05/24 13:43:29.0161 1868 yukonwlh (7927e830ecde6db3682cc319bad26984) C:\Windows\system32\DRIVERS\yk60x86.sys

2011/05/24 13:43:29.0239 1868 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl

2011/05/24 13:43:29.0270 1868 MBR (0x1B8) (036d4ebb79e13e67e78acf2dab65bcc3) \Device\Harddisk0\DR0

2011/05/24 13:43:29.0270 1868 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/05/24 13:43:29.0301 1868 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

2011/05/24 13:43:29.0317 1868 ================================================================================

2011/05/24 13:43:29.0317 1868 Scan finished

2011/05/24 13:43:29.0317 1868 ================================================================================

2011/05/24 13:43:29.0364 1860 Detected object count: 1

2011/05/24 13:43:29.0364 1860 Actual detected object count: 1

2011/05/24 13:43:35.0448 1860 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/05/24 13:43:35.0448 1860 \Device\Harddisk0\DR0 - ok

2011/05/24 13:43:35.0448 1860 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/05/24 13:43:41.0438 1848 Deinitialize success

Combofix Log:

ComboFix 11-05-23.02 - stellachurch 05/24/2011 13:55:42.1.2 - x86 MINIMAL

Microsoft

Link to post
Share on other sites

Hi, that looks a lot better! However, you had a nasty rootkit on board. Please read the following information first.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 6.
  • Look for "JDK 6 Update 25 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-6u25-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

Finally, please launch MBAM, update it and run a full scan. Post me the resulting log.

Link to post
Share on other sites

Ok well the manual update didn't bring Malwarebytes to a newer version and is still 21 days old. I use wireless broadband to connect to the internet, but I use another computer to use the broadband too, so I know the broadband isnt the issue. Whenever I try to open internet explorer to access the internet or try to update a program, its unable to do so, and windows does not give me any error messages. Also I want to know what boxes I should have ticked off for these firewall settings under the "exceptions" tab (I run Vista). Should I have Internet explorer checked off?

Thanks,

Kevin

Link to post
Share on other sites

Reset Internet explorer but it is still the same. When I reset it Windows Security told me it was off, and it wouldn't allow me to start it (Im not sure if being in Safe mode affects that). And if it matters, up to now, I've been doing everything in safe mode.

Link to post
Share on other sites

Reset Internet explorer but it is still the same. When I reset it Windows Security told me it was off, and it wouldn't allow me to start it (Im not sure if being in Safe mode affects that). And if it matters, up to now, I've been doing everything in safe mode.

Let me rephrase "When I reset Internet Explorer, I got a notification from Windows Security that Windows security was off...."

Link to post
Share on other sites

Can you please run MBAM from normal mode; update and do a quick scan. Post me the resulting log.

After that, if the connection still doesn't work, please completely uninstall ZoneAlarm, restart your computer and let me know if the internet works afterwards.

Link to post
Share on other sites

I did the scan but it came out clean. I uninstalled zonealarm but I still am not able to access the internet even though it says I'm connected. Also I cant update Malwarebytes without the internet, although I could try grabbing the update file (or whatever it is) from the most up-to-date version of it on my clean PC.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6516

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

5/28/2011 5:07:06 AM

mbam-log-2011-05-28 (05-07-06).txt

Scan type: Quick scan

Objects scanned: 154042

Time elapsed: 7 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Strange, because MBAM was supposed to pick up a few leftovers here. Please run the following in normal mode from the userprofile that has the problems.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlicon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscan.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

I'd jus like to thank you for taking your time to help me :) I much apreciate it

OTL.txt

OTL logfile created on: 5/28/2011 10:16:56 AM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\stellachurch\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 47.76% Memory free

3.74 Gb Paging File | 2.32 Gb Available in Paging File | 61.99% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69.65 Gb Total Space | 12.47 Gb Free Space | 17.91% Space Free | Partition Type: NTFS

Drive D: | 69.64 Gb Total Space | 69.46 Gb Free Space | 99.75% Space Free | Partition Type: NTFS

Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive G: | 7.47 Gb Total Space | 3.99 Gb Free Space | 53.44% Space Free | Partition Type: FAT32

