Google and Yahoo Redirecting Virus?

December 10, 2009 at 01:39:29
Specs: Windows 7
I don't know if I have a virus or some sort of malware. I noticed this has been a common problem in the past few days. I am also infected with this problem and I have tried a few solutions and all were unsuccessful. The only thing that came close was ComboFix. I ran ComboFix and it temporarily solves the problem until I restart my computer, where the redirected search engine happens again. Anyone have an idea of what I can do to fix this annoyance?

See More: Google and Yahoo Redirecting Virus?

Report •


#1
December 10, 2009 at 14:14:31
Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Please post the contents of both logs (in separate post) in your next reply. It may take 3 to 4 post to get the entire log to us.

Download Gmer.exe from the following link.

Link1

1. Disconnect from the Internet and close all running programs.
2. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
3. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
4. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
5. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
6. If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
7. Now click the Scan button. If you see a rootkit warning window, click OK.
8. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
9. Click the Copy button and paste the results into your next reply.
•Exit GMER and re-enable all active protection when done.


Report •

#2
December 10, 2009 at 15:11:28
Thank you for responding Jabuck,

I ran RSIT and got a "AutoIt Error" which says, "Line -1: Error: Variable used without being declared."

I think this may be the reason why I can only find the log.txt. The info.text was no in the folder....

Heres the log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dustin at 2009-12-10 17:23:15
Microsoft Windows 7 Ultimate
System drive C: has 105 GB (46%) free of 226 GB
Total RAM: 3062 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:19 PM, on 12/10/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\YouCam\YouCamTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dustin\Desktop\RSIT.exe
C:\Program Files\trend micro\Dustin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe

--
End of file - 4960 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Puxghth.job
C:\Windows\tasks\RegAce Scheduled Scan - Dustin.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-10-10 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-10 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-06-16 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-06-16 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-06-16 150552]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-11-26 2029336]
"Zune Launcher"=C:\Program Files\Zune\ZuneLauncher.exe [2009-09-04 158448]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-05-05 1466368]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"YouCam Mirror Tray icon"=C:\Program Files\CyberLink\YouCam\YouCamTray.exe [2009-06-11 162912]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-03 1394000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-10 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-11-16 2054360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor]
C:\Program Files\UnHackMe\hackmon.exe [2008-12-22 231648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-06-16 216576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-13 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-26 2210608]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2009-12-10 17:08:53 ----D---- C:\ProgramData\RegAce
2009-12-10 17:08:44 ----D---- C:\Program Files\RegAce
2009-12-10 17:07:40 ----A---- C:\ComboFix.txt
2009-12-10 17:07:02 ----SHD---- C:\$RECYCLE.BIN
2009-12-10 16:56:49 ----D---- C:\Qoobox
2009-12-10 16:16:06 ----D---- C:\Program Files\SpywareBlaster
2009-12-10 15:45:47 ----A---- C:\Windows\system32\javaws.exe
2009-12-10 15:45:47 ----A---- C:\Windows\system32\javaw.exe
2009-12-10 15:45:47 ----A---- C:\Windows\system32\java.exe
2009-12-10 15:45:38 ----D---- C:\Program Files\Java
2009-12-10 15:08:38 ----D---- C:\rsit
2009-12-10 15:08:38 ----D---- C:\Program Files\trend micro
2009-12-10 04:10:33 ----A---- C:\Windows\zip.exe
2009-12-10 04:10:33 ----A---- C:\Windows\SWXCACLS.exe
2009-12-10 04:10:33 ----A---- C:\Windows\SWSC.exe
2009-12-10 04:10:33 ----A---- C:\Windows\SWREG.exe
2009-12-10 04:10:33 ----A---- C:\Windows\sed.exe
2009-12-10 04:10:33 ----A---- C:\Windows\PEV.exe
2009-12-10 04:10:33 ----A---- C:\Windows\NIRCMD.exe
2009-12-10 04:10:33 ----A---- C:\Windows\MBR.exe
2009-12-10 04:10:33 ----A---- C:\Windows\grep.exe
2009-12-10 02:55:53 ----A---- C:\Windows\system32\PARTIZAN.TXT
2009-12-10 02:51:33 ----RASHOT---- C:\Windows\winstart.bat
2009-12-10 02:49:37 ----D---- C:\Program Files\UnHackMe
2009-12-10 02:32:38 ----D---- C:\ProgramData\ESET
2009-12-10 02:32:38 ----D---- C:\Program Files\ESET
2009-12-10 01:21:47 ----D---- C:\Users\Dustin\AppData\Roaming\Summitsoft
2009-12-10 01:16:31 ----D---- C:\Program Files\Website Layout Maker
2009-12-09 22:39:39 ----D---- C:\Program Files\WebSite X5 v8 - Evolution
2009-12-09 22:38:55 ----A---- C:\Windows\system32\VB5STKIT.DLL
2009-12-09 22:38:55 ----A---- C:\Windows\system32\MSVBVM50.dll
2009-12-09 22:38:55 ----A---- C:\Windows\system32\iwpsetup.exe
2009-12-09 22:28:28 ----D---- C:\Program Files\WPF Toolkit
2009-12-09 22:28:18 ----D---- C:\Program Files\Microsoft SDKs
2009-12-09 22:28:00 ----A---- C:\Windows\system32\D3DX9_39.dll
2009-12-09 22:27:06 ----D---- C:\Program Files\Microsoft Expression
2009-12-09 21:01:23 ----D---- C:\Users\Dustin\AppData\Roaming\Stormdance
2009-12-09 21:01:23 ----D---- C:\ProgramData\Stormdance
2009-12-09 21:00:42 ----D---- C:\Program Files\Antenna
2009-12-09 20:39:48 ----A---- C:\Windows\Relax.ini
2009-12-09 20:39:37 ----D---- C:\StudioLine3
2009-12-09 20:39:37 ----D---- C:\Program Files\StudioLine Web
2009-12-09 20:33:24 ----A---- C:\Windows\MyProg.ini
2009-12-09 20:18:56 ----D---- C:\Program Files\BannerDesignerPro
2009-12-09 20:00:06 ----D---- C:\Users\Dustin\AppData\Roaming\MAGIX
2009-12-09 19:59:57 ----A---- C:\Windows\system32\msxml4a.dll
2009-12-09 19:57:23 ----D---- C:\ProgramData\MAGIX
2009-12-09 19:57:23 ----D---- C:\Program Files\MAGIX
2009-12-09 19:57:23 ----A---- C:\Windows\system32\DLLDEV32i.dll
2009-12-09 19:56:34 ----D---- C:\Program Files\Common Files\MAGIX Services
2009-12-09 19:44:16 ----D---- C:\Windows\Sun
2009-12-09 18:21:59 ----D---- C:\Users\Dustin\AppData\Roaming\MyLogoMaker
2009-12-09 18:19:20 ----D---- C:\Program Files\MySoftware
2009-12-09 16:00:00 ----D---- C:\Users\Dustin\AppData\Roaming\Serif
2009-12-09 15:58:01 ----D---- C:\Program Files\Common Files\MSSoap
2009-12-09 15:57:25 ----D---- C:\Program Files\Serif
2009-12-09 15:54:56 ----D---- C:\Users\Dustin\AppData\Roaming\DAEMON Tools Lite
2009-12-09 15:54:54 ----D---- C:\ProgramData\DAEMON Tools Lite
2009-12-09 14:32:30 ----A---- C:\Windows\bluevoda.ini
2009-12-09 13:17:13 ----A---- C:\Windows\iun6002.exe
2009-12-09 13:16:48 ----D---- C:\Program Files\BlueVoda Website Builder
2009-12-09 13:16:43 ----A---- C:\Windows\BlueVoda Website Builder Setup Log.txt
2009-12-09 12:21:41 ----D---- C:\Windows\ERDNT
2009-12-09 04:07:41 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 04:07:41 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-09 03:07:07 ----D---- C:\Users\Dustin\AppData\Roaming\Malwarebytes
2009-12-09 03:07:00 ----D---- C:\ProgramData\Malwarebytes
2009-12-09 03:06:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-09 02:51:48 ----D---- C:\Program Files\CCleaner
2009-12-09 02:48:23 ----D---- C:\Windows\system32\appmgmt
2009-12-08 18:43:04 ----D---- C:\Users\Dustin\AppData\Roaming\InstallShield
2009-12-08 18:31:06 ----D---- C:\ProgramData\SecTaskMan
2009-12-08 18:31:00 ----D---- C:\Program Files\Security Task Manager
2009-12-08 18:29:32 ----RASH---- C:\Windows\system32\oddbse32K.dll
2009-12-08 18:24:03 ----D---- C:\Users\Dustin\AppData\Roaming\IDMComp
2009-12-08 18:22:48 ----D---- C:\Program Files\IDM Computer Solutions
2009-12-08 18:16:36 ----HDC---- C:\ProgramData\{88C30C03-9CEB-4B20-8E87-D79916B8B645}
2009-12-08 17:55:39 ----D---- C:\Program Files\BackToTheBeach
2009-12-08 17:55:38 ----D---- C:\Users\Dustin\AppData\Roaming\BackToTheBeach
2009-12-08 17:55:37 ----D---- C:\ProgramData\BackToTheBeach
2009-12-08 17:04:12 ----A---- C:\Windows\WebEasy.INI
2009-12-08 01:19:25 ----A---- C:\Windows\UnDeploy.exe
2009-12-06 23:46:42 ----D---- C:\Program Files\Nero
2009-12-06 23:46:28 ----D---- C:\Program Files\Common Files\Nero
2009-11-30 19:30:07 ----D---- C:\ProgramData\QuickTime
2009-11-30 19:29:50 ----D---- C:\Program Files\eMedia Rock Guitar Method
2009-11-30 15:53:40 ----D---- C:\Program Files\MagicDisc
2009-11-29 21:57:15 ----D---- C:\Program Files\eMedia Guitar Method
2009-11-29 21:38:51 ----D---- C:\Program Files\MagicISO
2009-11-29 21:21:24 ----D---- C:\Program Files\Guitar Pro 5
2009-11-25 03:00:42 ----A---- C:\Windows\system32\tzres.dll
2009-11-24 17:55:34 ----D---- C:\Users\Dustin\AppData\Roaming\skypePM
2009-11-24 17:51:38 ----D---- C:\Users\Dustin\AppData\Roaming\Skype
2009-11-24 17:51:12 ----RD---- C:\Program Files\Skype
2009-11-24 17:51:12 ----D---- C:\Program Files\Common Files\Skype
2009-11-24 17:51:07 ----D---- C:\ProgramData\Skype
2009-11-12 01:16:56 ----A---- C:\Windows\system32\rrsec2k.exe
2009-11-12 01:16:56 ----A---- C:\Windows\system32\rrsec.dll
2009-11-12 01:16:55 ----D---- C:\Program Files\Registrar Registry Manager
2009-11-12 01:12:45 ----D---- C:\Program Files\Easy Video Splitter

======List of files/folders modified in the last 1 months======

2009-12-10 17:23:17 ----D---- C:\Windows\Temp
2009-12-10 17:22:26 ----D---- C:\Windows\Prefetch
2009-12-10 17:13:25 ----D---- C:\Program Files\Mozilla Firefox
2009-12-10 17:09:07 ----D---- C:\Windows\system32\Tasks
2009-12-10 17:09:06 ----D---- C:\Windows\Tasks
2009-12-10 17:08:53 ----D---- C:\ProgramData
2009-12-10 17:08:44 ----RD---- C:\Program Files
2009-12-10 17:05:34 ----D---- C:\Windows
2009-12-10 17:05:34 ----A---- C:\Windows\system.ini
2009-12-10 17:03:02 ----D---- C:\Windows\System32
2009-12-10 17:02:11 ----D---- C:\Windows\system32\drivers
2009-12-10 17:02:11 ----D---- C:\Windows\AppPatch
2009-12-10 17:02:09 ----D---- C:\Program Files\Common Files
2009-12-10 16:59:24 ----D---- C:\Windows\system32\config
2009-12-10 16:46:50 ----D---- C:\Windows\inf
2009-12-10 16:46:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-10 16:15:23 ----SHD---- C:\System Volume Information
2009-12-10 15:45:49 ----SHD---- C:\Windows\Installer
2009-12-10 15:45:39 ----A---- C:\Windows\system32\deploytk.dll
2009-12-10 05:03:16 ----D---- C:\Windows\Microsoft.NET
2009-12-10 05:01:56 ----RSD---- C:\Windows\assembly
2009-12-10 02:54:47 ----D---- C:\Users\Dustin\AppData\Roaming\uTorrent
2009-12-10 02:36:55 ----SD---- C:\Users\Dustin\AppData\Roaming\Microsoft
2009-12-10 01:39:24 ----D---- C:\Windows\debug
2009-12-09 22:28:10 ----D---- C:\Windows\winsxs
2009-12-09 22:27:51 ----D---- C:\Windows\Logs
2009-12-09 22:27:06 ----SD---- C:\ProgramData\Microsoft
2009-12-09 20:02:22 ----RSD---- C:\Windows\Fonts
2009-12-09 06:26:38 ----D---- C:\Windows\ServiceProfiles
2009-12-09 04:07:35 ----D---- C:\Windows\system32\catroot2
2009-12-09 04:07:35 ----D---- C:\Windows\system32\catroot
2009-12-08 19:38:49 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-08 16:54:23 ----D---- C:\Program Files\Common Files\microsoft shared
2009-12-07 17:04:59 ----D---- C:\Users\Dustin\AppData\Roaming\vlc
2009-12-06 23:46:29 ----D---- C:\ProgramData\Nero
2009-12-05 12:37:09 ----D---- C:\$AVG8.VAULT$
2009-12-04 13:18:20 ----D---- C:\Windows\MSAgent
2009-12-02 11:45:52 ----D---- C:\Users\Dustin\AppData\Roaming\dvdcss
2009-12-01 15:06:19 ----A---- C:\Windows\system32\MRT.exe
2009-11-30 19:30:00 ----A---- C:\Windows\win.ini
2009-11-30 15:54:09 ----D---- C:\Windows\system32\DriverStore
2009-11-26 06:20:11 ----D---- C:\Windows\rescache
2009-11-25 03:00:52 ----D---- C:\Windows\system32\en-US
2009-11-11 19:17:43 ----D---- C:\Windows\system32\wdi


Report •

#3
December 10, 2009 at 15:12:11
Here is my GMER Log

GMER 1.0.15.15273 - http://www.gmer.net
Rootkit scan 2009-12-10 18:11:13
Windows 6.1.7600
Running: bc07wnst.exe; Driver: C:\Users\Dustin\AppData\Local\Temp\pxryrpow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A34AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A34104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A343F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1C634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1C898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A341DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A34958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A346F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A34F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A351A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A94579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB8F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9A68DC9D 28 Bytes [0F, B3, 4B, 88, 50, A2, E1, ...]
.text peauth.sys 9A68DCC1 28 Bytes [0F, B3, 4B, 88, 50, A2, E1, ...]
PAGE peauth.sys 9A693B9B 72 Bytes [A7, EB, 61, 98, C5, 49, CA, ...]
PAGE peauth.sys 9A693BEC 111 Bytes [90, D8, E3, 36, 6D, 54, AD, ...]
PAGE peauth.sys 9A693E20 101 Bytes [E4, AB, C5, 7C, 58, 57, 2A, ...]
PAGE ...
? C:\Users\Dustin\AppData\Local\Temp\catchme.sys The system cannot find the file specified. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1700] kernel32.dll!SetUnhandledExceptionFilter 76083142 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] ntdll.dll!NtQueryInformationProcess 778E5490 5 Bytes JMP 00BE0A8E
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] WS2_32.dll!closesocket 77A93BED 5 Bytes JMP 00BD7C46
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] WS2_32.dll!recv 77A947DF 5 Bytes JMP 00BD7A06
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] WS2_32.dll!WSASend 77A968A7 5 Bytes JMP 00BD7AAA
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] WS2_32.dll!WSARecv 77A9C29F 5 Bytes JMP 00BD7B65
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] WS2_32.dll!send 77A9C4C8 5 Bytes JMP 00BD7966
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] USER32.dll!DrawTextExW 77717BDD 5 Bytes JMP 00BD8103
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] USER32.dll!DrawTextW 77718220 5 Bytes JMP 00BD7F41
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] USER32.dll!DrawTextA 7772A482 5 Bytes JMP 00BD7E66
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] USER32.dll!DrawTextExA 7772A4B9 5 Bytes JMP 00BD801C
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] GDI32.dll!ExtTextOutW 779F8053 5 Bytes JMP 00BD82CE
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] GDI32.dll!GetGlyphIndicesW 779FB521 5 Bytes JMP 00BD874A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] GDI32.dll!ExtTextOutA 77A00158 5 Bytes JMP 00BD81EA
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] GDI32.dll!TextOutA 77A00878 5 Bytes JMP 00BD7CCE
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] GDI32.dll!TextOutW 77A114B9 5 Bytes JMP 00BD7D9A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] GDI32.dll!GetGlyphIndicesA 77A1BC42 5 Bytes JMP 00BD8681
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] SHELL32.dll!PathIsExe + 713 76B0B780 4 Bytes [89, 92, 9B, 69]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] SHELL32.dll!PathIsExe + 71B 76B0B788 4 Bytes [A4, 91, 9B, 69]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] SHELL32.dll!PathIsExe + 72F 76B0B79C 4 Bytes [F2, 68, 9A, 69]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] SHELL32.dll!PathIsExe + 737 76B0B7A4 1 Byte [60]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] SHELL32.dll!PathIsExe + 737 76B0B7A4 4 Bytes [60, 69, 9A, 69]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] SHELL32.dll!SHParseDisplayName + 1E5A 76B338A8 4 Bytes [89, 92, 9B, 69]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] SHELL32.dll!SHParseDisplayName + 1E62 76B338B0 4 Bytes [A4, 91, 9B, 69]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] SHELL32.dll!SHParseDisplayName + 1E72 76B338C0 4 Bytes [1D, 6A, 9A, 69]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] SHELL32.dll!SHCreateDirectoryExW + E08 76B5DF50 4 Bytes [89, 92, 9B, 69]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4484] SHELL32.dll!SHCreateDirectoryExW + E10 76B5DF58 8 Bytes [A4, 91, 9B, 69, 2C, 93, 9B, ...]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[1628] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75915D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1628] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75915D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1628] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75915D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1628] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75915D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3460] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75915D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3460] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75915D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3460] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75915D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3460] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75915D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4328] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [746B250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4328] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [746B2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4328] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [74695624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4328] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [746956E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4328] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [746A8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4328] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [746A4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4328] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [746A50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4328] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [746A51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4328] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746A66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4328] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [746A82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4328] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [746A8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4328] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [746A907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4328] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [746AE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4328] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [746A4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4416] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [746B250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4416] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [746B2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4416] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [74695624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4416] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [746956E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4416] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [746A8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4416] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [746A4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4416] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [746A50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4416] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [746A51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4416] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746A66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4416] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [746A82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4416] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [746A8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4416] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [746A907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4416] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [746AE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4416] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [746A4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4484] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75915D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4484] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75915D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4484] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75915D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4484] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75915D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4484] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75915D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4484] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75915D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4484] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [75915D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:248] 860D2930

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----


Report •

Related Solutions

#4
December 10, 2009 at 16:01:48
Please download
1. MBR.EXE by GMER. Save the file in C:\

Run Command Prompt as administrator:
Click on Start button.
Type Cmd in the Start Search text box.
Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator.
Copy and paste the following lines one by one in the open command window and press Enter after each line:

cd\
c:\mbr.exe -t
c:\mbr.log

A log file (c:\mbr.log) will open. Post the contents of it to your reply.


Report •

#5
December 10, 2009 at 16:26:35
Ok that was easy enough, heres the MBR log...

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
kernel: MBR read successfully
user & kernel MBR OK


Report •

#6
December 10, 2009 at 16:38:30
Ok, run it again with this code:

cd\
c:\mbr.exe -f
c:\mbr.log

and post its log.


Report •

#7
December 10, 2009 at 16:49:17
heres the log

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


Report •

#8
December 10, 2009 at 17:21:38
Much better.

If you have two antivirus programs (AVG and Eset) uninstall one of them as they will conflict and every which one you keep disable it before running ComboFix

Remember..your AVG antivirus, and any anti-spyware that you may have ( not spywareblaster)must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.


Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#9
December 10, 2009 at 17:44:59
Ok I uninstalled the ESET AV software...

Heres the ComboFix Log

ComboFix 09-12-10.01 - Dustin 12/10/2009 20:38:18.7.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3062.2170 [GMT -5:00]
Running from: c:\users\Dustin\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((( Files Created from 2009-11-11 to 2009-12-11 )))))))))))))))))))))))))))))))
.

2009-12-11 01:44 . 2009-12-11 01:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-11 01:44 . 2009-12-11 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-11 01:37 . 2009-12-11 01:37 -------- d-----w- C:\32788R22FWJFW
2009-12-11 00:26 . 2009-12-11 00:26 77312 ----a-w- C:\mbr.exe
2009-12-10 22:28 . 2009-12-10 22:29 -------- d-----w- C:\gmer
2009-12-10 22:08 . 2009-12-10 22:08 -------- d-----w- c:\programdata\RegAce
2009-12-10 22:08 . 2009-12-10 22:16 -------- d-----w- c:\program files\RegAce
2009-12-10 21:16 . 2009-12-10 21:16 -------- d-----w- c:\program files\SpywareBlaster
2009-12-10 20:45 . 2009-12-10 20:45 -------- d-----w- c:\program files\Java
2009-12-10 20:08 . 2009-12-10 22:23 -------- d-----w- c:\program files\trend micro
2009-12-10 20:08 . 2009-12-10 20:08 -------- d-----w- C:\rsit
2009-12-10 08:19 . 2009-12-11 01:44 -------- d-----w- c:\users\Dustin\AppData\Local\temp
2009-12-10 08:09 . 2009-12-10 08:09 -------- d-----w- c:\users\Dustin\AppData\Local\ESET
2009-12-10 07:51 . 2009-12-10 07:51 -------- d-----w- c:\users\Dustin\AppData\Local\Downloaded Installations
2009-12-10 07:51 . 2009-12-10 07:51 2 --shatr- c:\windows\winstart.bat
2009-12-10 07:50 . 2008-12-22 20:56 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-12-10 07:49 . 2009-12-10 07:52 -------- d-----w- c:\program files\UnHackMe
2009-12-10 06:21 . 2009-12-10 06:21 -------- d-----w- c:\users\Dustin\AppData\Roaming\Summitsoft
2009-12-10 06:16 . 2009-12-10 06:16 -------- d-----w- c:\program files\Website Layout Maker
2009-12-10 03:39 . 2009-12-10 03:47 -------- d-----w- c:\program files\WebSite X5 v8 - Evolution
2009-12-10 03:38 . 2009-05-14 21:26 207872 ----a-w- c:\windows\system32\iwpsetup.exe
2009-12-10 03:38 . 2001-08-31 19:00 1355776 ----a-w- c:\windows\system32\MSVBVM50.dll
2009-12-10 03:38 . 1997-01-16 05:00 29696 ----a-w- c:\windows\system32\VB5STKIT.DLL
2009-12-10 03:28 . 2009-12-10 03:28 -------- d-----w- c:\program files\WPF Toolkit
2009-12-10 03:28 . 2009-12-10 03:28 -------- d-----w- c:\program files\Microsoft SDKs
2009-12-10 03:28 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-12-10 03:27 . 2009-12-10 03:29 -------- d-----w- c:\program files\Microsoft Expression
2009-12-10 02:01 . 2009-12-10 02:01 -------- d-----w- c:\users\Dustin\AppData\Roaming\Stormdance
2009-12-10 02:01 . 2009-12-10 02:01 -------- d-----w- c:\programdata\Stormdance
2009-12-10 02:00 . 2009-12-10 02:01 -------- d-----w- c:\program files\Antenna
2009-12-10 01:39 . 2009-12-10 01:50 -------- d-----w- C:\StudioLine3
2009-12-10 01:39 . 2009-12-10 01:48 -------- d-----w- c:\program files\StudioLine Web
2009-12-10 01:18 . 2009-12-10 01:20 -------- d-----w- c:\program files\BannerDesignerPro
2009-12-10 01:00 . 2009-12-10 01:00 -------- d-----w- c:\users\Dustin\AppData\Roaming\MAGIX
2009-12-10 01:00 . 2009-12-10 01:00 -------- d-----w- c:\users\Dustin\AppData\Local\Xara
2009-12-10 00:59 . 2003-04-18 21:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-12-10 00:57 . 2009-12-10 01:02 -------- d-----w- c:\programdata\MAGIX
2009-12-10 00:57 . 2009-12-10 00:57 -------- d-----w- c:\program files\MAGIX
2009-12-10 00:57 . 2007-04-27 15:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2009-12-10 00:56 . 2009-12-10 00:56 -------- d-----w- c:\program files\Common Files\MAGIX Services
2009-12-10 00:44 . 2009-12-10 00:44 -------- d-----w- c:\windows\Sun
2009-12-09 23:21 . 2009-12-09 23:22 -------- d-----w- c:\users\Dustin\AppData\Roaming\MyLogoMaker
2009-12-09 23:19 . 2009-12-09 23:19 -------- d-----w- c:\program files\MySoftware
2009-12-09 21:00 . 2009-12-09 21:00 -------- d-----w- c:\users\Dustin\AppData\Roaming\Serif
2009-12-09 20:57 . 2009-12-09 20:57 -------- d-----w- c:\program files\Serif
2009-12-09 20:54 . 2009-12-09 20:54 -------- d-----w- c:\users\Dustin\AppData\Roaming\DAEMON Tools Lite
2009-12-09 20:54 . 2009-12-09 20:54 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-09 18:17 . 2009-12-09 18:16 720896 ----a-w- c:\windows\iun6002.exe
2009-12-09 18:16 . 2009-12-09 18:17 -------- d-----w- c:\program files\BlueVoda Website Builder
2009-12-09 08:07 . 2009-12-09 08:07 -------- d-----w- c:\users\Dustin\AppData\Roaming\Malwarebytes
2009-12-09 08:07 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-09 08:07 . 2009-12-09 08:07 -------- d-----w- c:\programdata\Malwarebytes
2009-12-09 08:06 . 2009-12-09 08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-09 08:06 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-09 07:51 . 2009-12-09 07:51 -------- d-----w- c:\program files\CCleaner
2009-12-09 07:47 . 2009-12-09 07:47 105 ----a-w- c:\programdata\SecTaskMan\icn_E912589060B8B7142A201A6B16367FE8.dll
2009-12-09 07:47 . 2009-12-09 07:47 105 ----a-w- c:\programdata\SecTaskMan\icn_B88C74FF31773114A8478ADB3C3D05BE.dll
2009-12-09 07:47 . 2009-12-09 07:47 105 ----a-w- c:\programdata\SecTaskMan\icn_894C6A2D4849F1C49A4483CC26701975.dll
2009-12-09 07:47 . 2009-12-09 07:47 105 ----a-w- c:\programdata\SecTaskMan\icn_66DC40433F6E9DC45B0A65AAE1C15102.dll
2009-12-09 07:47 . 2009-12-09 07:47 105 ----a-w- c:\programdata\SecTaskMan\icn_0C644970258A8FC4E90E36DB8F7FA6F0.dll
2009-12-08 23:43 . 2009-12-08 23:43 -------- d-----w- c:\users\Dustin\AppData\Roaming\InstallShield
2009-12-08 23:29 . 2009-12-08 23:29 108032 --sha-r- c:\windows\system32\oddbse32K.dll
2009-12-08 23:24 . 2009-12-08 23:27 -------- d-----w- c:\users\Dustin\AC94B85D500D4B98ADE53E391934BB0A.TMP
2009-12-08 23:24 . 2009-12-08 23:24 -------- d-----w- c:\users\Dustin\AppData\Roaming\IDMComp
2009-12-08 23:22 . 2009-12-08 23:27 -------- d-----w- c:\program files\IDM Computer Solutions
2009-12-08 23:21 . 2009-11-03 07:39 2829880 -c--a-w- c:\programdata\{88C30C03-9CEB-4B20-8E87-D79916B8B645}\webstudio5install.exe
2009-12-08 23:21 . 2009-12-08 23:23 -------- d-----w- c:\users\Dustin\D9E839BE66FC48C9BF97DB2802197EA7.TMP
2009-12-08 23:19 . 2004-02-02 16:23 40960 -c--a-w- c:\programdata\{88C30C03-9CEB-4B20-8E87-D79916B8B645}\MinimalArtCollection\26421510\7B3DAC37\depotz.exe
2009-12-08 23:19 . 1999-12-07 20:00 143632 -c--a-w- c:\programdata\{88C30C03-9CEB-4B20-8E87-D79916B8B645}\MinimalArtCollection\26421510\6C1BF956\MSConv97.DLL
2009-12-08 23:16 . 2009-12-08 23:21 -------- dc-h--w- c:\programdata\{88C30C03-9CEB-4B20-8E87-D79916B8B645}
2009-12-08 22:55 . 2009-12-08 23:21 -------- d-----w- c:\program files\BackToTheBeach
2009-12-08 22:55 . 2009-12-08 22:55 -------- d-----w- c:\users\Dustin\AppData\Roaming\BackToTheBeach
2009-12-08 22:55 . 2009-12-08 22:55 -------- d-----w- c:\programdata\BackToTheBeach
2009-12-08 22:11 . 2009-12-08 22:11 -------- d-----w- c:\users\Dustin\AppData\Local\Diagnostics
2009-12-08 06:19 . 2003-03-31 06:53 59392 ----a-w- c:\windows\UnDeploy.exe
2009-12-08 05:42 . 2009-12-08 05:42 -------- d-----w- c:\users\Dustin\AppData\Local\TechSmith
2009-12-07 04:46 . 2009-12-07 04:46 -------- d-----w- c:\program files\Nero
2009-12-07 04:46 . 2009-12-07 04:47 -------- d-----w- c:\program files\Common Files\Nero
2009-12-01 00:30 . 2009-12-01 00:30 -------- d-----w- c:\programdata\QuickTime
2009-12-01 00:29 . 2009-12-01 00:30 -------- d-----w- c:\program files\eMedia Rock Guitar Method
2009-11-30 20:53 . 2009-02-24 23:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-11-30 20:53 . 2009-11-30 20:54 -------- d-----w- c:\program files\MagicDisc
2009-11-30 02:57 . 2009-11-30 02:57 -------- d-----w- c:\program files\eMedia Guitar Method
2009-11-30 02:38 . 2009-11-30 02:39 -------- d-----w- c:\program files\MagicISO
2009-11-30 02:21 . 2009-11-30 02:21 -------- d-----w- c:\program files\Guitar Pro 5
2009-11-25 08:00 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 22:55 . 2009-12-10 19:47 -------- d-----w- c:\users\Dustin\AppData\Roaming\skypePM
2009-11-24 22:51 . 2009-12-10 20:45 -------- d-----w- c:\users\Dustin\AppData\Roaming\Skype
2009-11-24 22:51 . 2009-11-24 22:51 -------- d-----r- c:\program files\Skype
2009-11-24 22:51 . 2009-11-24 22:51 -------- d-----w- c:\program files\Common Files\Skype
2009-11-24 22:51 . 2009-11-24 22:51 -------- d-----w- c:\programdata\Skype
2009-11-12 06:35 . 2009-11-06 15:44 38968 ----a-w- c:\windows\system32\rrMon.sys
2009-11-12 06:16 . 2009-11-12 06:16 -------- d-----w- c:\program files\Registrar Registry Manager
2009-11-12 06:12 . 2009-11-12 06:32 -------- d-----w- c:\program files\Easy Video Splitter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 00:10 . 2009-10-10 10:52 -------- d-----w- c:\users\Dustin\AppData\Roaming\uTorrent
2009-12-10 20:45 . 2009-10-20 02:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-10 02:09 . 2009-10-10 11:02 145312 ----a-w- c:\users\Dustin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-09 07:56 . 2009-12-08 23:31 -------- d-----w- c:\programdata\SecTaskMan
2009-12-09 00:38 . 2009-10-12 01:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-07 22:04 . 2009-10-10 17:40 -------- d-----w- c:\users\Dustin\AppData\Roaming\vlc
2009-12-07 04:46 . 2009-10-26 22:01 -------- d-----w- c:\programdata\Nero
2009-12-02 16:45 . 2009-11-05 20:45 -------- d-----w- c:\users\Dustin\AppData\Roaming\dvdcss
2009-11-24 22:55 . 2009-11-24 22:55 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-11-10 06:35 . 2009-11-10 06:35 -------- d-----w- c:\program files\Xilisoft
2009-11-09 17:50 . 2009-11-09 17:50 -------- d-----w- c:\users\Dustin\AppData\Roaming\Publish Providers
2009-11-09 17:50 . 2009-11-09 17:46 -------- d-----w- c:\users\Dustin\AppData\Roaming\Sony
2009-11-09 17:40 . 2009-11-09 17:40 -------- d-----w- c:\programdata\Sony
2009-11-09 17:40 . 2009-11-09 17:40 -------- d-----w- c:\program files\Sony
2009-11-04 20:41 . 2009-11-04 20:41 -------- d-----w- c:\program files\Comical
2009-11-03 03:30 . 2009-12-08 23:20 19955200 -c--a-w- c:\programdata\{88C30C03-9CEB-4B20-8E87-D79916B8B645}\WebStudio5.0\2ABEBF0A\70570FAB\WebStudio.exe
2009-11-03 01:42 . 2009-10-10 10:54 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-27 07:01 . 2009-10-27 07:01 -------- d-----w- c:\program files\MSXML 4.0
2009-10-26 22:38 . 2009-10-26 22:38 -------- d-----w- c:\programdata\LightScribe
2009-10-26 22:00 . 2009-10-26 22:00 -------- d-----w- c:\program files\Common Files\LightScribe
2009-10-22 08:22 . 2009-10-22 08:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-21 11:22 . 2009-10-10 11:08 -------- d-----w- c:\programdata\avg8
2009-10-19 22:39 . 2009-10-19 22:35 -------- d-----w- c:\users\Dustin\AppData\Roaming\TypingMaster7
2009-10-19 22:35 . 2009-10-19 22:35 -------- d-----r- c:\program files\TypingMaster
2009-10-14 06:37 . 2009-10-14 06:37 -------- d-----w- c:\program files\Photof---et
2009-10-13 11:31 . 2009-10-13 11:31 -------- d-----w- c:\users\Dustin\AppData\Roaming\Xilisoft Corporation
2009-10-13 01:58 . 2009-10-13 01:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-10-12 03:11 . 2009-10-12 03:10 -------- d-----w- c:\program files\CyberLink
2009-10-12 03:09 . 2009-10-12 01:16 36864 ----a-w- c:\programdata\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2009-10-10 11:09 . 2009-10-10 11:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-10 11:09 . 2009-10-10 11:09 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-10 11:09 . 2009-10-10 11:09 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-10 11:09 . 2009-10-10 11:09 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-10 11:08 . 2009-10-10 11:08 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-10 11:08 . 2009-10-10 11:08 23832 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-10-02 04:06 . 2009-10-20 15:58 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2007-01-25 08:52 . 2007-01-25 08:52 65536 ----a-w- c:\program files\Common Files\NMSAccessU.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-12-10_22.05.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:55 . 2009-12-11 01:37 40106 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-10-10 10:37 . 2009-12-10 21:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-10 10:37 . 2009-12-11 01:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-10 10:37 . 2009-12-11 01:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-10 10:37 . 2009-12-10 21:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-10 10:37 . 2009-12-10 21:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-10 10:37 . 2009-12-11 01:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-10 10:37 . 2009-12-10 21:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-10 10:37 . 2009-12-11 01:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-11 11:02 . 2009-12-10 22:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-11 11:02 . 2009-12-11 01:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-11 11:02 . 2009-12-11 01:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-10-11 11:02 . 2009-12-10 22:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-10-11 11:02 . 2009-12-11 01:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-10-11 11:02 . 2009-12-10 22:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-10-10 10:37 . 2009-12-10 22:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-10 10:37 . 2009-12-11 01:36 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-10 10:37 . 2009-12-11 01:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-10 10:37 . 2009-12-10 21:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-10 10:38 . 2009-12-11 01:37 7146 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-159465187-712498090-4040226270-1001_UserData.bin
- 2009-12-10 21:39 . 2009-12-10 21:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-12-11 01:35 . 2009-12-11 01:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-12-11 01:35 . 2009-12-11 01:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-12-10 21:39 . 2009-12-10 21:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:05 . 2009-12-10 21:46 615360 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2009-12-11 01:41 615360 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2009-12-10 21:46 103702 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2009-12-11 01:41 103702 c:\windows\System32\perfc009.dat
- 2009-07-14 02:03 . 2009-12-10 21:59 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2009-12-11 01:06 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-16 150552]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-06-11 162912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-10 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor]
2008-12-22 20:55 231648 ----a-w- c:\program files\UnHackMe\hackmon.exe

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [10/10/2009 6:09 AM 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [10/10/2009 6:08 AM 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/10/2009 6:09 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [10/10/2009 6:09 AM 108552]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [7/13/2009 6:52 PM 48128]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/10/2009 6:08 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/10/2009 6:08 AM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [10/10/2009 6:08 AM 1370488]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [3/1/2009 10:05 PM 139776]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-05-18 21:54 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\9ksi6ix5.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.homepage.dontask, truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2009-12-10 20:46:04
ComboFix-quarantined-files.txt 2009-12-11 01:46
ComboFix2.txt 2009-12-10 22:07
ComboFix3.txt 2009-12-10 21:01

Pre-Run: 109,717,372,928 bytes free
Post-Run: 109,667,598,336 bytes free

- - End Of File - - E0E68F1B7081E134B90963A92DECD033


Report •

#10
December 10, 2009 at 18:13:04
Post a new GMER log then run the following online scan.

Please run the BitDefender online scan this link:
Bitdefender Online Scanner

Click I Agree to agree to the EULA.
Allow the ActiveX control to install when prompted.
Click Click here to scan to begin the scan.
Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
When the scan is finished, click on Click here to export the scan results.
Save the report to your desktop so you can post it in your next reply.