Computer Name: STELLACHURCH-PC | User Name: stellachurch | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/28 10:07:30 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\stellachurch\Desktop\OTL.exe

PRC - [2011/05/28 04:50:02 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\stellachurch\AppData\Local\temp\RtkBtMnt.exe

PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/11/15 01:07:12 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe

PRC - [2010/02/18 17:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/01/19 00:33:39 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE

PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

PRC - [2007/09/10 16:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

PRC - [2007/09/06 13:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

PRC - [2007/08/17 14:27:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007/07/24 12:21:26 | 000,450,560 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

PRC - [2007/06/28 19:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

PRC - [2007/06/13 17:56:18 | 000,765,952 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe

PRC - [2007/06/13 17:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe

PRC - [2007/06/13 12:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

PRC - [2007/06/07 02:50:14 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbtcoms.exe

PRC - [2007/04/25 17:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

PRC - [2007/04/25 17:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

PRC - [2007/04/23 10:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

PRC - [2007/04/04 01:04:44 | 000,813,840 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe

PRC - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe

PRC - [2006/11/24 13:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe

========== Modules (SafeList) ==========

MOD - [2011/05/28 10:07:30 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\stellachurch\Desktop\OTL.exe

MOD - [2010/08/31 08:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)

SRV - [2011/05/03 20:19:01 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)

SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/03/01 09:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®

SRV - [2010/04/05 15:33:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2007/09/10 16:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)

SRV - [2007/06/28 19:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)

SRV - [2007/06/13 17:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)

SRV - [2007/06/13 12:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)

SRV - [2007/06/07 02:50:14 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device)

SRV - [2007/04/25 17:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)

SRV - [2007/04/23 10:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)

SRV - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash)

SRV - [2006/11/24 13:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

========== Driver Services (SafeList) ==========

DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

DRV - [2007/08/12 00:10:00 | 002,930,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2007/07/03 11:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

DRV - [2007/06/12 11:38:26 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2007/04/03 10:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR)

DRV - [2007/04/02 16:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2sd.sys -- (O2SDRDR)

DRV - [2006/11/02 17:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})

DRV - [2006/11/02 00:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2006/11/02 00:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2006/08/05 09:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2463236954-426447529-565295891-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-2463236954-426447529-565295891-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-2463236954-426447529-565295891-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKU\S-1-5-21-2463236954-426447529-565295891-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2463236954-426447529-565295891-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2463236954-426447529-565295891-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/15 01:07:37 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/21 22:29:09 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/21 22:29:09 | 000,000,000 | ---D | M]

[2010/04/10 21:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stellachurch\AppData\Roaming\Mozilla\Extensions

[2011/05/14 16:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stellachurch\AppData\Roaming\Mozilla\Firefox\Profiles\rnpd7vvd.default\extensions

[2010/04/10 23:16:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\stellachurch\AppData\Roaming\Mozilla\Firefox\Profiles\rnpd7vvd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/05/07 21:58:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/05/15 01:41:13 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/08/02 19:56:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER

[2010/11/15 01:07:37 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2010/08/02 19:55:36 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/24 14:04:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (TBSB00982 Class) - {DA3D342F-FF20-4E31-9E82-22334155730C} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-2463236954-426447529-565295891-1003\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKU\S-1-5-21-2463236954-426447529-565295891-1003\..\Toolbar\WebBrowser: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()

O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()

O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-2463236954-426447529-565295891-1003..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKU\S-1-5-21-2463236954-426447529-565295891-1003..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-21-2463236954-426447529-565295891-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2463236954-426447529-565295891-1003..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2463236954-426447529-565295891-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2463236954-426447529-565295891-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab (SysInfo Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\ACER01.bmp

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\ACER01.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008/05/06 05:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ugl.exe" -a "%1" %*

O35 - HKU\S-1-5-21-2463236954-426447529-565295891-1003..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ugl.exe" -a "%1" %*

O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ugl.exe" -a "%1" %*

O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ugl.exe" -a "%1" %*

O37 - HKU\S-1-5-21-2463236954-426447529-565295891-1003\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/28 10:15:59 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\stellachurch\Desktop\OTL.exe

[2011/05/28 10:10:47 | 000,000,000 | ---D | C] -- C:\Users\stellachurch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD

[2011/05/28 05:16:31 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs

[2011/05/28 03:04:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/05/28 02:46:54 | 000,000,000 | ---D | C] -- C:\ComboFix

[2011/05/28 02:45:18 | 004,296,757 | R--- | C] (Swearware) -- C:\Users\stellachurch\Desktop\ComboFix.exe

[2011/05/24 14:06:45 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/05/24 14:06:45 | 000,000,000 | ---D | C] -- C:\Users\stellachurch\AppData\Local\temp

[2011/05/24 13:42:48 | 001,422,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\stellachurch\Desktop\TDSSKiller.exe

[2011/05/23 16:22:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/05/23 16:22:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/05/23 16:22:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/05/23 16:22:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/05/23 16:22:13 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/05/22 16:15:59 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\stellachurch\Desktop\dds.scr

[2011/05/21 15:51:59 | 000,000,000 | ---D | C] -- C:\Users\stellachurch\AppData\Roaming\Malwarebytes

[2011/05/21 15:51:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/05/21 15:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/05/21 15:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/05/21 15:51:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/05/21 15:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/05/19 22:53:48 | 000,000,000 | ---D | C] -- C:\Users\stellachurch\AppData\Roaming\Avira

[2011/05/19 22:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2011/05/19 22:53:09 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2011/05/19 22:53:08 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011/05/19 22:53:08 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011/05/19 22:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2011/05/19 22:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2011/05/07 22:08:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2011/05/02 00:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

[2007/12/06 02:43:08 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

[2007/12/06 02:23:28 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll

[2007/12/06 02:23:27 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll

[2007/12/06 02:23:27 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

[2007/09/10 16:07:02 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

[2007/06/07 02:50:16 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbtih.exe

[2007/06/07 02:50:14 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbtcoms.exe

[2007/06/07 02:50:12 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbtcfg.exe

[2007/01/30 15:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbtpmui.dll

[2007/01/30 15:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbtserv.dll

[2007/01/30 15:38:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomm.dll

[2007/01/30 15:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbtlmpm.dll

[2007/01/30 15:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbtiesc.dll

[2007/01/30 15:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbtpplc.dll

[2007/01/30 15:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomc.dll

[2007/01/30 15:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbtprox.dll

[2007/01/30 15:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbtinpa.dll

[2007/01/30 15:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbtusb1.dll

[2007/01/30 15:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbthbn3.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\stellachurch\AppData\Local\*.tmp files -> C:\Users\stellachurch\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/28 10:22:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/28 10:18:43 | 000,691,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/05/28 10:18:43 | 000,138,124 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/05/28 10:10:45 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/28 10:10:41 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/05/28 10:10:41 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/05/28 10:10:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/05/28 10:10:31 | 1875,001,344 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/28 10:07:30 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\stellachurch\Desktop\OTL.exe

[2011/05/28 02:34:18 | 004,296,757 | R--- | M] (Swearware) -- C:\Users\stellachurch\Desktop\ComboFix.exe

[2011/05/28 00:17:12 | 000,000,947 | ---- | M] () -- C:\Users\stellachurch\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/05/26 21:24:02 | 000,000,680 | ---- | M] () -- C:\Users\stellachurch\AppData\Local\d3d9caps.dat

[2011/05/24 14:04:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/05/24 13:36:42 | 001,294,262 | ---- | M] () -- C:\Users\stellachurch\Desktop\tdsskiller.zip

[2011/05/24 11:02:30 | 001,422,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\stellachurch\Desktop\TDSSKiller.exe

[2011/05/23 15:54:58 | 000,606,104 | ---- | M] () -- C:\Users\stellachurch\Desktop\unhide.exe

[2011/05/22 16:05:26 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\stellachurch\Desktop\dds.scr

[2011/05/21 17:13:30 | 110,931,151 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/05/21 15:51:50 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/21 15:46:54 | 000,011,076 | -HS- | M] () -- C:\ProgramData\75bd3tfr3in6ixa60571p2m5j0l7822jtsp683