Report •

#11
December 10, 2009 at 19:04:40
Heres the New GMER Log

GMER 1.0.15.15273 - http://www.gmer.net
Rootkit scan 2009-12-10 21:49:15
Windows 6.1.7600
Running: bc07wnst.exe; Driver: C:\Users\Dustin\AppData\Local\Temp\pxryrpow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E33AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E33104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E333F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1B898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E331DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E33958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E336F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E33F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E341A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A4C579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A70F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 97162C9D 28 Bytes [84, 59, E0, C9, D2, B1, C7, ...]
.text peauth.sys 97162CC1 28 Bytes [84, 59, E0, C9, D2, B1, C7, ...]
PAGE peauth.sys 97168B9B 72 Bytes [49, CF, 1D, 60, 9C, FB, 07, ...]
PAGE peauth.sys 97168BEC 20 Bytes [99, 9B, 51, FB, 00, 8E, EE, ...]
PAGE peauth.sys 97168C01 90 Bytes [65, 03, FD, EC, B4, BA, FC, ...]
PAGE ...
? C:\Users\Dustin\AppData\Local\Temp\catchme.sys The system cannot find the file specified. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[1576] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75985D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1576] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75985D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1576] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75985D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1576] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75985D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3304] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75985D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3304] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75985D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3304] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75985D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75985D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3336] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [746B250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3336] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [746B2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3336] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [74695624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3336] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [746956E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3336] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [746A8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3336] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [746A4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3336] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [746A50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3336] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [746A51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3336] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746A66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3336] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [746A82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3336] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [746A8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3336] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [746A907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3336] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [746AE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3336] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [746A4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

Heres the BitDefender Scan Log

BitDefender QuickScan Beta 32-bit v0.9.8.2
------------------------------------------

Scan date: Thu Dec 10 22:04:28 2009
Machine ID: 4A9FCD1C

Warning: Low execution rights. Please run QuickScan/browser as Administrator.


No infection found.
---------------------


Processes
---------

<verified> Adobe Acrobat SpeedLauncher 3220 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
<verified> CyberLink YouCam Tray 3212 C:\Program Files\CyberLink\YouCam\YouCamTray.exe
<verified> Java(TM) Platform SE binary 3516 C:\Program Files\Java\jre6\bin\jusched.exe
<verified> GrooveMonitor Utility 3136 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
<verified> SM56 Modem Helper 3160 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
<verified> Firefox 3400 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> Synaptics TouchPad Enhancements 3180 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
<verified> Zune Auto-Launcher 3120 C:\Program Files\Zune\ZuneLauncher.exe
<verified> Windows Explorer 2900 C:\Windows\Explorer.EXE
<verified> HD Audio Control Panel 3188 C:\Windows\RtHDVCpl.exe
<verified> Desktop Window Manager 2544 C:\Windows\system32\Dwm.exe
<verified> hkcmd Module 3072 C:\Windows\System32\hkcmd.exe
<verified> persistence Module 3084 C:\Windows\System32\igfxpers.exe
<verified> igfxsrvc Module 3368 C:\Windows\system32\igfxsrvc.exe
<verified> igfxTray Module 3056 C:\Windows\System32\igfxtray.exe
<verified> Microsoft Windows Search Protocol Host 4056 C:\Windows\system32\SearchProtocolHost.exe
<verified> Host Process for Windows Tasks 2468 C:\Windows\system32\taskhost.exe


Network activity
----------------

Autoruns and critical files
---------------------------
<unsigned> QuickTime Task C:\Program Files\QuickTime\QTTask.exe

<verified> Adobe Acrobat SpeedLauncher C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
<verified> AVG Tray Monitor C:\Program Files\AVG\AVG8\avgtray.exe
<verified> Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
<verified> MUI StartMenu Application C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
<verified> CyberLink YouCam Tray C:\Program Files\CyberLink\YouCam\YouCamTray.exe
<verified> Java(TM) Platform SE binary C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
<verified> GrooveMonitor Utility C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
<verified> GrooveShellExtensions Module c:\program files\microsoft office\office12\grooveshellextensions.dll
<verified> SM56 Modem Helper C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
<verified> Synaptics TouchPad Enhancements C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
<verified> Zune Auto-Launcher C:\Program Files\Zune\ZuneLauncher.exe
<verified> HD Audio Control Panel C:\Windows\RtHDVCpl.exe
<verified> AVG Resident Shield Starter c:\windows\system32\avgrsstx.dll
<verified> hkcmd Module C:\Windows\System32\hkcmd.exe
<verified> igfxdev Module C:\Windows\System32\igfxdev.dll
<verified> persistence Module C:\Windows\System32\igfxpers.exe
<verified> igfxTray Module C:\Windows\System32\igfxtray.exe
<verified> Userinit Logon Application c:\windows\system32\userinit.exe
<verified> Web Site Monitor c:\windows\system32\webcheck.dll


Browser plugins
---------------
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> Adobe Shockwave for Director Netscape plug-in, ver C:\Windows\system32\Adobe\Director\np32dsw.dll

<verified> Safe Search for Internet Explorer c:\program files\avg\avg8\avgssie.dll
<verified> Adobe PDF Helper for Internet Explorer c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe PDF Plug-In For Firefox and Netscape C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verified> Java(TM) Platform SE binary c:\program files\java\jre6\bin\jp2ssv.dll
<verified> GrooveShellExtensions Module c:\program files\microsoft office\office12\grooveshellextensions.dll
<verified> NPRuntime Script Plug-in Library for Java(TM) Depl C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> Office Plugin for Netscape Navigator C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
<verified> Adobe PDF Plug-In For Firefox and Netscape C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> Internet Browser C:\Windows\System32\ieframe.dll
<verified> NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
<verified> Microsoft Windows Sockets 2.0 Service Provider C:\Windows\System32\mswsock.dll
<verified> E-mail Naming Shim Provider C:\Windows\System32\NapiNSP.dll
<verified> Network Location Awareness 2 C:\Windows\System32\nlaapi.dll
<verified> PNRP Name Space Provider C:\Windows\System32\pnrpnsp.dll
<verified> LDAP RnR Provider DLL C:\Windows\System32\winrnr.dll


Scan
----

No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.04 MB sent, 2.59 KB recvd
Scanned 1003 files and modules - 41 seconds


Report •

#12
December 10, 2009 at 19:30:35
Unhide your hidden files


1. Start Button
2. Control Panel
3. Folder Options
4. View tab
5. Check “Hidden files and folders: Show all files and folders”
6. Uncheck “Hide protected operating system files (Recommended)”
7. Click “apply” and then “OK”

Please go to Virus Total and upload the following file for analysis:

C:\Windows\tasks\Puxghth.job

Use the browse button at the site to find the file, once you find the file double click it and it should appear in the empty space to the left of the browse button> click "send file".

Post the results in your reply.


Report •

#13
December 10, 2009 at 19:42:56
Ok finished, heres what I got...

File Puxghth.job received on 2009.12.11 03:43:56 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 70 and 100 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.12.11 -
AhnLab-V3 5.0.0.2 2009.12.10 -
AntiVir 7.9.1.108 2009.12.10 -
Antiy-AVL 2.0.3.7 2009.12.10 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.10 -
AVG 8.5.0.426 2009.12.10 -
BitDefender 7.2 2009.12.11 -
CAT-QuickHeal 10.00 2009.12.10 -
ClamAV 0.94.1 2009.12.11 -
Comodo 3103 2009.12.01 -
DrWeb 5.0.0.12182 2009.12.11 -
eSafe 7.0.17.0 2009.12.10 -
eTrust-Vet 35.1.7169 2009.12.10 -
F-Prot 4.5.1.85 2009.12.10 -
F-Secure 9.0.15370.0 2009.12.10 -
Fortinet 4.0.14.0 2009.12.11 -
GData 19 2009.12.11 -
Ikarus T3.1.1.74.0 2009.12.11 -
Jiangmin 13.0.900 2009.12.10 -
K7AntiVirus 7.10.917 2009.12.10 -
Kaspersky 7.0.0.125 2009.12.11 -
McAfee 5828 2009.12.10 -
McAfee+Artemis 5828 2009.12.10 -
McAfee-GW-Edition 6.8.5 2009.12.11 -
Microsoft 1.5302 2009.12.10 -
NOD32 4677 2009.12.10 -
Norman 6.04.03 2009.12.10 -
nProtect 2009.1.8.0 2009.12.10 -
Panda 10.0.2.2 2009.12.10 -
PCTools 7.0.3.5 2009.12.11 -
Prevx 3.0 2009.12.11 -
Rising 22.25.04.01 2009.12.11 -
Sophos 4.48.0 2009.12.11 -
Sunbelt 3.2.1858.2 2009.12.11 -
Symantec 1.4.4.12 2009.12.11 -
TheHacker 6.5.0.2.090 2009.12.10 -
TrendMicro 9.100.0.1001 2009.12.11 -
VBA32 3.12.12.0 2009.12.10 -
ViRobot 2009.12.11.2082 2009.12.11 -
VirusBuster 5.0.21.0 2009.12.10 -
Additional information
File size: 312 bytes
MD5...: 83d790291efe50c2875c097d5d2c42f8
SHA1..: 9dc519e6889aca0264954623716c03480dfd80bc
SHA256: 02de225e6cdf7f2bbf6f6caf20b70d32fd5d3a8c29331db248a6351388da1456
ssdeep: 6:Yn6gPAE82/Bl9n+SkSJkJAWhAlAt+S9n+SkSJkJRjap78D+:7g4h2/Bl9+fTWl
89+fV0QD+
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
pdfid.: -


Report •

#14
December 10, 2009 at 19:49:46
Please download GooredFix and save it to your Desktop.

1. Double-click GooredFix.exe to run it.

2. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
C:\Windows\tasks\Puxghth.job

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.

Restart the computer let us know if you are still being redirected and post a new RSIT log


Report •

#15
December 10, 2009 at 20:22:42
Followed the Instructions and restarted. I'm still getting redirected...

Here are the logs.

GooredFix Log

GooredFix by jpshortstuff (06.12.09.1)
Log created at 23:02 on 10/12/2009 (Dustin)
Firefox version 3.5.5 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [10:45 10/10/2009]
{B13721C7-F507-4982-B2E5-502A71474FED} [22:51 24/11/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [20:45 10/12/2009]

C:\Users\Dustin\Application Data\Mozilla\Firefox\Profiles\9ksi6ix5.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [03:21 16/10/2009]
{e001c731-5e37-4538-a5cb-8168736a2360} [02:53 11/12/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" [11:08 10/10/2009]

-=E.O.F=-


ComboFix log

ComboFix 09-12-10.01 - Dustin 12/10/2009 23:04:20.8.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3062.2140 [GMT -5:00]
Running from: c:\users\Dustin\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Dustin\Desktop\CFScript.txt

FILE ::
"c:\windows\tasks\Puxghth.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\tasks\Puxghth.job

.
((((((((((((((((((((((((( Files Created from 2009-11-11 to 2009-12-11 )))))))))))))))))))))))))))))))
.

2009-12-11 04:10 . 2009-12-11 04:12 -------- d-----w- c:\users\Dustin\AppData\Local\temp
2009-12-11 04:10 . 2009-12-11 04:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-11 04:10 . 2009-12-11 04:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-11 04:02 . 2009-12-11 04:03 -------- d-----w- C:\32788R22FWJFW
2009-12-11 02:53 . 2009-12-11 03:05 -------- d-----w- c:\users\Dustin\AppData\Roaming\QuickScan
2009-12-11 02:53 . 2009-11-26 22:39 678912 ----a-w- c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\9ksi6ix5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-12-11 02:53 . 2009-11-26 22:37 768512 ----a-w- c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\9ksi6ix5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-12-11 00:26 . 2009-12-11 00:26 77312 ----a-w- C:\mbr.exe
2009-12-10 22:28 . 2009-12-10 22:29 -------- d-----w- C:\gmer
2009-12-10 22:08 . 2009-12-10 22:08 -------- d-----w- c:\programdata\RegAce
2009-12-10 22:08 . 2009-12-10 22:16 -------- d-----w- c:\program files\RegAce
2009-12-10 21:16 . 2009-12-10 21:16 -------- d-----w- c:\program files\SpywareBlaster
2009-12-10 20:45 . 2009-12-10 20:45 -------- d-----w- c:\program files\Java
2009-12-10 20:08 . 2009-12-10 22:23 -------- d-----w- c:\program files\trend micro
2009-12-10 20:08 . 2009-12-10 20:08 -------- d-----w- C:\rsit
2009-12-10 08:09 . 2009-12-10 08:09 -------- d-----w- c:\users\Dustin\AppData\Local\ESET
2009-12-10 07:51 . 2009-12-10 07:51 -------- d-----w- c:\users\Dustin\AppData\Local\Downloaded Installations
2009-12-10 07:51 . 2009-12-10 07:51 2 --shatr- c:\windows\winstart.bat
2009-12-10 07:50 . 2008-12-22 20:56 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-12-10 07:49 . 2009-12-10 07:52 -------- d-----w- c:\program files\UnHackMe
2009-12-10 06:21 . 2009-12-10 06:21 -------- d-----w- c:\users\Dustin\AppData\Roaming\Summitsoft
2009-12-10 06:16 . 2009-12-10 06:16 -------- d-----w- c:\program files\Website Layout Maker
2009-12-10 03:39 . 2009-12-10 03:47 -------- d-----w- c:\program files\WebSite X5 v8 - Evolution
2009-12-10 03:38 . 2009-05-14 21:26 207872 ----a-w- c:\windows\system32\iwpsetup.exe
2009-12-10 03:38 . 2001-08-31 19:00 1355776 ----a-w- c:\windows\system32\MSVBVM50.dll
2009-12-10 03:38 . 1997-01-16 05:00 29696 ----a-w- c:\windows\system32\VB5STKIT.DLL
2009-12-10 03:28 . 2009-12-10 03:28 -------- d-----w- c:\program files\WPF Toolkit
2009-12-10 03:28 . 2009-12-10 03:28 -------- d-----w- c:\program files\Microsoft SDKs
2009-12-10 03:28 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-12-10 03:27 . 2009-12-10 03:29 -------- d-----w- c:\program files\Microsoft Expression
2009-12-10 02:01 . 2009-12-10 02:01 -------- d-----w- c:\users\Dustin\AppData\Roaming\Stormdance
2009-12-10 02:01 . 2009-12-10 02:01 -------- d-----w- c:\programdata\Stormdance
2009-12-10 02:00 . 2009-12-10 02:01 -------- d-----w- c:\program files\Antenna
2009-12-10 01:39 . 2009-12-10 01:50 -------- d-----w- C:\StudioLine3
2009-12-10 01:39 . 2009-12-10 01:48 -------- d-----w- c:\program files\StudioLine Web
2009-12-10 01:18 . 2009-12-10 01:20 -------- d-----w- c:\program files\BannerDesignerPro
2009-12-10 01:00 . 2009-12-10 01:00 -------- d-----w- c:\users\Dustin\AppData\Roaming\MAGIX
2009-12-10 01:00 . 2009-12-10 01:00 -------- d-----w- c:\users\Dustin\AppData\Local\Xara
2009-12-10 00:59 . 2003-04-18 21:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-12-10 00:57 . 2009-12-10 01:02 -------- d-----w- c:\programdata\MAGIX
2009-12-10 00:57 . 2009-12-10 00:57 -------- d-----w- c:\program files\MAGIX
2009-12-10 00:57 . 2007-04-27 15:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2009-12-10 00:56 . 2009-12-10 00:56 -------- d-----w- c:\program files\Common Files\MAGIX Services
2009-12-10 00:44 . 2009-12-10 00:44 -------- d-----w- c:\windows\Sun
2009-12-09 23:21 . 2009-12-09 23:22 -------- d-----w- c:\users\Dustin\AppData\Roaming\MyLogoMaker
2009-12-09 23:19 . 2009-12-09 23:19 -------- d-----w- c:\program files\MySoftware
2009-12-09 21:00 . 2009-12-09 21:00 -------- d-----w- c:\users\Dustin\AppData\Roaming\Serif
2009-12-09 20:57 . 2009-12-09 20:57 -------- d-----w- c:\program files\Serif
2009-12-09 20:54 . 2009-12-09 20:54 -------- d-----w- c:\users\Dustin\AppData\Roaming\DAEMON Tools Lite
2009-12-09 20:54 . 2009-12-09 20:54 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-09 18:17 . 2009-12-09 18:16 720896 ----a-w- c:\windows\iun6002.exe
2009-12-09 18:16 . 2009-12-09 18:17 -------- d-----w- c:\program files\BlueVoda Website Builder
2009-12-09 08:07 . 2009-12-09 08:07 -------- d-----w- c:\users\Dustin\AppData\Roaming\Malwarebytes
2009-12-09 08:07 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-09 08:07 . 2009-12-09 08:07 -------- d-----w- c:\programdata\Malwarebytes
2009-12-09 08:06 . 2009-12-09 08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-09 08:06 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-09 07:51 . 2009-12-09 07:51 -------- d-----w- c:\program files\CCleaner
2009-12-09 07:47 . 2009-12-09 07:47 105 ----a-w- c:\programdata\SecTaskMan\icn_E912589060B8B7142A201A6B16367FE8.dll
2009-12-09 07:47 . 2009-12-09 07:47 105 ----a-w- c:\programdata\SecTaskMan\icn_B88C74FF31773114A8478ADB3C3D05BE.dll
2009-12-09 07:47 . 2009-12-09 07:47 105 ----a-w- c:\programdata\SecTaskMan\icn_894C6A2D4849F1C49A4483CC26701975.dll
2009-12-09 07:47 . 2009-12-09 07:47 105 ----a-w- c:\programdata\SecTaskMan\icn_66DC40433F6E9DC45B0A65AAE1C15102.dll
2009-12-09 07:47 . 2009-12-09 07:47 105 ----a-w- c:\programdata\SecTaskMan\icn_0C644970258A8FC4E90E36DB8F7FA6F0.dll
2009-12-08 23:43 . 2009-12-08 23:43 -------- d-----w- c:\users\Dustin\AppData\Roaming\InstallShield
2009-12-08 23:29 . 2009-12-08 23:29 108032 --sha-r- c:\windows\system32\oddbse32K.dll
2009-12-08 23:24 . 2009-12-08 23:27 -------- d-----w- c:\users\Dustin\AC94B85D500D4B98ADE53E391934BB0A.TMP
2009-12-08 23:24 . 2009-12-08 23:24 -------- d-----w- c:\users\Dustin\AppData\Roaming\IDMComp
2009-12-08 23:22 . 2009-12-08 23:27 -------- d-----w- c:\program files\IDM Computer Solutions
2009-12-08 23:21 . 2009-11-03 07:39 2829880 -c--a-w- c:\programdata\{88C30C03-9CEB-4B20-8E87-D79916B8B645}\webstudio5install.exe
2009-12-08 23:21 . 2009-12-08 23:23 -------- d-----w- c:\users\Dustin\D9E839BE66FC48C9BF97DB2802197EA7.TMP
2009-12-08 23:19 . 2004-02-02 16:23 40960 -c--a-w- c:\programdata\{88C30C03-9CEB-4B20-8E87-D79916B8B645}\MinimalArtCollection\26421510\7B3DAC37\depotz.exe
2009-12-08 23:19 . 1999-12-07 20:00 143632 -c--a-w- c:\programdata\{88C30C03-9CEB-4B20-8E87-D79916B8B645}\MinimalArtCollection\26421510\6C1BF956\MSConv97.DLL
2009-12-08 23:16 . 2009-12-08 23:21 -------- dc-h--w- c:\programdata\{88C30C03-9CEB-4B20-8E87-D79916B8B645}
2009-12-08 22:55 . 2009-12-08 23:21 -------- d-----w- c:\program files\BackToTheBeach
2009-12-08 22:55 . 2009-12-08 22:55 -------- d-----w- c:\users\Dustin\AppData\Roaming\BackToTheBeach
2009-12-08 22:55 . 2009-12-08 22:55 -------- d-----w- c:\programdata\BackToTheBeach
2009-12-08 22:11 . 2009-12-08 22:11 -------- d-----w- c:\users\Dustin\AppData\Local\Diagnostics
2009-12-08 06:19 . 2003-03-31 06:53 59392 ----a-w- c:\windows\UnDeploy.exe
2009-12-08 05:42 . 2009-12-08 05:42 -------- d-----w- c:\users\Dustin\AppData\Local\TechSmith
2009-12-07 04:46 . 2009-12-07 04:46 -------- d-----w- c:\program files\Nero
2009-12-07 04:46 . 2009-12-07 04:47 -------- d-----w- c:\program files\Common Files\Nero
2009-12-01 00:30 . 2009-12-01 00:30 -------- d-----w- c:\programdata\QuickTime
2009-12-01 00:29 . 2009-12-01 00:30 -------- d-----w- c:\program files\eMedia Rock Guitar Method
2009-11-30 20:53 . 2009-02-24 23:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-11-30 20:53 . 2009-11-30 20:54 -------- d-----w- c:\program files\MagicDisc
2009-11-30 02:57 . 2009-11-30 02:57 -------- d-----w- c:\program files\eMedia Guitar Method
2009-11-30 02:38 . 2009-11-30 02:39 -------- d-----w- c:\program files\MagicISO
2009-11-30 02:21 . 2009-11-30 02:21 -------- d-----w- c:\program files\Guitar Pro 5
2009-11-25 08:00 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 22:55 . 2009-12-10 19:47 -------- d-----w- c:\users\Dustin\AppData\Roaming\skypePM
2009-11-24 22:51 . 2009-12-10 20:45 -------- d-----w- c:\users\Dustin\AppData\Roaming\Skype
2009-11-24 22:51 . 2009-11-24 22:51 -------- d-----r- c:\program files\Skype
2009-11-24 22:51 . 2009-11-24 22:51 -------- d-----w- c:\program files\Common Files\Skype
2009-11-24 22:51 . 2009-11-24 22:51 -------- d-----w- c:\programdata\Skype
2009-11-12 06:35 . 2009-11-06 15:44 38968 ----a-w- c:\windows\system32\rrMon.sys
2009-11-12 06:16 . 2009-11-12 06:16 -------- d-----w- c:\program files\Registrar Registry Manager
2009-11-12 06:12 . 2009-11-12 06:32 -------- d-----w- c:\program files\Easy Video Splitter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 03:37 . 2009-10-10 10:52 -------- d-----w- c:\users\Dustin\AppData\Roaming\uTorrent
2009-12-10 20:45 . 2009-10-20 02:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-10 02:09 . 2009-10-10 11:02 145312 ----a-w- c:\users\Dustin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-09 07:56 . 2009-12-08 23:31 -------- d-----w- c:\programdata\SecTaskMan
2009-12-09 00:38 . 2009-10-12 01:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-07 22:04 . 2009-10-10 17:40 -------- d-----w- c:\users\Dustin\AppData\Roaming\vlc
2009-12-07 04:46 . 2009-10-26 22:01 -------- d-----w- c:\programdata\Nero
2009-12-02 16:45 . 2009-11-05 20:45 -------- d-----w- c:\users\Dustin\AppData\Roaming\dvdcss
2009-11-24 22:55 . 2009-11-24 22:55 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-11-10 06:35 . 2009-11-10 06:35 -------- d-----w- c:\program files\Xilisoft
2009-11-09 17:50 . 2009-11-09 17:50 -------- d-----w- c:\users\Dustin\AppData\Roaming\Publish Providers
2009-11-09 17:50 . 2009-11-09 17:46 -------- d-----w- c:\users\Dustin\AppData\Roaming\Sony
2009-11-09 17:40 . 2009-11-09 17:40 -------- d-----w- c:\programdata\Sony
2009-11-09 17:40 . 2009-11-09 17:40 -------- d-----w- c:\program files\Sony
2009-11-04 20:41 . 2009-11-04 20:41 -------- d-----w- c:\program files\Comical
2009-11-03 03:30 . 2009-12-08 23:20 19955200 -c--a-w- c:\programdata\{88C30C03-9CEB-4B20-8E87-D79916B8B645}\WebStudio5.0\2ABEBF0A\70570FAB\WebStudio.exe
2009-11-03 01:42 . 2009-10-10 10:54 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-27 07:01 . 2009-10-27 07:01 -------- d-----w- c:\program files\MSXML 4.0
2009-10-26 22:38 . 2009-10-26 22:38 -------- d-----w- c:\programdata\LightScribe
2009-10-26 22:00 . 2009-10-26 22:00 -------- d-----w- c:\program files\Common Files\LightScribe
2009-10-22 08:22 . 2009-10-22 08:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-21 11:22 . 2009-10-10 11:08 -------- d-----w- c:\programdata\avg8
2009-10-19 22:39 . 2009-10-19 22:35 -------- d-----w- c:\users\Dustin\AppData\Roaming\TypingMaster7
2009-10-19 22:35 . 2009-10-19 22:35 -------- d-----r- c:\program files\TypingMaster
2009-10-14 06:37 . 2009-10-14 06:37 -------- d-----w- c:\program files\Photof---et
2009-10-13 11:31 . 2009-10-13 11:31 -------- d-----w- c:\users\Dustin\AppData\Roaming\Xilisoft Corporation
2009-10-13 01:58 . 2009-10-13 01:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-10-12 03:09 . 2009-10-12 01:16 36864 ----a-w- c:\programdata\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2009-10-10 11:09 . 2009-10-10 11:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-10 11:09 . 2009-10-10 11:09 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-10 11:09 . 2009-10-10 11:09 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-10 11:09 . 2009-10-10 11:09 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-10 11:08 . 2009-10-10 11:08 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-10 11:08 . 2009-10-10 11:08 23832 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-10-02 04:06 . 2009-10-20 15:58 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2007-01-25 08:52 . 2007-01-25 08:52 65536 ----a-w- c:\program files\Common Files\NMSAccessU.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-12-10_22.05.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:55 . 2009-12-11 04:13 40106 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-10-10 10:37 . 2009-12-10 21:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-10 10:37 . 2009-12-11 04:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-10 10:37 . 2009-12-11 04:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-10 10:37 . 2009-12-10 21:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-10 10:37 . 2009-12-10 21:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-10 10:37 . 2009-12-11 04:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-10 10:37 . 2009-12-10 21:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-10 10:37 . 2009-12-11 04:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-11 11:02 . 2009-12-10 22:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-11 11:02 . 2009-12-11 04:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-11 11:02 . 2009-12-11 04:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-10-11 11:02 . 2009-12-10 22:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-10-11 11:02 . 2009-12-11 04:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-10-11 11:02 . 2009-12-10 22:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-10-10 10:37 . 2009-12-10 22:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-10 10:37 . 2009-12-11 04:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-10 10:37 . 2009-12-11 04:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-10 10:37 . 2009-12-10 21:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-10 10:38 . 2009-12-11 01:37 7146 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-159465187-712498090-4040226270-1001_UserData.bin
- 2009-12-10 21:39 . 2009-12-10 21:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-12-11 01:35 . 2009-12-11 04:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-12-11 01:35 . 2009-12-11 04:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-12-10 21:39 . 2009-12-10 21:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:05 . 2009-12-10 21:46 615360 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2009-12-11 03:07 615360 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2009-12-10 21:46 103702 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2009-12-11 03:07 103702 c:\windows\System32\perfc009.dat
- 2009-07-14 02:03 . 2009-12-10 21:59 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2009-12-11 01:51 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-16 150552]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-06-11 162912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-10 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor]
2008-12-22 20:55 231648 ----a-w- c:\program files\UnHackMe\hackmon.exe