[2011/05/21 15:46:53 | 000,011,076 | -HS- | M] () -- C:\Users\stellachurch\AppData\Local\75bd3tfr3in6ixa60571p2m5j0l7822jtsp683

[2011/05/19 22:53:25 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011/05/15 13:56:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2011/05/15 13:56:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2011/05/10 20:55:56 | 000,000,000 | ---- | M] () -- C:\Users\stellachurch\AppData\Local\{700C4D1E-DE50-403D-A061-94DBAEF7695E}

[2011/05/08 20:31:00 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2011/05/07 22:10:21 | 000,010,548 | -HS- | M] () -- C:\Users\stellachurch\AppData\Local\nryt232bxk3mcxb

[2011/05/07 22:10:21 | 000,010,548 | -HS- | M] () -- C:\ProgramData\nryt232bxk3mcxb

[2011/05/07 14:04:31 | 000,000,120 | ---- | M] () -- C:\Users\stellachurch\AppData\Local\Sgacite.dat

[2011/05/07 14:04:31 | 000,000,000 | ---- | M] () -- C:\Users\stellachurch\AppData\Local\Akimikere.bin

[2011/05/02 00:19:42 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2011/05/02 00:19:42 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\stellachurch\AppData\Local\*.tmp files -> C:\Users\stellachurch\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/28 02:39:24 | 1875,001,344 | -HS- | C] () -- C:\hiberfil.sys

[2011/05/24 13:42:31 | 001,294,262 | ---- | C] () -- C:\Users\stellachurch\Desktop\tdsskiller.zip

[2011/05/23 16:22:32 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011/05/23 16:22:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/05/23 16:22:32 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2011/05/23 16:22:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/05/23 16:22:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/05/23 16:10:02 | 000,606,104 | ---- | C] () -- C:\Users\stellachurch\Desktop\unhide.exe

[2011/05/21 15:51:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/19 22:53:25 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011/05/15 21:26:17 | 000,011,076 | -HS- | C] () -- C:\Users\stellachurch\AppData\Local\75bd3tfr3in6ixa60571p2m5j0l7822jtsp683

[2011/05/15 21:06:08 | 000,011,076 | -HS- | C] () -- C:\ProgramData\75bd3tfr3in6ixa60571p2m5j0l7822jtsp683

[2011/05/15 13:56:51 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2011/05/15 13:56:51 | 000,000,000 | RHS- | C] () -- C:\IO.SYS

[2011/05/10 20:55:56 | 000,000,000 | ---- | C] () -- C:\Users\stellachurch\AppData\Local\{700C4D1E-DE50-403D-A061-94DBAEF7695E}

[2011/05/07 21:48:08 | 000,010,548 | -HS- | C] () -- C:\Users\stellachurch\AppData\Local\nryt232bxk3mcxb

[2011/05/07 21:45:18 | 000,010,548 | -HS- | C] () -- C:\ProgramData\nryt232bxk3mcxb

[2011/05/07 14:38:47 | 000,000,680 | ---- | C] () -- C:\Users\stellachurch\AppData\Local\d3d9caps.dat

[2011/05/07 14:04:31 | 000,000,120 | ---- | C] () -- C:\Users\stellachurch\AppData\Local\Sgacite.dat

[2011/05/07 14:04:31 | 000,000,000 | ---- | C] () -- C:\Users\stellachurch\AppData\Local\Akimikere.bin

[2010/05/15 01:46:55 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/02/21 14:38:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2010/02/21 14:38:44 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2008/04/17 17:01:21 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2008/01/30 04:03:44 | 000,031,232 | ---- | C] () -- C:\Users\stellachurch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/12/06 03:13:24 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2007/12/06 03:13:24 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2007/12/06 03:13:24 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2007/12/06 02:43:08 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe