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [10/10/2009 6:09 AM 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [10/10/2009 6:08 AM 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/10/2009 6:09 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [10/10/2009 6:09 AM 108552]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [7/13/2009 6:52 PM 48128]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/10/2009 6:08 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/10/2009 6:08 AM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [10/10/2009 6:08 AM 1370488]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [3/1/2009 10:05 PM 139776]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-05-18 21:54 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\9ksi6ix5.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\9ksi6ix5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\9ksi6ix5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.homepage.dontask, truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4000)
c:\windows\System32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\NMSAccessU.exe
c:\windows\system32\sppsvc.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RtHDVCpl.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2009-12-10 23:16:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-11 04:16
ComboFix2.txt 2009-12-11 01:46
ComboFix3.txt 2009-12-10 22:07
ComboFix4.txt 2009-12-10 21:01

Pre-Run: 109,757,038,592 bytes free
Post-Run: 109,571,321,856 bytes free

- - End Of File - - B81A2B61138E50DE08B3E3063D1A91F2


Report •

#16
December 10, 2009 at 20:22:58
RSIT Log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dustin at 2009-12-10 23:20:29
Microsoft Windows 7 Ultimate
System drive C: has 105 GB (46%) free of 226 GB
Total RAM: 3062 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:35 PM, on 12/10/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\YouCam\YouCamTray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Dustin\Desktop\RSIT.exe
C:\Program Files\trend micro\Dustin.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe

--
End of file - 4880 bytes

======Scheduled tasks folder======

C:\Windows\tasks\RegAce Scheduled Scan - Dustin.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-10-10 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-10 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-06-16 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-06-16 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-06-16 150552]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-11-26 2029336]
"Zune Launcher"=C:\Program Files\Zune\ZuneLauncher.exe [2009-09-04 158448]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-05-05 1466368]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"YouCam Mirror Tray icon"=C:\Program Files\CyberLink\YouCam\YouCamTray.exe [2009-06-11 162912]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-03 1394000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-10 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor]
C:\Program Files\UnHackMe\hackmon.exe [2008-12-22 231648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-06-16 216576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-13 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-26 2210608]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2009-12-10 23:16:17 ----A---- C:\ComboFix.txt
2009-12-10 23:15:44 ----SHD---- C:\$RECYCLE.BIN
2009-12-10 23:02:47 ----D---- C:\32788R22FWJFW
2009-12-10 21:53:49 ----D---- C:\Users\Dustin\AppData\Roaming\QuickScan
2009-12-10 20:30:09 ----D---- C:\Config.Msi
2009-12-10 19:26:06 ----A---- C:\mbr.exe
2009-12-10 17:28:20 ----D---- C:\gmer
2009-12-10 17:08:53 ----D---- C:\ProgramData\RegAce
2009-12-10 17:08:44 ----D---- C:\Program Files\RegAce
2009-12-10 16:56:49 ----D---- C:\Qoobox
2009-12-10 16:16:06 ----D---- C:\Program Files\SpywareBlaster
2009-12-10 15:45:47 ----A---- C:\Windows\system32\javaws.exe
2009-12-10 15:45:47 ----A---- C:\Windows\system32\javaw.exe
2009-12-10 15:45:47 ----A---- C:\Windows\system32\java.exe
2009-12-10 15:45:38 ----D---- C:\Program Files\Java
2009-12-10 15:08:38 ----D---- C:\rsit
2009-12-10 15:08:38 ----D---- C:\Program Files\trend micro
2009-12-10 04:10:33 ----A---- C:\Windows\zip.exe
2009-12-10 04:10:33 ----A---- C:\Windows\SWXCACLS.exe
2009-12-10 04:10:33 ----A---- C:\Windows\SWSC.exe
2009-12-10 04:10:33 ----A---- C:\Windows\SWREG.exe
2009-12-10 04:10:33 ----A---- C:\Windows\sed.exe
2009-12-10 04:10:33 ----A---- C:\Windows\PEV.exe
2009-12-10 04:10:33 ----A---- C:\Windows\NIRCMD.exe
2009-12-10 04:10:33 ----A---- C:\Windows\MBR.exe
2009-12-10 04:10:33 ----A---- C:\Windows\grep.exe
2009-12-10 02:55:53 ----A---- C:\Windows\system32\PARTIZAN.TXT
2009-12-10 02:51:33 ----RASHOT---- C:\Windows\winstart.bat
2009-12-10 02:49:37 ----D---- C:\Program Files\UnHackMe
2009-12-10 02:32:38 ----D---- C:\ProgramData\ESET
2009-12-10 01:21:47 ----D---- C:\Users\Dustin\AppData\Roaming\Summitsoft
2009-12-10 01:16:31 ----D---- C:\Program Files\Website Layout Maker
2009-12-09 22:39:39 ----D---- C:\Program Files\WebSite X5 v8 - Evolution
2009-12-09 22:38:55 ----A---- C:\Windows\system32\VB5STKIT.DLL
2009-12-09 22:38:55 ----A---- C:\Windows\system32\MSVBVM50.dll
2009-12-09 22:38:55 ----A---- C:\Windows\system32\iwpsetup.exe
2009-12-09 22:28:28 ----D---- C:\Program Files\WPF Toolkit
2009-12-09 22:28:18 ----D---- C:\Program Files\Microsoft SDKs
2009-12-09 22:28:00 ----A---- C:\Windows\system32\D3DX9_39.dll
2009-12-09 22:27:06 ----D---- C:\Program Files\Microsoft Expression
2009-12-09 21:01:23 ----D---- C:\Users\Dustin\AppData\Roaming\Stormdance
2009-12-09 21:01:23 ----D---- C:\ProgramData\Stormdance
2009-12-09 21:00:42 ----D---- C:\Program Files\Antenna
2009-12-09 20:39:48 ----A---- C:\Windows\Relax.ini
2009-12-09 20:39:37 ----D---- C:\StudioLine3
2009-12-09 20:39:37 ----D---- C:\Program Files\StudioLine Web
2009-12-09 20:33:24 ----A---- C:\Windows\MyProg.ini
2009-12-09 20:18:56 ----D---- C:\Program Files\BannerDesignerPro
2009-12-09 20:00:06 ----D---- C:\Users\Dustin\AppData\Roaming\MAGIX
2009-12-09 19:59:57 ----A---- C:\Windows\system32\msxml4a.dll
2009-12-09 19:57:23 ----D---- C:\ProgramData\MAGIX
2009-12-09 19:57:23 ----D---- C:\Program Files\MAGIX
2009-12-09 19:57:23 ----A---- C:\Windows\system32\DLLDEV32i.dll
2009-12-09 19:56:34 ----D---- C:\Program Files\Common Files\MAGIX Services
2009-12-09 19:44:16 ----D---- C:\Windows\Sun
2009-12-09 18:21:59 ----D---- C:\Users\Dustin\AppData\Roaming\MyLogoMaker
2009-12-09 18:19:20 ----D---- C:\Program Files\MySoftware
2009-12-09 16:00:00 ----D---- C:\Users\Dustin\AppData\Roaming\Serif
2009-12-09 15:58:01 ----D---- C:\Program Files\Common Files\MSSoap
2009-12-09 15:57:25 ----D---- C:\Program Files\Serif
2009-12-09 15:54:56 ----D---- C:\Users\Dustin\AppData\Roaming\DAEMON Tools Lite
2009-12-09 15:54:54 ----D---- C:\ProgramData\DAEMON Tools Lite
2009-12-09 14:32:30 ----A---- C:\Windows\bluevoda.ini
2009-12-09 13:17:13 ----A---- C:\Windows\iun6002.exe
2009-12-09 13:16:48 ----D---- C:\Program Files\BlueVoda Website Builder
2009-12-09 13:16:43 ----A---- C:\Windows\BlueVoda Website Builder Setup Log.txt
2009-12-09 12:21:41 ----D---- C:\Windows\ERDNT
2009-12-09 04:07:41 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 04:07:41 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-09 03:07:07 ----D---- C:\Users\Dustin\AppData\Roaming\Malwarebytes
2009-12-09 03:07:00 ----D---- C:\ProgramData\Malwarebytes
2009-12-09 03:06:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-09 02:51:48 ----D---- C:\Program Files\CCleaner
2009-12-09 02:48:23 ----D---- C:\Windows\system32\appmgmt
2009-12-08 18:43:04 ----D---- C:\Users\Dustin\AppData\Roaming\InstallShield
2009-12-08 18:31:06 ----D---- C:\ProgramData\SecTaskMan
2009-12-08 18:31:00 ----D---- C:\Program Files\Security Task Manager
2009-12-08 18:29:32 ----RASH---- C:\Windows\system32\oddbse32K.dll
2009-12-08 18:24:03 ----D---- C:\Users\Dustin\AppData\Roaming\IDMComp
2009-12-08 18:22:48 ----D---- C:\Program Files\IDM Computer Solutions
2009-12-08 18:16:36 ----HDC---- C:\ProgramData\{88C30C03-9CEB-4B20-8E87-D79916B8B645}
2009-12-08 17:55:39 ----D---- C:\Program Files\BackToTheBeach
2009-12-08 17:55:38 ----D---- C:\Users\Dustin\AppData\Roaming\BackToTheBeach
2009-12-08 17:55:37 ----D---- C:\ProgramData\BackToTheBeach
2009-12-08 17:04:12 ----A---- C:\Windows\WebEasy.INI
2009-12-08 01:19:25 ----A---- C:\Windows\UnDeploy.exe
2009-12-06 23:46:42 ----D---- C:\Program Files\Nero
2009-12-06 23:46:28 ----D---- C:\Program Files\Common Files\Nero
2009-11-30 19:30:07 ----D---- C:\ProgramData\QuickTime
2009-11-30 19:29:50 ----D---- C:\Program Files\eMedia Rock Guitar Method
2009-11-30 15:53:40 ----D---- C:\Program Files\MagicDisc
2009-11-29 21:57:15 ----D---- C:\Program Files\eMedia Guitar Method
2009-11-29 21:38:51 ----D---- C:\Program Files\MagicISO
2009-11-29 21:21:24 ----D---- C:\Program Files\Guitar Pro 5
2009-11-25 03:00:42 ----A---- C:\Windows\system32\tzres.dll
2009-11-24 17:55:34 ----D---- C:\Users\Dustin\AppData\Roaming\skypePM
2009-11-24 17:51:38 ----D---- C:\Users\Dustin\AppData\Roaming\Skype
2009-11-24 17:51:12 ----RD---- C:\Program Files\Skype
2009-11-24 17:51:12 ----D---- C:\Program Files\Common Files\Skype
2009-11-24 17:51:07 ----D---- C:\ProgramData\Skype
2009-11-12 01:16:56 ----A---- C:\Windows\system32\rrsec2k.exe
2009-11-12 01:16:56 ----A---- C:\Windows\system32\rrsec.dll
2009-11-12 01:16:55 ----D---- C:\Program Files\Registrar Registry Manager
2009-11-12 01:12:45 ----D---- C:\Program Files\Easy Video Splitter

======List of files/folders modified in the last 1 months======

2009-12-10 23:19:46 ----D---- C:\Windows\Temp
2009-12-10 23:17:27 ----D---- C:\Windows\system32\config
2009-12-10 23:16:40 ----D---- C:\Windows\System32
2009-12-10 23:16:40 ----D---- C:\Windows\inf
2009-12-10 23:16:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-10 23:16:20 ----D---- C:\Windows\system32\drivers
2009-12-10 23:12:31 ----D---- C:\Windows
2009-12-10 23:12:31 ----A---- C:\Windows\system.ini
2009-12-10 23:10:13 ----D---- C:\Windows\Tasks
2009-12-10 23:07:44 ----D---- C:\Windows\AppPatch
2009-12-10 23:07:43 ----D---- C:\Program Files\Common Files
2009-12-10 22:42:59 ----SD---- C:\ProgramData\Microsoft
2009-12-10 22:37:36 ----D---- C:\Users\Dustin\AppData\Roaming\uTorrent
2009-12-10 20:33:39 ----D---- C:\Windows\Prefetch
2009-12-10 20:30:22 ----SHD---- C:\Windows\Installer
2009-12-10 20:30:13 ----RD---- C:\Program Files
2009-12-10 19:56:30 ----SHD---- C:\System Volume Information
2009-12-10 17:13:25 ----D---- C:\Program Files\Mozilla Firefox
2009-12-10 17:09:07 ----D---- C:\Windows\system32\Tasks
2009-12-10 17:08:53 ----D---- C:\ProgramData
2009-12-10 15:45:39 ----A---- C:\Windows\system32\deploytk.dll
2009-12-10 05:03:16 ----D---- C:\Windows\Microsoft.NET
2009-12-10 05:01:56 ----RSD---- C:\Windows\assembly
2009-12-10 02:36:55 ----SD---- C:\Users\Dustin\AppData\Roaming\Microsoft
2009-12-10 01:39:24 ----D---- C:\Windows\debug
2009-12-09 22:28:10 ----D---- C:\Windows\winsxs
2009-12-09 22:27:51 ----D---- C:\Windows\Logs
2009-12-09 20:02:22 ----RSD---- C:\Windows\Fonts
2009-12-09 06:26:38 ----D---- C:\Windows\ServiceProfiles
2009-12-09 04:07:35 ----D---- C:\Windows\system32\catroot2
2009-12-09 04:07:35 ----D---- C:\Windows\system32\catroot
2009-12-08 19:38:49 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-08 16:54:23 ----D---- C:\Program Files\Common Files\microsoft shared
2009-12-07 17:04:59 ----D---- C:\Users\Dustin\AppData\Roaming\vlc
2009-12-06 23:46:29 ----D---- C:\ProgramData\Nero
2009-12-05 12:37:09 ----D---- C:\$AVG8.VAULT$
2009-12-04 13:18:20 ----D---- C:\Windows\MSAgent
2009-12-02 11:45:52 ----D---- C:\Users\Dustin\AppData\Roaming\dvdcss
2009-12-01 15:06:19 ----A---- C:\Windows\system32\MRT.exe
2009-11-30 19:30:00 ----A---- C:\Windows\win.ini
2009-11-30 15:54:09 ----D---- C:\Windows\system32\DriverStore
2009-11-26 06:20:11 ----D---- C:\Windows\rescache
2009-11-25 03:00:52 ----D---- C:\Windows\system32\en-US
2009-11-11 19:17:43 ----D---- C:\Windows\system32\wdi


Report •

#17
December 11, 2009 at 04:00:47

The OTL logs may take several post to get the info to us.

Please save this file to your desktop.

Win32kDiag.exe

Please double click on the Win32kDiag file and post the log it produces. This log might be quite lengthy and may take more than one post to get all of it posted.

Please download OTL from following site:

Link1

1. Save it to your desktop
2. Double click the OTL icon on your desktop.
3. Click the “scan all users” checkbox.
4. Push the “run scan” button.
5. Two reports will open, copy and paste them in a reply here:
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

Then do the following:


Close any open browsers.
Double-click on OTL.exe to start the program.
Leave all settings as they appear as default, except for the following:

Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor*.sys /s /md5
%SYSTEMDRIVE%\atapi* /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\viamraid.sys /s /md5
%SYSTEMDRIVE%\nvata.sys /s /md5
%SYSTEMDRIVE%\nvgts.sys /s /md5
%SYSTEMDRIVE%\iastorv.sys /s /md5
%SYSTEMDRIVE%\ViPrt.sys /s /md5
%SYSTEMDRIVE%\eNetHook.dll /s /md5


Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file
Post the contents of that Notepad document in your next reply.


Report •

#18
December 11, 2009 at 09:50:05
Ok I ran all of the scans. Heres what I got,

Win32kDiag Log


Running from: C:\Users\Dustin\Desktop\Win32kDiag.exe

Log file at : C:\Users\Dustin\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...

Cannot access: C:\Windows\CSC\v2.0.6\pq

[1] 2009-10-10 08:24:54 64 C:\Windows\CSC\v2.0.6\pq ()

Cannot access: C:\Windows\CSC\v2.0.6\temp\ea-{2fac48ac-b5a0-11de-926f-f6932534e7e4}

[1] 2009-10-10 08:24:54 0 C:\Windows\CSC\v2.0.6\temp\ea-{2fac48ac-b5a0-11de-926f-f6932534e7e4} ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-12-11 02:45:02 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-12-11 02:44:58 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-12-11 02:44:58 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-12-11 02:44:58 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl

[1] 2009-12-11 02:47:12 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl

[1] 2009-12-11 02:45:05 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl ()

Cannot access: C:\Windows\System32\oddbse32K.dll

[1] 2009-12-08 18:29:32 108032 C:\Windows\System32\oddbse32K.dll ()

Finished!


Report •

#19
December 11, 2009 at 09:51:01
Heres the OTL Log.


OTL logfile created on: 12/11/2009 12:49:16 PM - Run 1
OTL by OldTimer - Version 3.1.15.1 Folder = C:\Users\Dustin\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 88.16% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.08 Gb Total Space | 88.85 Gb Free Space | 40.19% Space Free | Partition Type: NTFS
Drive D: | 11.71 Gb Total Space | 2.03 Gb Free Space | 17.34% Space Free | Partition Type: NTFS
Drive E: | 650.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DUSTIN-PC
Current User Name: Dustin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009/12/11 12:42:35 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Users\Dustin\Desktop\OTL.exe
PRC - [2009/12/10 15:45:40 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/10 08:15:49 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/10/10 08:15:43 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/10/10 08:15:41 | 01,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe
PRC - [2009/10/10 06:08:55 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/10/10 06:08:55 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/10/10 06:08:51 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/10/10 06:08:51 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009/09/04 12:16:54 | 00,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/08/03 00:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/16 17:45:24 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2009/06/16 17:45:22 | 00,252,952 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2009/06/16 17:45:20 | 00,150,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2009/06/16 17:45:12 | 00,173,592 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2009/06/11 12:14:02 | 00,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\YouCam\YouCamTray.exe
PRC - [2009/05/18 17:04:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/05/05 10:01:46 | 01,466,368 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2008/06/11 22:43:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/03/28 01:06:00 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/03/28 01:05:00 | 01,045,800 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/01/15 02:26:18 | 04,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/09/02 12:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/01/25 03:52:26 | 00,065,536 | ---- | M] () -- C:\Program Files\Common Files\NMSAccessU.exe
PRC - [2006/10/26 23:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009/12/11 12:42:35 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Users\Dustin\Desktop\OTL.exe
MOD - [2009/07/13 20:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 20:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 20:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 20:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/12/11 01:41:14 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/10 08:15:43 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/10/10 08:15:41 | 01,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgfws8.exe -- (avgfws8)
SRV - [2009/10/10 06:08:51 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/09/04 12:17:00 | 00,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 12:16:54 | 05,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/07/13 20:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 20:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 20:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/18 17:04:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/08/15 05:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/01/25 03:52:26 | 00,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009/10/10 06:09:07 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/10/10 06:09:06 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/10/10 06:09:02 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/10 06:08:57 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/10/10 06:08:43 | 00,023,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/07/13 20:26:21 | 00,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 00,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 00,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 00,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 00,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 00,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 00,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:26:15 | 00,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 00,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:26:15 | 00,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:20:44 | 00,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:20:44 | 00,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:37 | 00,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 00,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:20:36 | 00,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 00,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 20:20:36 | 00,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 00,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 00,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 00,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 00,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:20:28 | 00,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 00,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 00,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 00,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:19:11 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:10 | 00,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 00,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:19:10 | 00,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 00,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 00,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:04 | 01,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 00,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:19:04 | 00,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 00,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 00,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 00,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:17:54 | 00,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 19:57:25 | 00,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:02:41 | 00,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 00,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 18:55:25 | 00,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2009/07/13 18:55:00 | 00,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:52:44 | 00,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:04 | 00,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 18:52:02 | 00,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:52:00 | 00,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 18:51:35 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:11 | 00,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/07/13 18:51:08 | 00,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 00,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:45:26 | 00,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 18:36:52 | 00,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 18:33:50 | 00,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:28:47 | 00,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 00,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:24:05 | 00,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:19:21 | 00,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 18:16:36 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:11:04 | 00,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 17:54:14 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:02:49 | 00,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:48 | 03,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 00,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 15:50:20 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009/07/07 23:45:32 | 02,506,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/06/16 17:28:22 | 04,756,992 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/05/05 11:15:58 | 01,095,808 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/03/01 22:05:32 | 00,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/02/24 18:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/03/28 01:06:00 | 00,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/15 10:19:04 | 02,047,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/11 01:30:22 | 00,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2006/11/14 16:35:20 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/12/22 16:02:22 | 00,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 19:28:32 | 00,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)



Report •

#20
December 11, 2009 at 09:51:15
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-159465187-712498090-4040226270-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-159465187-712498090-4040226270-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-159465187-712498090-4040226270-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-159465187-712498090-4040226270-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC EF 77 1D 55 79 CA 01 [binary data]
IE - HKU\S-1-5-21-159465187-712498090-4040226270-1001\S-1-5-21-159465187-712498090-4040226270-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.424
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.8.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.5.1.110


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/11/02 23:06:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/08 21:11:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/11 01:52:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009/10/10 05:45:40 | 00,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Mozilla\Extensions
[2009/12/11 02:47:33 | 00,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\9ksi6ix5.default\extensions
[2009/10/15 22:21:44 | 00,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\9ksi6ix5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/10 21:53:40 | 00,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\9ksi6ix5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/12/11 02:47:28 | 00,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\9ksi6ix5.default\extensions\toolbar@ask.com
[2009/12/10 17:13:26 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (509 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-159465187-712498090-4040226270-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-159465187-712498090-4040226270-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-159465187-712498090-4040226270-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-159465187-712498090-4040226270-1001_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKU\S-1-5-21-159465187-712498090-4040226270-1001\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009/12/11 12:42:20 | 00,537,600 | ---- | C] (OldTimer Tools) -- C:\Users\Dustin\Desktop\OTL.exe
[2009/12/11 02:48:32 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/12/11 02:42:07 | 00,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2009/12/11 02:27:17 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\Funny Pix
[2009/12/11 02:26:52 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\Chimp Games
[2009/12/11 02:26:43 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\Documents
[2009/12/11 02:11:10 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2009/12/11 01:57:15 | 00,000,000 | ---D | C] -- C:\ProgramData\ALM
[2009/12/11 01:53:09 | 00,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2009/12/11 01:46:28 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2009/12/11 01:45:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/12/11 01:41:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/12/11 01:08:34 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\Adobe
[2009/12/10 23:15:44 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/12/10 23:10:36 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\temp
[2009/12/10 23:02:47 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/12/10 23:02:25 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\GooredFix Backups
[2009/12/10 21:53:49 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\QuickScan
[2009/12/10 17:28:20 | 00,000,000 | ---D | C] -- C:\gmer
[2009/12/10 17:08:53 | 00,000,000 | ---D | C] -- C:\ProgramData\RegAce
[2009/12/10 17:08:44 | 00,000,000 | ---D | C] -- C:\Program Files\RegAce
[2009/12/10 16:56:49 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/10 16:47:15 | 00,071,848 | ---- | C] (jpshortstuff) -- C:\Users\Dustin\Desktop\GooredFix.exe
[2009/12/10 16:16:06 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/12/10 15:45:47 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/12/10 15:45:47 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/12/10 15:45:47 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/12/10 15:45:38 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/12/10 15:08:38 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/12/10 15:08:38 | 00,000,000 | ---D | C] -- C:\rsit
[2009/12/10 04:10:33 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/12/10 04:10:33 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/12/10 04:10:33 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/12/10 04:10:33 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/12/10 03:09:00 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\ESET
[2009/12/10 02:51:41 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\Downloaded Installations
[2009/12/10 02:51:00 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Documents\RegRun2
[2009/12/10 02:50:46 | 00,012,752 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys
[2009/12/10 02:49:37 | 00,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2009/12/10 02:32:38 | 00,000,000 | ---D | C] -- C:\ProgramData\ESET
[2009/12/10 01:21:47 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Summitsoft
[2009/12/10 01:21:47 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Documents\My Logo Design Studio Projects
[2009/12/10 01:17:22 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Documents\Website Layout Maker
[2009/12/10 01:16:31 | 00,000,000 | ---D | C] -- C:\Program Files\Website Layout Maker
[2009/12/09 22:39:39 | 00,604,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMCTL32.OCX
[2009/12/09 22:39:39 | 00,000,000 | ---D | C] -- C:\Program Files\WebSite X5 v8 - Evolution
[2009/12/09 22:38:55 | 01,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVBVM50.dll
[2009/12/09 22:38:55 | 00,207,872 | ---- | C] (Incomedia - www.websitex5.com) -- C:\Windows\System32\iwpsetup.exe
[2009/12/09 22:38:55 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5STKIT.DLL
[2009/12/09 22:31:23 | 00,000,000 | --SD | C] -- C:\Users\Dustin\Documents\My Web Sites
[2009/12/09 22:28:28 | 00,000,000 | ---D | C] -- C:\Program Files\WPF Toolkit
[2009/12/09 22:28:18 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/12/09 22:28:00 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2009/12/09 22:27:06 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Expression
[2009/12/09 21:01:23 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Stormdance
[2009/12/09 21:01:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Stormdance
[2009/12/09 21:00:42 | 00,000,000 | ---D | C] -- C:\Program Files\Antenna
[2009/12/09 20:51:14 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\Website Design
[2009/12/09 20:39:37 | 00,000,000 | ---D | C] -- C:\StudioLine3
[2009/12/09 20:39:37 | 00,000,000 | ---D | C] -- C:\Program Files\StudioLine Web
[2009/12/09 20:18:56 | 00,000,000 | ---D | C] -- C:\Program Files\BannerDesignerPro
[2009/12/09 20:00:06 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\MAGIX
[2009/12/09 20:00:05 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\Xara
[2009/12/09 19:59:57 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2009/12/09 19:57:23 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Documents\MAGIX_Xtreme_Web_Designer_5_Download_Version
[2009/12/09 19:57:23 | 00,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2009/12/09 19:57:23 | 00,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2009/12/09 19:56:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2009/12/09 19:44:16 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/12/09 18:22:02 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Documents\MyLogoMaker
[2009/12/09 18:21:59 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\MyLogoMaker
[2009/12/09 18:19:20 | 00,000,000 | ---D | C] -- C:\Program Files\MySoftware
[2009/12/09 16:00:00 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Serif
[2009/12/09 15:58:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/12/09 15:57:25 | 00,000,000 | ---D | C] -- C:\Program Files\Serif
[2009/12/09 15:54:56 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\DAEMON Tools Lite
[2009/12/09 15:54:54 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2009/12/09 14:26:09 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\Website
[2009/12/09 13:17:51 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Documents\BlueVoda
[2009/12/09 13:17:13 | 00,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2009/12/09 13:16:48 | 00,000,000 | ---D | C] -- C:\Program Files\BlueVoda Website Builder
[2009/12/09 12:21:41 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/12/09 04:07:41 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/12/09 03:07:07 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Malwarebytes
[2009/12/09 03:07:02 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/09 03:07:00 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/09 03:06:59 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/09 03:06:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/09 02:51:48 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/12/09 02:48:23 | 00,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2009/12/08 18:43:04 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\InstallShield
[2009/12/08 18:31:06 | 00,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2009/12/08 18:31:00 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2009/12/08 18:24:03 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\IDMComp
[2009/12/08 18:24:03 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AC94B85D500D4B98ADE53E391934BB0A.TMP
[2009/12/08 18:22:48 | 00,000,000 | ---D | C] -- C:\Program Files\IDM Computer Solutions
[2009/12/08 18:21:09 | 00,000,000 | ---D | C] -- C:\Users\Dustin\D9E839BE66FC48C9BF97DB2802197EA7.TMP
[2009/12/08 18:16:36 | 00,000,000 | -H-D | C] -- C:\ProgramData\{88C30C03-9CEB-4B20-8E87-D79916B8B645}
[2009/12/08 17:55:39 | 00,000,000 | ---D | C] -- C:\Program Files\BackToTheBeach
[2009/12/08 17:55:38 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\BackToTheBeach
[2009/12/08 17:55:37 | 00,000,000 | ---D | C] -- C:\ProgramData\BackToTheBeach
[2009/12/08 17:11:45 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\Diagnostics
[2009/12/08 16:55:56 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Documents\Web Easy
[2009/12/08 01:19:25 | 00,059,392 | ---- | C] (JGsoft - Just Great Software) -- C:\Windows\UnDeploy.exe
[2009/12/08 00:42:07 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\TechSmith
[2009/12/06 23:46:42 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2009/12/06 23:46:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2009/11/30 19:30:07 | 00,000,000 | ---D | C] -- C:\ProgramData\QuickTime
[2009/11/30 19:29:50 | 00,000,000 | ---D | C] -- C:\Program Files\eMedia Rock Guitar Method
[2009/11/30 15:53:46 | 00,116,736 | ---- | C] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys
[2009/11/30 15:53:40 | 00,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2009/11/29 21:57:15 | 00,000,000 | ---D | C] -- C:\Program Files\eMedia Guitar Method
[2009/11/29 21:38:51 | 00,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2009/11/29 21:21:24 | 00,000,000 | ---D | C] -- C:\Program Files\Guitar Pro 5
[2009/11/25 03:00:42 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/11/24 17:55:34 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\skypePM
[2009/11/24 17:51:38 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Skype
[2009/11/24 17:51:12 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/11/24 17:51:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/11/24 17:51:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/11/22 21:35:57 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\Themes
[2009/11/12 01:35:45 | 00,038,968 | ---- | C] (Resplendence Software Projects Sp) -- C:\Windows\System32\rrMon.sys
[2009/11/12 01:16:55 | 00,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
[2009/11/12 01:12:45 | 00,000,000 | ---D | C] -- C:\Program Files\Easy Video Splitter
[2 C:\Users\Dustin\*.tmp files -> C:\Users\Dustin\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009/12/11 12:48:56 | 03,407,872 | -HS- | M] () -- C:\Users\Dustin\NTUSER.DAT
[2009/12/11 12:42:35 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Users\Dustin\Desktop\OTL.exe
[2009/12/11 12:40:50 | 00,047,616 | ---- | M] () -- C:\Users\Dustin\Desktop\Win32kDiag.exe
[2009/12/11 08:34:18 | 46,485,781 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/12/11 08:34:18 | 00,122,996 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/12/11 02:50:05 | 00,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/11 02:50:05 | 00,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/11 02:49:26 | 00,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/11 02:49:26 | 00,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/11 02:49:26 | 00,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/11 02:48:32 | 00,000,913 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2009/12/11 02:45:02 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/11 02:44:56 | 02,410,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/11 02:44:34 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/11 02:44:25 | 24,083,90656 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/11 02:43:10 | 02,268,348 | -H-- | M] () -- C:\Users\Dustin\AppData\Local\IconCache.db
[2009/12/11 02:19:05 | 00,057,344 | ---- | M] () -- C:\Users\Dustin\Documents\Book 1.indb
[2009/12/11 02:12:43 | 00,146,872 | ---- | M] () -- C:\Users\Dustin\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/11 02:04:02 | 00,000,509 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/12/10 23:12:31 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/12/10 23:01:24 | 00,781,909 | ---- | M] () -- C:\Users\Dustin\Desktop\RSIT.exe
[2009/12/10 20:36:01 | 00,000,322 | ---- | M] () -- C:\Windows\tasks\RegAce Scheduled Scan - Dustin.job
[2009/12/10 20:33:14 | 03,848,506 | R--- | M] () -- C:\Users\Dustin\Desktop\Combo-Fix.exe
[2009/12/10 19:26:08 | 00,077,312 | ---- | M] () -- C:\mbr.exe
[2009/12/10 16:47:16 | 00,071,848 | ---- | M] (jpshortstuff) -- C:\Users\Dustin\Desktop\GooredFix.exe
[2009/12/10 15:45:40 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/12/10 15:45:40 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/12/10 15:45:40 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/12/10 15:45:39 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/12/10 02:51:33 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/12/10 02:51:33 | 00,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2009/12/10 02:51:33 | 00,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\Windows\PEV.exe
[2009/12/09 20:39:48 | 00,000,052 | ---- | M] () -- C:\Windows\Relax.ini
[2009/12/09 20:33:24 | 00,000,068 | ---- | M] () -- C:\Windows\MyProg.ini
[2009/12/09 14:32:30 | 00,000,031 | ---- | M] () -- C:\Windows\bluevoda.ini
[2009/12/09 13:16:43 | 00,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2009/12/09 03:07:05 | 00,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/09 02:51:49 | 00,001,831 | ---- | M] () -- C:\Users\Dustin\Desktop\CCleaner.lnk
[2009/12/08 18:29:32 | 00,108,032 | RHS- | M] () -- C:\Windows\System32\oddbse32K.dll
[2009/12/08 17:04:12 | 00,000,025 | ---- | M] () -- C:\Windows\WebEasy.INI
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/02 23:28:10 | 00,015,347 | ---- | M] () -- C:\Users\Dustin\Documents\Performance Critique.docx
[2009/11/30 19:30:00 | 00,000,494 | ---- | M] () -- C:\Windows\win.ini
[2009/11/24 17:55:34 | 00,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2009/11/19 02:22:46 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2 C:\Users\Dustin\*.tmp files -> C:\Users\Dustin\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009/12/11 12:40:38 | 00,047,616 | ---- | C] () -- C:\Users\Dustin\Desktop\Win32kDiag.exe
[2009/12/11 02:48:32 | 00,000,913 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2009/12/11 02:19:04 | 00,057,344 | ---- | C] () -- C:\Users\Dustin\Documents\Book 1.indb
[2009/12/10 23:01:07 | 00,781,909 | ---- | C] () -- C:\Users\Dustin\Desktop\RSIT.exe
[2009/12/10 20:33:13 | 03,848,506 | R--- | C] () -- C:\Users\Dustin\Desktop\Combo-Fix.exe
[2009/12/10 19:26:06 | 00,077,312 | ---- | C] () -- C:\mbr.exe
[2009/12/10 17:08:59 | 00,000,322 | ---- | C] () -- C:\Windows\tasks\RegAce Scheduled Scan - Dustin.job
[2009/12/10 04:10:33 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2009/12/10 04:10:33 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/12/10 04:10:33 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/12/10 04:10:33 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/12/10 04:10:33 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/12/10 02:51:33 | 00,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2009/12/09 22:38:55 | 00,006,114 | ---- | C] () -- C:\Windows\System32\SHELLLNK.TLB
[2009/12/09 20:39:48 | 00,000,052 | ---- | C] () -- C:\Windows\Relax.ini
[2009/12/09 20:33:24 | 00,000,068 | ---- | C] () -- C:\Windows\MyProg.ini
[2009/12/09 19:57:23 | 00,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/12/09 14:32:30 | 00,000,031 | ---- | C] () -- C:\Windows\bluevoda.ini
[2009/12/09 03:07:05 | 00,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/09 02:51:49 | 00,001,831 | ---- | C] () -- C:\Users\Dustin\Desktop\CCleaner.lnk
[2009/12/08 18:29:32 | 00,108,032 | RHS- | C] () -- C:\Windows\System32\oddbse32K.dll
[2009/12/08 17:04:12 | 00,000,025 | ---- | C] () -- C:\Windows\WebEasy.INI
[2009/12/08 01:16:23 | 00,994,237 | ---- | C] () -- C:\Users\Dustin\Desktop\AffMasters.pdf
[2009/12/02 23:28:10 | 00,015,347 | ---- | C] () -- C:\Users\Dustin\Documents\Performance Critique.docx
[2009/11/30 15:52:49 | 65,219,1744 | ---- | C] () -- C:\Users\Dustin\Desktop\eMedia_Guitar_Method_v4.iso
[2009/11/24 17:55:34 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/12 01:16:56 | 00,120,376 | ---- | C] () -- C:\Windows\System32\rrsec.dll
[2009/11/12 01:16:56 | 00,097,888 | ---- | C] () -- C:\Windows\System32\rrsec2k.exe
[2009/10/26 17:13:26 | 00,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/10/19 17:36:52 | 00,000,258 | -H-- | C] () -- C:\ProgramData\tmaster8.net
[2009/10/10 12:56:42 | 00,003,584 | ---- | C] () -- C:\Users\Dustin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/10 06:13:59 | 00,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/07/13 18:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/18 05:16:39 | 00,131,072 | ---- | C] () -- C:\Windows\System32\ms-nctoudm.dll
[2009/05/07 18:41:00 | 00,009,849 | ---- | C] () -- C:\Windows\System32\mswnntouem.dll
[2007/01/25 03:52:26 | 00,065,536 | ---- | C] () -- C:\Program Files\Common Files\NMSAccessU.exe
[2006/03/09 15:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/06 18:06:00 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 280 bytes -> C:\ProgramData\Temp:E6E3D650
< End of report >