[2007/12/06 02:42:42 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys

[2007/12/06 02:42:42 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys

[2007/12/06 02:41:52 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll

[2007/12/06 02:23:27 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys

[2007/09/10 18:43:28 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN4.dll

[2007/09/10 18:24:16 | 000,743,424 | R--- | C] () -- C:\Windows\libxml2.dll

[2007/09/10 18:22:01 | 000,872,448 | R--- | C] () -- C:\Windows\iconv.dll

[2007/09/10 16:07:00 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll

[2007/09/03 02:18:00 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini

[2007/09/03 02:18:00 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat

[2007/09/03 01:18:13 | 000,000,042 | ---- | C] () -- C:\Windows\PreLaunch.ini

[2007/09/03 01:18:12 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007/05/15 19:06:58 | 000,071,208 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll

[2007/04/25 17:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll

[2007/04/25 17:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll

[2007/04/25 17:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll

[2007/04/25 17:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll

[2007/04/25 17:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll

[2007/04/25 17:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll

[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2007/02/19 08:20:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlbtinsr.dll

[2007/02/19 08:20:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlbtcur.dll

[2007/02/19 08:20:02 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlbtjswr.dll

[2007/02/19 08:17:06 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlbtinsb.dll

[2007/02/19 08:17:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbtcub.dll

[2007/02/19 08:16:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbtcu.dll

[2007/02/19 08:16:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlbtins.dll

[2007/02/19 08:15:34 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlbtutil.dll

[2007/02/07 18:57:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbtcoin.dll

[2007/01/22 03:18:28 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlbtcfg.dll

[2006/12/25 16:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll

[2006/11/13 06:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin

[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 05:47:37 | 003,732,712 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 03:33:01 | 000,691,150 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 03:33:01 | 000,138,124 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 03:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005/08/18 11:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbtvs.dll

[2005/05/25 10:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbtcnv4.dll

[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

< End of report >

Extras.txt

OTL Extras logfile created on: 5/28/2011 10:16:56 AM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\stellachurch\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 47.76% Memory free

3.74 Gb Paging File | 2.32 Gb Available in Paging File | 61.99% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69.65 Gb Total Space | 12.47 Gb Free Space | 17.91% Space Free | Partition Type: NTFS

Drive D: | 69.64 Gb Total Space | 69.46 Gb Free Space | 99.75% Space Free | Partition Type: NTFS

Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive G: | 7.47 Gb Total Space | 3.99 Gb Free Space | 53.44% Space Free | Partition Type: FAT32

Computer Name: STELLACHURCH-PC | User Name: stellachurch | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ugl.exe" -a "%1" %*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ugl.exe" -a "%1" %*

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ugl.exe" -a "%1" %*

[HKEY_USERS\S-1-5-21-2463236954-426447529-565295891-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ugl.exe" -a "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0B4A081F-608D-4FBA-BCC5-D432135714E4}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |

"{5358DD7B-35F6-4571-BB8D-AD71CE63078D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

"{61865F65-8178-469F-8C48-5109C02E0DFA}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

"{C47B3165-48C5-4CC3-8030-FB6F8C0AC465}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{F7FF7EB8-19B2-4173-A16D-49FD36F933DC}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{06C17B1A-000F-4EBD-B97E-206593BD1545}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{1416A991-F0CB-4104-821C-37C9B205A8C1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{241B504C-9656-4A40-97F1-E74BDB017C84}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{43752021-C520-478A-BA29-95DFC1EDA38A}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{45381D50-AA50-41CE-90E7-8E8F122D8DB6}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{5718AA99-4F06-41EB-8BCF-399E9CC5A711}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{579F5529-99BF-4E40-99BC-EBFD12FB5CC4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{73BE72FB-9F27-441A-AA6F-524542B8A14E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{9D7F209B-2339-4166-AF79-54A686215BF9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A57A21B7-C1F3-4ABC-AFB9-A9986F3CCE52}" = protocol=6 | dir=in | app=c:\windows\system32\dlbtcoms.exe |

"{AC7FBCDA-6167-4E51-AEBA-455F6F3BC5A0}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{ADF11DD6-7A8F-4294-BFD8-73C8A54EFE23}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{B36FF33C-0470-4E9C-BD2B-6A77150FE37F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{C734373A-32FC-42AE-8CC0-F69ACE09384E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{D6D8CC21-3DB8-4D65-BBF5-B9F4B8753C79}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{E2BF6093-F3F0-4ECD-824A-9D7EA1DA37D5}" = protocol=17 | dir=in | app=c:\windows\system32\dlbtcoms.exe |