Report •

#21
December 11, 2009 at 09:51:41
OTL Extras.

OTL Extras logfile created on: 12/11/2009 12:49:16 PM - Run 1
OTL by OldTimer - Version 3.1.15.1 Folder = C:\Users\Dustin\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 88.16% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.08 Gb Total Space | 88.85 Gb Free Space | 40.19% Space Free | Partition Type: NTFS
Drive D: | 11.71 Gb Total Space | 2.03 Gb Free Space | 17.34% Space Free | Partition Type: NTFS
Drive E: | 650.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DUSTIN-PC
Current User Name: Dustin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-159465187-712498090-4040226270-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05BC428A-F2A5-4E11-8130-10C3237FD67B}" = Serif WebPlus X2 Resources
"{079446C0-A852-4CF8-9EE0-63BDF8F76A0F}" = Web Easy Professional 7
"{0985219E-8B06-417B-A202-A1B66163F78E}" = Web Easy Professional 7
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E837AF0-4C92-4077-83F0-D022073F17C0}" = Microsoft Expression Blend 3 SDK
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3404CD66-E6F3-4CD9-B5A0-56AA1E1C1520}" = Web Easy Professional 7
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44F7BA74-C11A-49FC-B2FC-1B827C491F74}" = Microsoft Expression Studio 3
"{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}" = Camtasia Studio 6
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1)
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65BCF909-6AF7-4B01-8EB3-713CE2873DC8}" = Microsoft Expression Web 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}" = Serif WebPlus X2
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94056AE8-EF0F-45E4-A1B4-D754115F8A28}" = Numedia CD-DVD writing as non-admin user
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9521E662-CA9E-11D8-AF05-0050708557B4}" = eMedia Rock Guitar Method
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A4FA40F1-B88C-4BDF-B291-ED34982CB48F}" = Microsoft Expression Blend 3
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC94B85D-500D-4B98-ADE5-3E391934BB0A}" = UltraCompare v6.40
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C8A47C0C-B2FF-4EB1-8180-2C39996AD22D}" = Web Studio 5.0
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D16AA51D-2BE9-421A-84A7-759578E64A74}" = Web Easy Professional 7
"{D2A6C498-9484-4C1F-A944-38CC62079157}" = Web Easy Professional 7
"{D9E839BE-66FC-48C9-BF97-DB2802197EA7}" = UEStudio '09.30
"{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E9980014-BE11-4891-A5F4-0F2917B856BC}" = Microsoft Expression Design 3
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1F1A2AD-A1CE-4D9D-B510-31F280B45E0B}" = Microsoft Expression Encoder 3
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF47C88B-7713-4113-8A74-A8BDC3D350EB}" = Web Easy Professional 7
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"AIM_7" = AIM 7
"Antenna" = Antenna
"AVG8Uninstall" = AVG 8.5
"Banner Designer Pro v4.0" = Banner Designer Pro v4.0
"BlueVoda_Website_Builder_1.0" = BlueVoda Website Builder 8.0
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comical_is1" = Comical 0.8
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"Incomedia WebSite X5 v8 - Evolution" = Incomedia WebSite X5 v8 - Evolution
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MAGIX Xtreme Web Designer 5 Download Version UK" = MAGIX Xtreme Web Designer 5 Download Version 5.0.1.10136 (UK)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MyLogoMaker_is1" = MyLogoMaker 3.0
"Photof---et" = Photof---et
"RegAce_mp1" = RegAce V1.2
"Registrar_is1" = Registrar Registry Manager 6.50
"RocketDock_is1" = RocketDock 1.3.5
"Security Task Manager" = Security Task Manager 1.7h
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SpywareBlaster_is1" = SpywareBlaster 4.2
"StudioLine Web" = StudioLine Web
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnHackMe_is1" = UnHackMe 5.00 release
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.2
"Web Studio 5.0" = Web Studio 5.0
"WebsiteLayoutMaker" = Uninstall Website Layout Maker
"WinRAR archiver" = WinRAR archiver
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"Zune" = Zune

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 12/8/2009 7:21:34 PM | Computer Name = Dustin-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 12/8/2009 7:51:21 PM | Computer Name = Dustin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WebEasy.exe, version: 7.1.0.5, time stamp:
0x47020cf8 Faulting module name: WebEasy.exe, version: 7.1.0.5, time stamp: 0x47020cf8
Exception
code: 0xc0000005 Fault offset: 0x002681b3 Faulting process id: 0x13f8 Faulting application
start time: 0x01ca78611f5c0b06 Faulting application path: C:\Program Files\Avanquest\Web
Easy Professional 7\WebEasy.exe Faulting module path: C:\Program Files\Avanquest\Web
Easy Professional 7\WebEasy.exe Report Id: 9552f4b0-e454-11de-bae0-001e682cdf86

Error - 12/8/2009 7:51:23 PM | Computer Name = Dustin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WebEasy.exe, version: 7.1.0.5, time stamp:
0x47020cf8 Faulting module name: fpxlib.dll, version: 1.1.0.0, time stamp: 0x34ff7e5b
Exception
code: 0xc0000005 Fault offset: 0x0004b477 Faulting process id: 0x13f8 Faulting application
start time: 0x01ca78611f5c0b06 Faulting application path: C:\Program Files\Avanquest\Web
Easy Professional 7\WebEasy.exe Faulting module path: C:\Program Files\Avanquest\Web
Easy Professional 7\fpxlib.dll Report Id: 96d49145-e454-11de-bae0-001e682cdf86

Error - 12/8/2009 8:36:54 PM | Computer Name = Dustin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WebEasy.exe, version: 8.0.0.6, time stamp:
0x4a276968 Faulting module name: WebEasy.exe, version: 8.0.0.6, time stamp: 0x4a276968
Exception
code: 0xc0000005 Fault offset: 0x00272eb3 Faulting process id: 0x2bc Faulting application
start time: 0x01ca786745540044 Faulting application path: C:\Program Files\Avanquest\Web
Easy Professional 8\WebEasy.exe Faulting module path: C:\Program Files\Avanquest\Web
Easy Professional 8\WebEasy.exe Report Id: f25c8ad7-e45a-11de-bc23-001e682cdf86

Error - 12/8/2009 8:36:56 PM | Computer Name = Dustin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WebEasy.exe, version: 8.0.0.6, time stamp:
0x4a276968 Faulting module name: fpxlib.dll, version: 1.1.0.0, time stamp: 0x34ff7e5b
Exception
code: 0xc0000005 Fault offset: 0x0004b3cb Faulting process id: 0x2bc Faulting application
start time: 0x01ca786745540044 Faulting application path: C:\Program Files\Avanquest\Web
Easy Professional 8\WebEasy.exe Faulting module path: C:\Program Files\Avanquest\Web
Easy Professional 8\fpxlib.dll Report Id: f4043fc8-e45a-11de-bc23-001e682cdf86

Error - 12/10/2009 3:32:59 AM | Computer Name = Dustin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A certificate chain could not be built to a trusted root authority.
.

Error - 12/10/2009 5:18:06 AM | Computer Name = Dustin-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 12/10/2009 5:19:27 AM | Computer Name = Dustin-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 12/11/2009 4:14:54 AM | Computer Name = Dustin-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 12/11/2009 9:31:38 AM | Computer Name = Dustin-PC | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 12/10/2009 9:38:11 PM | Computer Name = Dustin-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/10/2009 9:44:17 PM | Computer Name = Dustin-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/10/2009 11:03:22 PM | Computer Name = Dustin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:02:19 PM on ?12/?10/?2009 was unexpected.

Error - 12/11/2009 12:04:02 AM | Computer Name = Dustin-PC | Source = Service Control Manager | ID = 7034
Description = The NMSAccessU service terminated unexpectedly. It has done this
1 time(s).

Error - 12/11/2009 12:04:03 AM | Computer Name = Dustin-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/11/2009 12:11:44 AM | Computer Name = Dustin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:10:18 PM on ?12/?10/?2009 was unexpected.

Error - 12/11/2009 1:54:31 AM | Computer Name = Dustin-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.

Error - 12/11/2009 2:43:14 AM | Computer Name = Dustin-PC | Source = Service Control Manager | ID = 7031
Description = The AVG8 WatchDog service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 12/11/2009 2:44:25 AM | Computer Name = Dustin-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.

Error - 12/11/2009 2:45:08 AM | Computer Name = Dustin-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.


< End of report >


Report •

#22
December 11, 2009 at 10:07:27
Heres the Custom OTL Scan log...


OTL logfile created on: 12/11/2009 12:58:22 PM - Run 2
OTL by OldTimer - Version 3.1.15.1 Folder = C:\Users\Dustin\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 91.10% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.08 Gb Total Space | 88.85 Gb Free Space | 40.19% Space Free | Partition Type: NTFS
Drive D: | 11.71 Gb Total Space | 2.03 Gb Free Space | 17.34% Space Free | Partition Type: NTFS
Drive E: | 650.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DUSTIN-PC
Current User Name: Dustin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009/12/11 12:42:35 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Users\Dustin\Desktop\OTL.exe
PRC - [2009/12/10 15:45:40 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/10 08:15:49 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/10/10 08:15:43 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/10/10 08:15:41 | 01,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe
PRC - [2009/10/10 06:08:55 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/10/10 06:08:55 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/10/10 06:08:51 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/10/10 06:08:51 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009/09/04 12:16:54 | 00,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/08/03 00:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/16 17:45:24 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2009/06/16 17:45:22 | 00,252,952 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2009/06/16 17:45:20 | 00,150,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2009/06/16 17:45:12 | 00,173,592 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2009/06/11 12:14:02 | 00,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\YouCam\YouCamTray.exe
PRC - [2009/05/18 17:04:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/05/05 10:01:46 | 01,466,368 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2008/06/11 22:43:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/03/28 01:06:00 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/03/28 01:05:00 | 01,045,800 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/01/15 02:26:18 | 04,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/09/02 12:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/01/25 03:52:26 | 00,065,536 | ---- | M] () -- C:\Program Files\Common Files\NMSAccessU.exe
PRC - [2006/10/26 23:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009/12/11 12:42:35 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Users\Dustin\Desktop\OTL.exe
MOD - [2009/07/13 20:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 20:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 20:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 20:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/12/11 01:41:14 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/10 08:15:43 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/10/10 08:15:41 | 01,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgfws8.exe -- (avgfws8)
SRV - [2009/10/10 06:08:51 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/09/04 12:17:00 | 00,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 12:16:54 | 05,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/07/13 20:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 20:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 20:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/18 17:04:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/08/15 05:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/01/25 03:52:26 | 00,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009/10/10 06:09:07 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/10/10 06:09:06 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/10/10 06:09:02 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/10 06:08:57 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/10/10 06:08:43 | 00,023,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/07/13 20:26:21 | 00,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 00,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 00,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 00,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 00,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 00,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 00,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:26:15 | 00,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 00,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:26:15 | 00,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:20:44 | 00,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:20:44 | 00,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:37 | 00,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 00,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:20:36 | 00,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 00,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 20:20:36 | 00,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 00,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 00,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 00,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 00,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:20:28 | 00,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 00,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 00,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 00,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:19:11 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:10 | 00,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 00,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:19:10 | 00,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 00,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 00,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:04 | 01,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 00,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:19:04 | 00,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 00,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 00,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 00,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:17:54 | 00,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 19:57:25 | 00,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:02:41 | 00,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 00,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 18:55:25 | 00,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2009/07/13 18:55:00 | 00,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:52:44 | 00,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:04 | 00,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 18:52:02 | 00,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:52:00 | 00,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 18:51:35 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:11 | 00,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/07/13 18:51:08 | 00,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 00,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:45:26 | 00,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 18:36:52 | 00,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 18:33:50 | 00,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:28:47 | 00,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 00,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:24:05 | 00,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:19:21 | 00,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 18:16:36 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:11:04 | 00,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 17:54:14 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:02:49 | 00,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:48 | 03,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 00,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 15:50:20 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009/07/07 23:45:32 | 02,506,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/06/16 17:28:22 | 04,756,992 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/05/05 11:15:58 | 01,095,808 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/03/01 22:05:32 | 00,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/02/24 18:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/03/28 01:06:00 | 00,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/15 10:19:04 | 02,047,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/11 01:30:22 | 00,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2006/11/14 16:35:20 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/12/22 16:02:22 | 00,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 19:28:32 | 00,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC EF 77 1D 55 79 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.424
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.8.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.5.1.110


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/11/02 23:06:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/08 21:11:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/11 01:52:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009/10/10 05:45:40 | 00,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Mozilla\Extensions
[2009/12/11 02:47:33 | 00,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\9ksi6ix5.default\extensions
[2009/10/15 22:21:44 | 00,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\9ksi6ix5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/10 21:53:40 | 00,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\9ksi6ix5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/12/11 02:47:28 | 00,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\9ksi6ix5.default\extensions\toolbar@ask.com
[2009/12/10 17:13:26 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (509 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found


Report •

#23
December 11, 2009 at 10:07:40
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 21:37:08 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009/12/11 12:42:20 | 00,537,600 | ---- | C] (OldTimer Tools) -- C:\Users\Dustin\Desktop\OTL.exe
[2009/12/11 02:48:32 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/12/11 02:42:07 | 00,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2009/12/11 02:27:17 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\Funny Pix
[2009/12/11 02:26:52 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\Chimp Games
[2009/12/11 02:26:43 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\Documents
[2009/12/11 02:11:10 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2009/12/11 01:57:15 | 00,000,000 | ---D | C] -- C:\ProgramData\ALM
[2009/12/11 01:53:09 | 00,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2009/12/11 01:46:28 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2009/12/11 01:45:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/12/11 01:41:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/12/11 01:08:34 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\Adobe
[2009/12/10 23:15:44 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/12/10 23:10:36 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\temp
[2009/12/10 23:02:47 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/12/10 23:02:25 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\GooredFix Backups
[2009/12/10 21:53:49 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\QuickScan
[2009/12/10 17:28:20 | 00,000,000 | ---D | C] -- C:\gmer
[2009/12/10 17:08:53 | 00,000,000 | ---D | C] -- C:\ProgramData\RegAce
[2009/12/10 17:08:44 | 00,000,000 | ---D | C] -- C:\Program Files\RegAce
[2009/12/10 16:56:49 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/10 16:47:15 | 00,071,848 | ---- | C] (jpshortstuff) -- C:\Users\Dustin\Desktop\GooredFix.exe
[2009/12/10 16:16:06 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/12/10 15:45:47 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/12/10 15:45:47 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/12/10 15:45:47 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/12/10 15:45:38 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/12/10 15:08:38 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/12/10 15:08:38 | 00,000,000 | ---D | C] -- C:\rsit
[2009/12/10 04:10:33 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/12/10 04:10:33 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/12/10 04:10:33 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/12/10 04:10:33 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/12/10 03:09:00 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\ESET
[2009/12/10 02:51:41 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\Downloaded Installations
[2009/12/10 02:51:00 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Documents\RegRun2
[2009/12/10 02:50:46 | 00,012,752 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys
[2009/12/10 02:49:37 | 00,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2009/12/10 02:32:38 | 00,000,000 | ---D | C] -- C:\ProgramData\ESET
[2009/12/10 01:21:47 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Summitsoft
[2009/12/10 01:21:47 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Documents\My Logo Design Studio Projects
[2009/12/10 01:17:22 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Documents\Website Layout Maker
[2009/12/10 01:16:31 | 00,000,000 | ---D | C] -- C:\Program Files\Website Layout Maker
[2009/12/09 22:39:39 | 00,604,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMCTL32.OCX
[2009/12/09 22:39:39 | 00,000,000 | ---D | C] -- C:\Program Files\WebSite X5 v8 - Evolution
[2009/12/09 22:38:55 | 01,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVBVM50.dll
[2009/12/09 22:38:55 | 00,207,872 | ---- | C] (Incomedia - www.websitex5.com) -- C:\Windows\System32\iwpsetup.exe
[2009/12/09 22:38:55 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5STKIT.DLL
[2009/12/09 22:31:23 | 00,000,000 | --SD | C] -- C:\Users\Dustin\Documents\My Web Sites
[2009/12/09 22:28:28 | 00,000,000 | ---D | C] -- C:\Program Files\WPF Toolkit
[2009/12/09 22:28:18 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/12/09 22:28:00 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2009/12/09 22:27:06 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Expression
[2009/12/09 21:01:23 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Stormdance
[2009/12/09 21:01:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Stormdance
[2009/12/09 21:00:42 | 00,000,000 | ---D | C] -- C:\Program Files\Antenna
[2009/12/09 20:51:14 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\Website Design
[2009/12/09 20:39:37 | 00,000,000 | ---D | C] -- C:\StudioLine3
[2009/12/09 20:39:37 | 00,000,000 | ---D | C] -- C:\Program Files\StudioLine Web
[2009/12/09 20:18:56 | 00,000,000 | ---D | C] -- C:\Program Files\BannerDesignerPro
[2009/12/09 20:00:06 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\MAGIX
[2009/12/09 20:00:05 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\Xara
[2009/12/09 19:59:57 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2009/12/09 19:57:23 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Documents\MAGIX_Xtreme_Web_Designer_5_Download_Version
[2009/12/09 19:57:23 | 00,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2009/12/09 19:57:23 | 00,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2009/12/09 19:56:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2009/12/09 19:44:16 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/12/09 18:22:02 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Documents\MyLogoMaker
[2009/12/09 18:21:59 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\MyLogoMaker
[2009/12/09 18:19:20 | 00,000,000 | ---D | C] -- C:\Program Files\MySoftware
[2009/12/09 16:00:00 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Serif
[2009/12/09 15:58:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/12/09 15:57:25 | 00,000,000 | ---D | C] -- C:\Program Files\Serif
[2009/12/09 15:54:56 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\DAEMON Tools Lite
[2009/12/09 15:54:54 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2009/12/09 14:26:09 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\Website
[2009/12/09 13:17:51 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Documents\BlueVoda
[2009/12/09 13:17:13 | 00,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2009/12/09 13:16:48 | 00,000,000 | ---D | C] -- C:\Program Files\BlueVoda Website Builder
[2009/12/09 12:21:41 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/12/09 04:07:41 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/12/09 03:07:07 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Malwarebytes
[2009/12/09 03:07:02 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/09 03:07:00 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/09 03:06:59 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/09 03:06:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/09 02:51:48 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/12/09 02:48:23 | 00,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2009/12/08 18:43:04 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\InstallShield
[2009/12/08 18:31:06 | 00,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2009/12/08 18:31:00 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2009/12/08 18:24:03 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\IDMComp
[2009/12/08 18:24:03 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AC94B85D500D4B98ADE53E391934BB0A.TMP
[2009/12/08 18:22:48 | 00,000,000 | ---D | C] -- C:\Program Files\IDM Computer Solutions
[2009/12/08 18:21:09 | 00,000,000 | ---D | C] -- C:\Users\Dustin\D9E839BE66FC48C9BF97DB2802197EA7.TMP
[2009/12/08 18:16:36 | 00,000,000 | -H-D | C] -- C:\ProgramData\{88C30C03-9CEB-4B20-8E87-D79916B8B645}
[2009/12/08 17:55:39 | 00,000,000 | ---D | C] -- C:\Program Files\BackToTheBeach
[2009/12/08 17:55:38 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\BackToTheBeach
[2009/12/08 17:55:37 | 00,000,000 | ---D | C] -- C:\ProgramData\BackToTheBeach
[2009/12/08 17:11:45 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\Diagnostics
[2009/12/08 16:55:56 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Documents\Web Easy
[2009/12/08 01:19:25 | 00,059,392 | ---- | C] (JGsoft - Just Great Software) -- C:\Windows\UnDeploy.exe
[2009/12/08 00:42:07 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\TechSmith
[2009/12/06 23:46:42 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2009/12/06 23:46:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2009/11/30 19:30:07 | 00,000,000 | ---D | C] -- C:\ProgramData\QuickTime
[2009/11/30 19:29:50 | 00,000,000 | ---D | C] -- C:\Program Files\eMedia Rock Guitar Method
[2009/11/30 15:53:46 | 00,116,736 | ---- | C] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys
[2009/11/30 15:53:40 | 00,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2009/11/29 21:57:15 | 00,000,000 | ---D | C] -- C:\Program Files\eMedia Guitar Method
[2009/11/29 21:38:51 | 00,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2009/11/29 21:21:24 | 00,000,000 | ---D | C] -- C:\Program Files\Guitar Pro 5
[2009/11/25 03:00:42 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/11/24 17:55:34 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\skypePM
[2009/11/24 17:51:38 | 00,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Skype
[2009/11/24 17:51:12 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/11/24 17:51:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/11/24 17:51:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/11/22 21:35:57 | 00,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\Themes
[2009/11/12 01:35:45 | 00,038,968 | ---- | C] (Resplendence Software Projects Sp) -- C:\Windows\System32\rrMon.sys
[2009/11/12 01:16:55 | 00,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
[2009/11/12 01:12:45 | 00,000,000 | ---D | C] -- C:\Program Files\Easy Video Splitter
[2 C:\Users\Dustin\*.tmp files -> C:\Users\Dustin\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009/12/11 12:57:20 | 03,407,872 | -HS- | M] () -- C:\Users\Dustin\NTUSER.DAT
[2009/12/11 12:42:35 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Users\Dustin\Desktop\OTL.exe
[2009/12/11 12:40:50 | 00,047,616 | ---- | M] () -- C:\Users\Dustin\Desktop\Win32kDiag.exe
[2009/12/11 08:34:18 | 46,485,781 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/12/11 08:34:18 | 00,122,996 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/12/11 02:50:05 | 00,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/11 02:50:05 | 00,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/11 02:49:26 | 00,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/11 02:49:26 | 00,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/11 02:49:26 | 00,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/11 02:48:32 | 00,000,913 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2009/12/11 02:45:02 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/11 02:44:56 | 02,410,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/11 02:44:34 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/11 02:44:25 | 24,083,90656 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/11 02:43:10 | 02,268,348 | -H-- | M] () -- C:\Users\Dustin\AppData\Local\IconCache.db
[2009/12/11 02:19:05 | 00,057,344 | ---- | M] () -- C:\Users\Dustin\Documents\Book 1.indb
[2009/12/11 02:12:43 | 00,146,872 | ---- | M] () -- C:\Users\Dustin\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/11 02:04:02 | 00,000,509 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/12/10 23:12:31 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/12/10 23:01:24 | 00,781,909 | ---- | M] () -- C:\Users\Dustin\Desktop\RSIT.exe
[2009/12/10 20:36:01 | 00,000,322 | ---- | M] () -- C:\Windows\tasks\RegAce Scheduled Scan - Dustin.job
[2009/12/10 20:33:14 | 03,848,506 | R--- | M] () -- C:\Users\Dustin\Desktop\Combo-Fix.exe
[2009/12/10 19:26:08 | 00,077,312 | ---- | M] () -- C:\mbr.exe
[2009/12/10 16:47:16 | 00,071,848 | ---- | M] (jpshortstuff) -- C:\Users\Dustin\Desktop\GooredFix.exe
[2009/12/10 15:45:40 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/12/10 15:45:40 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/12/10 15:45:40 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/12/10 15:45:39 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/12/10 02:51:33 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/12/10 02:51:33 | 00,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2009/12/10 02:51:33 | 00,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\Windows\PEV.exe
[2009/12/09 20:39:48 | 00,000,052 | ---- | M] () -- C:\Windows\Relax.ini
[2009/12/09 20:33:24 | 00,000,068 | ---- | M] () -- C:\Windows\MyProg.ini
[2009/12/09 14:32:30 | 00,000,031 | ---- | M] () -- C:\Windows\bluevoda.ini
[2009/12/09 13:16:43 | 00,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2009/12/09 03:07:05 | 00,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/09 02:51:49 | 00,001,831 | ---- | M] () -- C:\Users\Dustin\Desktop\CCleaner.lnk
[2009/12/08 18:29:32 | 00,108,032 | RHS- | M] () -- C:\Windows\System32\oddbse32K.dll
[2009/12/08 17:04:12 | 00,000,025 | ---- | M] () -- C:\Windows\WebEasy.INI
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/02 23:28:10 | 00,015,347 | ---- | M] () -- C:\Users\Dustin\Documents\Performance Critique.docx
[2009/11/30 19:30:00 | 00,000,494 | ---- | M] () -- C:\Windows\win.ini
[2009/11/24 17:55:34 | 00,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2009/11/19 02:22:46 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2 C:\Users\Dustin\*.tmp files -> C:\Users\Dustin\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009/12/11 12:40:38 | 00,047,616 | ---- | C] () -- C:\Users\Dustin\Desktop\Win32kDiag.exe
[2009/12/11 02:48:32 | 00,000,913 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2009/12/11 02:19:04 | 00,057,344 | ---- | C] () -- C:\Users\Dustin\Documents\Book 1.indb
[2009/12/10 23:01:07 | 00,781,909 | ---- | C] () -- C:\Users\Dustin\Desktop\RSIT.exe
[2009/12/10 20:33:13 | 03,848,506 | R--- | C] () -- C:\Users\Dustin\Desktop\Combo-Fix.exe
[2009/12/10 19:26:06 | 00,077,312 | ---- | C] () -- C:\mbr.exe
[2009/12/10 17:08:59 | 00,000,322 | ---- | C] () -- C:\Windows\tasks\RegAce Scheduled Scan - Dustin.job
[2009/12/10 04:10:33 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2009/12/10 04:10:33 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/12/10 04:10:33 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/12/10 04:10:33 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/12/10 04:10:33 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/12/10 02:51:33 | 00,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2009/12/09 22:38:55 | 00,006,114 | ---- | C] () -- C:\Windows\System32\SHELLLNK.TLB
[2009/12/09 20:39:48 | 00,000,052 | ---- | C] () -- C:\Windows\Relax.ini
[2009/12/09 20:33:24 | 00,000,068 | ---- | C] () -- C:\Windows\MyProg.ini
[2009/12/09 19:57:23 | 00,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/12/09 14:32:30 | 00,000,031 | ---- | C] () -- C:\Windows\bluevoda.ini
[2009/12/09 03:07:05 | 00,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/09 02:51:49 | 00,001,831 | ---- | C] () -- C:\Users\Dustin\Desktop\CCleaner.lnk
[2009/12/08 18:29:32 | 00,108,032 | RHS- | C] () -- C:\Windows\System32\oddbse32K.dll
[2009/12/08 17:04:12 | 00,000,025 | ---- | C] () -- C:\Windows\WebEasy.INI
[2009/12/08 01:16:23 | 00,994,237 | ---- | C] () -- C:\Users\Dustin\Desktop\AffMasters.pdf
[2009/12/02 23:28:10 | 00,015,347 | ---- | C] () -- C:\Users\Dustin\Documents\Performance Critique.docx
[2009/11/30 15:52:49 | 65,219,1744 | ---- | C] () -- C:\Users\Dustin\Desktop\eMedia_Guitar_Method_v4.iso
[2009/11/24 17:55:34 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/12 01:16:56 | 00,120,376 | ---- | C] () -- C:\Windows\System32\rrsec.dll
[2009/11/12 01:16:56 | 00,097,888 | ---- | C] () -- C:\Windows\System32\rrsec2k.exe
[2009/10/26 17:13:26 | 00,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/10/19 17:36:52 | 00,000,258 | -H-- | C] () -- C:\ProgramData\tmaster8.net
[2009/10/10 12:56:42 | 00,003,584 | ---- | C] () -- C:\Users\Dustin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/10 06:13:59 | 00,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/07/13 18:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/18 05:16:39 | 00,131,072 | ---- | C] () -- C:\Windows\System32\ms-nctoudm.dll
[2009/05/07 18:41:00 | 00,009,849 | ---- | C] () -- C:\Windows\System32\mswnntouem.dll
[2007/01/25 03:52:26 | 00,065,536 | ---- | C] () -- C:\Program Files\Common Files\NMSAccessU.exe
[2006/03/09 15:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/06 18:06:00 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2009/12/10 19:26:08 | 00,077,312 | ---- | M] () -- C:\mbr.exe

[color=#A23BEC]< %SYSTEMDRIVE%\eventlog.dll /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\scecli.dll /s /md5 >[/color]
[2009/07/13 20:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/13 20:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 20:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[color=#A23BEC]< %SYSTEMDRIVE%\netlogon.dll /s /md5 >[/color]
[2009/07/13 20:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/13 20:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 20:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

[color=#A23BEC]< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >[/color]
[2009/07/13 20:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/13 20:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 20:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[color=#A23BEC]< %SYSTEMDRIVE%\sceclt.dll /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\logevent.dll /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\iaStor.sys /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\nvstor*.sys /s /md5 >[/color]
[2009/07/13 20:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 20:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

[color=#A23BEC]< %SYSTEMDRIVE%\atapi* /s /md5 >[/color]
[2009/07/13 20:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 20:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 20:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[color=#A23BEC]< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\viasraid.sys /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\AGP440.sys /s /md5 >[/color]
[2009/07/13 20:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/13 20:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 20:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[color=#A23BEC]< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\viamraid.sys /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\nvata.sys /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\nvgts.sys /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\iastorv.sys /s /md5 >[/color]
[2009/07/13 20:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 20:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[color=#A23BEC]< %SYSTEMDRIVE%\ViPrt.sys /s /md5 >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\eNetHook.dll /s /md5 >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 280 bytes -> C:\ProgramData\Temp:E6E3D650
< End of report >

Report •

#24
December 11, 2009 at 17:07:49
any clue to what i should do next?

Report •

#25
December 11, 2009 at 19:26:32
Sorry I have not responded, I had to work late.

1. Download TDSSKiller and save it to your Desktop.
2. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
3. Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v


4. If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
5. When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


Report •

#26
December 11, 2009 at 20:53:37
I'm sorry, I thought you were all out of ideas. This thing is nasty and I haven't had a problem I couldn't solve with a virus/malware in the past. But heres the log you requested...