"{E8206A7C-D6DD-40CF-8E9C-1B6B35E69D2D}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4

"{0305EF07-5A9A-B463-C519-25832A9E4CE8}" = Catalyst Control Center Localization Hungarian

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0AC776EB-198A-84CD-3FFE-CA2D32526933}" = Catalyst Control Center Core Implementation

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{10DB7DD8-E13F-B111-7914-29ADE3365CD9}" = Catalyst Control Center Localization Chinese Standard

"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In

"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management

"{1459A7B4-4B95-A81C-7269-9A1B607C7936}" = Catalyst Control Center Graphics Light

"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F4B92EA-2471-E141-0D61-94A5DAEABE0F}" = Catalyst Control Center Localization French

"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{245CE5BE-2F5F-93F2-4A23-89F79ED8983E}" = Catalyst Control Center Localization Chinese Traditional

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21

"{27DC856A-0916-4988-8198-8714DDD3183D}" = AGEIA PhysX v7.05.17

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support

"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam

"{39E07413-443B-1FF9-C043-809E0490C338}" = Catalyst Control Center Localization Polish

"{3A4001E5-AC32-2A32-DFA6-EF60D1337B74}" = Catalyst Control Center Localization Danish

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3AE3393D-9098-231E-539C-EDD53CD26903}" = ccc-utility

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit

"{44105DBC-2DAA-E4B9-4DE1-0E21D071B961}" = ccc-core-static

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C6DCACE-F97A-726A-8A35-11F777ED55E0}" = Catalyst Control Center Localization Italian

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management

"{5E205568-85BA-816F-A312-4AB67FCCA457}" = Catalyst Control Center Localization Dutch

"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI

"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6E0A60AB-3495-05BC-2504-ADBB49725A52}" = Catalyst Control Center Localization Thai

"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow

"{7004AFD8-DC8E-E620-D663-34BE9FD3EEB8}" = Catalyst Control Center Localization Japanese

"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{78764173-3805-4916-B3CE-B433702B8870}" = O2Micro Flash Memory Card Reader Driver Installer(x86)

"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{9117B25F-DBD4-CA4F-AABE-027A258803C7}" = Catalyst Control Center Localization Finnish

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92E59B06-D9A5-4292-05A7-681A8CECB59B}" = Catalyst Control Center Localization Swedish

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{96734FC2-EAAB-531A-64EE-966F3A46462D}" = Catalyst Control Center Localization Greek

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9E8CB3AC-7E96-00D3-8D65-CC392C25E083}" = Catalyst Control Center Localization Portuguese

"{A1CF1BF3-757F-8148-3C12-6311DF91A1BD}" = Catalyst Control Center Localization Korean

"{A267DEE4-2CD3-50D6-BDA8-A56E6BF123FB}" = ATI Catalyst Install Manager

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management

"{B1F94B88-6F78-DCD7-F993-877393C4B39C}" = Catalyst Control Center Localization Spanish

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BC4A54D6-6591-4D01-AE21-C9ABAAF69D7F}" = Microsoft Expression Encoder 4

"{BC9A0FCA-41BE-0F9F-243C-6C3F02F4ECE5}" = Catalyst Control Center Localization Norwegian

"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management

"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management

"{C0E96ECB-8A28-363F-B877-674C4696A49B}" = Catalyst Control Center Localization Russian

"{C3B3BB74-B49D-4B15-A5D4-863426EB96E0}" = Catalyst Control Center - Branding

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1

"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

Are you using the Akamai NetSession Interface? If not, can you uninstall it using add/remove programs.

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlicon.png on your desktop.
  2. Copy and Paste the following code into the customscanfix.png textbox.
    :otl
    O37 - HKLM\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ugl.exe" -a "%1" %*
    O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ugl.exe" -a "%1" %*
    O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ugl.exe" -a "%1" %*

    :commands
    [reboot]


  3. Push runfix.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click the OK button.
  6. A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.