Host Name: DUSTIN-PC
OS Name: Microsoft Windows 7 Ultimate
OS Version: 6.1.7600 N/A Build 7600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: Dustin
Registered Organization:
Product ID:
Original Install Date: 10/10/2009, 6:35:10 AM
System Boot Time: 12/11/2009, 2:44:09 AM
System Manufacturer: Hewlett-Packard
System Model: HP Pavilion dv6700 Notebook PC
System Type: X86-based PC
Processor(s): 1 Processor(s) Installed.
[01]: x64 Family 6 Model 15 Stepping 13 GenuineIntel ~1833 Mhz
BIOS Version: Hewlett-Packard F.58 , 6/16/2008
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-05:00) Eastern Time (US & Canada)
Total Physical Memory: 3,062 MB
Available Physical Memory: 1,660 MB
Virtual Memory: Max Size: 6,123 MB
Virtual Memory: Available: 4,618 MB
Virtual Memory: In Use: 1,505 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\DUSTIN-PC
Hotfix(s): 11 Hotfix(s) Installed.
[01]: KB973525
[02]: KB973874
[03]: KB974332
[04]: KB974431
[05]: KB974455
[06]: KB974571
[07]: KB975364
[08]: KB975467
[09]: KB976098
[10]: KB976325
[11]: KB976749
Network Card(s): 2 NIC(s) Installed.
[01]: Broadcom 802.11g Network Adapter
Connection Name: Wireless Network Connection
DHCP Enabled: Yes
DHCP Server: 192.168.1.254
IP address(es)
[01]: 192.168.1.105
[02]: fe80::f9c5:c75f:edf8:42af
[02]: Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
Connection Name: Local Area Connection
Status: Media disconnected
23:54:49:368 3888 ForceUnloadDriver: NtUnloadDriver error 2
23:54:49:368 3888 ForceUnloadDriver: NtUnloadDriver error 2
23:54:49:368 3888 ForceUnloadDriver: NtUnloadDriver error 2
23:54:49:371 3888 main: Driver KLMD successfully dropped
23:54:49:386 3888 main: Driver KLMD successfully loaded
23:54:49:386 3888
Scanning Registry ...
23:54:49:401 3888 ScanServices: Searching service UACd.sys
23:54:49:401 3888 ScanServices: Open/Create key error 2
23:54:49:401 3888 ScanServices: Searching service TDSSserv.sys
23:54:49:401 3888 ScanServices: Open/Create key error 2
23:54:49:401 3888 ScanServices: Searching service gaopdxserv.sys
23:54:49:401 3888 ScanServices: Open/Create key error 2
23:54:49:401 3888 ScanServices: Searching service gxvxcserv.sys
23:54:49:401 3888 ScanServices: Open/Create key error 2
23:54:49:401 3888 ScanServices: Searching service MSIVXserv.sys
23:54:49:401 3888 ScanServices: Open/Create key error 2
23:54:49:403 3888 UnhookRegistry: Kernel module file name: C:\Windows\system32\ntkrnlpa.exe, base addr: 82A1A000
23:54:49:421 3888 UnhookRegistry: Kernel local addr: 1450000
23:54:49:426 3888 UnhookRegistry: KeServiceDescriptorTable addr: 15B89C0
23:54:49:518 3888 UnhookRegistry: KiServiceTable addr: 14BF6F0
23:54:49:518 3888 UnhookRegistry: NtEnumerateKey service number (local): 74
23:54:49:518 3888 UnhookRegistry: NtEnumerateKey local addr: 16B5A2F
23:54:49:533 3888 KLMD_OpenDevice: Trying to open KLMD device
23:54:49:533 3888 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
23:54:49:533 3888 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
23:54:49:533 3888 KLMD_ReadMem: Trying to ReadMemory 0x82A5B2A5[0x4]
23:54:49:533 3888 UnhookRegistry: NtEnumerateKey service number (kernel): 74
23:54:49:533 3888 KLMD_ReadMem: Trying to ReadMemory 0x82A898C0[0x4]
23:54:49:533 3888 UnhookRegistry: NtEnumerateKey real addr: 82C7FA2F
23:54:49:536 3888 UnhookRegistry: NtEnumerateKey calc addr: 82C7FA2F
23:54:49:536 3888 UnhookRegistry: No SDT hooks found on NtEnumerateKey
23:54:49:536 3888 KLMD_ReadMem: Trying to ReadMemory 0x82C7FA2F[0xA]
23:54:49:536 3888 UnhookRegistry: No splicing found on NtEnumerateKey
23:54:49:541 3888
Scanning Kernel memory ...
23:54:49:541 3888 KLMD_OpenDevice: Trying to open KLMD device
23:54:49:541 3888 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
23:54:49:541 3888 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
23:54:49:541 3888 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 85D84B70
23:54:49:541 3888 DetectCureTDL3: KLMD_GetDeviceObjectList returned 1 DevObjects
23:54:49:541 3888 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 85D85A18
23:54:49:541 3888 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85D85A18
23:54:49:541 3888 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 85C9C030
23:54:49:541 3888 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85C9C030
23:54:49:543 3888 KLMD_ReadMem: Trying to ReadMemory 0x85C9C030[0x38]
23:54:49:543 3888 DetectCureTDL3: DRIVER_OBJECT addr: 85C736D8
23:54:49:543 3888 KLMD_ReadMem: Trying to ReadMemory 0x85C736D8[0xA8]
23:54:49:543 3888 KLMD_ReadMem: Trying to ReadMemory 0x85C586B8[0x208]
23:54:49:543 3888 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
23:54:49:543 3888 DetectCureTDL3: IrpHandler (0) addr: 8AC1A8C4
23:54:49:543 3888 DetectCureTDL3: IrpHandler (1) addr: 82ACB437
23:54:49:543 3888 DetectCureTDL3: IrpHandler (2) addr: 8AC1A8C4
23:54:49:543 3888 DetectCureTDL3: IrpHandler (3) addr: 82ACB437
23:54:49:543 3888 DetectCureTDL3: IrpHandler (4) addr: 82ACB437
23:54:49:543 3888 DetectCureTDL3: IrpHandler (5) addr: 82ACB437
23:54:49:543 3888 DetectCureTDL3: IrpHandler (6) addr: 82ACB437
23:54:49:543 3888 DetectCureTDL3: IrpHandler (7) addr: 82ACB437
23:54:49:543 3888 DetectCureTDL3: IrpHandler (8) addr: 82ACB437
23:54:49:543 3888 DetectCureTDL3: IrpHandler (9) addr: 82ACB437
23:54:49:543 3888 DetectCureTDL3: IrpHandler (10) addr: 82ACB437
23:54:49:543 3888 DetectCureTDL3: IrpHandler (11) addr: 82ACB437
23:54:49:543 3888 DetectCureTDL3: IrpHandler (12) addr: 82ACB437
23:54:49:543 3888 DetectCureTDL3: IrpHandler (13) addr: 82ACB437
23:54:49:543 3888 DetectCureTDL3: IrpHandler (14) addr: 8AC0647C
23:54:49:543 3888 DetectCureTDL3: IrpHandler (15) addr: 8AC0644E
23:54:49:543 3888 DetectCureTDL3: IrpHandler (16) addr: 82ACB437
23:54:49:543 3888 DetectCureTDL3: IrpHandler (17) addr: 82ACB437
23:54:49:543 3888 DetectCureTDL3: IrpHandler (18) addr: 82ACB437
23:54:49:543 3888 DetectCureTDL3: IrpHandler (19) addr: 82ACB437
23:54:49:543 3888 DetectCureTDL3: IrpHandler (20) addr: 82ACB437
23:54:49:543 3888 DetectCureTDL3: IrpHandler (21) addr: 82ACB437
23:54:49:543 3888 DetectCureTDL3: IrpHandler (22) addr: 8AC064AA
23:54:49:543 3888 DetectCureTDL3: IrpHandler (23) addr: 8AC15DB2
23:54:49:543 3888 DetectCureTDL3: IrpHandler (24) addr: 82ACB437
23:54:49:543 3888 DetectCureTDL3: IrpHandler (25) addr: 82ACB437
23:54:49:543 3888 DetectCureTDL3: IrpHandler (26) addr: 82ACB437
23:54:49:543 3888 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
23:54:49:543 3888 KLMD_ReadMem: DeviceIoControl error 1
23:54:49:543 3888 TDL3_StartIoHookDetect: Unable to get StartIo handler code
23:54:49:543 3888 TDL3_FileDetect: Processing driver: atapi
23:54:49:543 3888 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\atapi.sys, C:\Windows\system32\Drivers\tsk_atapi.sys, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\tsk_atapi.sys
23:54:49:543 3888 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys
23:54:49:546 3888 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys
23:54:49:561 3888
Completed

Results:
23:54:49:561 3888 Infected objects in memory: 0
23:54:49:563 3888 Cured objects in memory: 0
23:54:49:563 3888 Infected objects on disk: 0
23:54:49:563 3888 Objects on disk cured on reboot: 0
23:54:49:563 3888 Objects on disk deleted on reboot: 0
23:54:49:563 3888 Registry nodes deleted on reboot: 0
23:54:49:566 3888


Report •

#27
December 11, 2009 at 21:44:10
Yea, a tough one...maybe we can get it identified.

Follow the directions at this link to unhide your hidden files.

Windows7 Hidden Files

Please go to Virus Total and upload the following file for analysis one at the time:


C:\Windows\System32\drivers\nvstor.sys
C:\Windows\System32\drivers\atapi.sys
C:\Windows\System32\drivers\iaStorV.sys
C:\Windows\system32\oddbse32K.dll

Use the browse button at the site to find the file, once you find the file double click it and it should appear in the empty space to the left of the browse button> click "send file".

Please run Esets online scanner from this link:

ESET

1. Note: You will need to use Internet explorer for this scan
2. Tick the box next to YES, I accept the Terms of Use.
3. Click Start
4. When asked, allow the activex control to install
5. Click Start
6. Make sure that the option Remove found threats is unticked ( I want to see what is found first), and the option Scan unwanted applications is checked
7. Click Scan
8. Wait for the scan to finish
9. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
10. Copy and paste that log in your next reply.

Post the results in your reply.


Report •

#28
December 12, 2009 at 04:20:34
Ok here are the results...

nvstor.sys

File nvstor.sys received on 2009.12.12 05:52:36 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.12.11 -
AhnLab-V3 5.0.0.2 2009.12.11 -
AntiVir 7.9.1.108 2009.12.11 -
Antiy-AVL 2.0.3.7 2009.12.11 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.11 -
AVG 8.5.0.427 2009.12.12 -
BitDefender 7.2 2009.12.12 -
CAT-QuickHeal 10.00 2009.12.12 -
ClamAV 0.94.1 2009.12.12 -
Comodo 3212 2009.12.12 -
DrWeb 5.0.0.12182 2009.12.12 -
eSafe 7.0.17.0 2009.12.10 -
eTrust-Vet 35.1.7171 2009.12.11 -
F-Prot 4.5.1.85 2009.12.11 -
F-Secure 9.0.15370.0 2009.12.12 -
Fortinet 4.0.14.0 2009.12.12 -
GData 19 2009.12.12 -
Ikarus T3.1.1.74.0 2009.12.11 -
Jiangmin 13.0.900 2009.12.12 -
K7AntiVirus 7.10.918 2009.12.11 -
Kaspersky 7.0.0.125 2009.12.12 -
McAfee 5829 2009.12.11 -
McAfee+Artemis 5829 2009.12.11 -
McAfee-GW-Edition 6.8.5 2009.12.12 -
Microsoft 1.5302 2009.12.11 -
NOD32 4680 2009.12.11 -
Norman 6.04.03 2009.12.11 -
nProtect 2009.1.8.0 2009.12.12 -
Panda 10.0.2.2 2009.12.11 -
PCTools 7.0.3.5 2009.12.12 -
Prevx 3.0 2009.12.12 -
Rising 22.25.05.03 2009.12.12 -
Sophos 4.48.0 2009.12.12 -
Sunbelt 3.2.1858.2 2009.12.12 -
Symantec 1.4.4.12 2009.12.12 -
TheHacker 6.5.0.2.091 2009.12.11 -
TrendMicro 9.100.0.1001 2009.12.12 -
VBA32 3.12.12.0 2009.12.12 -
ViRobot 2009.12.12.2084 2009.12.12 -
VirusBuster 5.0.21.0 2009.12.11 -
Additional information
File size: 142416 bytes
MD5...: c99f251a5de63c6f129cf71933aced0f
SHA1..: afc0a959f8d8a5299966dd7f8b9fed72fb728cac
SHA256: 24d48a5f5d699ab0dd4d4435f8f7c6b73a924aef8f9d1170fd644e26499546a2
ssdeep: 3072:cea+Pz6DExT5G07QiPI5RX21+VSnNdBcepj4LtVI95JU8:na+mDExNPeX8+
MNh8tVC08
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2203e
timedatestamp.....: 0x4a13a6b9 (Wed May 20 06:44:09 2009)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x18570 0x18600 6.35 4602bd359fb0909e000d033de8291261
.rdata 0x1a000 0x1b1 0x200 3.90 68daa168e0e978d11e5d8c3cb5d8a914
.data 0x1b000 0x66f0 0x6600 0.53 9ffa10902b2eae0b0e8ec95cbee70094
INIT 0x22000 0x7e2 0x800 5.16 d0ea10ded9d8afecc4b07cd3af579be2
.rsrc 0x23000 0x408 0x600 2.49 bb570fb370e74f24ddb535a2a9a1ed55
.reloc 0x24000 0xfa6 0x1000 5.38 3b0c3f61553c820a4a8beb2ce2666b14

( 2 imports )
> ntoskrnl.exe: _aullshr, _allmul, _aulldiv, RtlGetVersion, KeWaitForSingleObject, IofCallDriver, IoBuildDeviceIoControlRequest, KeInitializeEvent, memset, KeQuerySystemTime, _aulldvrm, _allshl, KeTickCount, KeBugCheckEx
> storport.sys: StorPortNotification, StorPortExtendedFunction, StorPortResume, StorPortGetLogicalUnit, StorPortPause, StorPortFreeRegistryBuffer, StorPortFreeDeviceBase, StorPortGetUncachedExtension, StorPortGetDeviceBase, StorPortRegistryRead, StorPortAllocateRegistryBuffer, StorPortSetDeviceQueueDepth, StorPortInitialize, StorPortReadPortUchar, StorPortReadPortUshort, StorPortReadPortUlong, StorPortReadPortBufferUchar, StorPortReadPortBufferUshort, StorPortReadPortBufferUlong, StorPortReadRegisterUchar, StorPortReadRegisterUshort, StorPortReadRegisterUlong, StorPortReadRegisterBufferUchar, StorPortReadRegisterBufferUshort, StorPortReadRegisterBufferUlong, StorPortWritePortUchar, StorPortWritePortUshort, StorPortWritePortUlong, StorPortWritePortBufferUchar, StorPortWritePortBufferUshort, StorPortWritePortBufferUlong, StorPortWriteRegisterUchar, StorPortWriteRegisterUshort, StorPortWriteRegisterUlong, StorPortWriteRegisterBufferUchar, StorPortWriteRegisterBufferUshort, StorPortWriteRegisterBufferUlong, StorPortGetBusData, StorPortSetBusDataByOffset, StorPortMoveMemory, StorPortGetScatterGatherList, StorPortStallExecution, StorPortGetPhysicalAddress, StorPortResumeDevice, StorPortPauseDevice, StorPortSynchronizeAccess, StorPortDebugPrint, ScsiPortMoveMemory, ScsiPortNotification

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: NVIDIA Corporation
copyright....: Copyright(C) 2001-2009 NVIDIA Corporation
product......: NVIDIA nForce(TM) SATA Driver
description..: NVIDIA_ nForce(TM) Sata Performance Driver
original name: nvstor.sys
internal name: NVIDIA nForce(TM) SATA Driver
file version.: 10.6.0.16 (NT.080820-1745)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

atapi.sys

File atapi.sys received on 2009.12.12 05:55:05 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/39 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 40 and 57 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.12.11 -
AhnLab-V3 5.0.0.2 2009.12.11 -
AntiVir 7.9.1.108 2009.12.11 -
Antiy-AVL 2.0.3.7 2009.12.11 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.11 -
AVG 8.5.0.427 2009.12.12 -
BitDefender 7.2 2009.12.12 -
CAT-QuickHeal 10.00 2009.12.12 -
ClamAV 0.94.1 2009.12.12 -
Comodo 3212 2009.12.12 -
DrWeb 5.0.0.12182 2009.12.12 -
eTrust-Vet 35.1.7171 2009.12.11 -
F-Prot 4.5.1.85 2009.12.11 -
F-Secure 9.0.15370.0 2009.12.12 -
Fortinet 4.0.14.0 2009.12.12 -
GData 19 2009.12.12 -
Ikarus T3.1.1.74.0 2009.12.11 -
Jiangmin 13.0.900 2009.12.12 -
K7AntiVirus 7.10.918 2009.12.11 -
Kaspersky 7.0.0.125 2009.12.12 -
McAfee 5829 2009.12.11 -
McAfee+Artemis 5829 2009.12.11 -
Microsoft 1.5302 2009.12.11 -
NOD32 4680 2009.12.11 -
Norman 6.04.03 2009.12.11 -
nProtect 2009.1.8.0 2009.12.12 -
Panda 10.0.2.2 2009.12.11 -
PCTools 7.0.3.5 2009.12.12 -
Prevx 3.0 2009.12.12 -
Rising 22.25.05.03 2009.12.12 -
Sophos 4.48.0 2009.12.12 -
Sunbelt 3.2.1858.2 2009.12.12 -
Symantec 1.4.4.12 2009.12.12 -
TheHacker 6.5.0.2.091 2009.12.11 -
TrendMicro 9.100.0.1001 2009.12.12 -
VBA32 3.12.12.0 2009.12.12 -
ViRobot 2009.12.12.2084 2009.12.12 -
VirusBuster 5.0.21.0 2009.12.11 -
Additional information
File size: 21584 bytes
MD5...: 338c86357871c167a96ab976519bf59e
SHA1..: e99e20970139fb1e67bbc54fa8a61c18a4fce36e
SHA256: f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6
ssdeep: 384:SN+KUt2BtUXbyTHoCtGRZjNVAsRMNSChq3BLWErUwW9Qu5VpBjbOjBMmhyMD
:adUtytUXbyTICtGjNMNbcxHJudkMmwMD
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x603e
timedatestamp.....: 0x4a5bbf13 (Mon Jul 13 23:11:15 2009)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2472 0x2600 6.22 9b9f242740c0a1c2494b23ae50935e6d
.rdata 0x4000 0xae 0x200 1.54 1833a5650ae0f8256ba78bf8ed79d6e1
.data 0x5000 0xc 0x200 0.18 7c80b151582aa6280e754b477343e54e
INIT 0x6000 0x38c 0x400 4.66 392ce67c807da67e018ad9cf892fde4c
.rsrc 0x7000 0x3f0 0x400 3.41 ecb60c1c006d2813169c8bcfe271a200
.reloc 0x8000 0xd2 0x200 2.47 035f51da8bf9893e51952ac185994f14

( 2 imports )
> ataport.SYS: AtaPortNotification, AtaPortQuerySystemTime, AtaPortReadPortUchar, AtaPortStallExecution, AtaPortWritePortUchar, AtaPortWritePortUlong, AtaPortGetPhysicalAddress, AtaPortConvertPhysicalAddressToUlong, AtaPortGetScatterGatherList, AtaPortGetParentBusType, AtaPortRequestCallback, AtaPortWritePortBufferUshort, AtaPortGetUnCachedExtension, AtaPortCompleteRequest, AtaPortCopyMemory, AtaPortEtwTraceLog, AtaPortCompleteAllActiveRequests, AtaPortReleaseRequestSenseIrb, AtaPortBuildRequestSenseIrb, AtaPortReadPortBufferUshort, AtaPortInitialize, AtaPortGetDeviceBase, AtaPortDeviceStateChange
> NTOSKRNL.exe: KeTickCount

( 0 exports )
RDS...: NSRL Reference Data Set
-
trid..: Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
pdfid.: -
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: ATAPI IDE Miniport Driver
original name: atapi.sys
internal name: atapi.sys
file version.: 6.1.7600.16385 (win7_rtm.090713-1255)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


Report •

#29
December 12, 2009 at 04:21:38
iaStorV.sys

File iaStorV.sys received on 2009.12.12 06:00:01 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 40 and 57 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.12.11 -
AhnLab-V3 5.0.0.2 2009.12.11 -
AntiVir 7.9.1.108 2009.12.11 -
Antiy-AVL 2.0.3.7 2009.12.11 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.11 -
AVG 8.5.0.427 2009.12.12 -
BitDefender 7.2 2009.12.12 -
CAT-QuickHeal 10.00 2009.12.12 -
ClamAV 0.94.1 2009.12.12 -
Comodo 3212 2009.12.12 -
DrWeb 5.0.0.12182 2009.12.12 -
eSafe 7.0.17.0 2009.12.10 -
eTrust-Vet 35.1.7171 2009.12.11 -
F-Prot 4.5.1.85 2009.12.11 -
F-Secure 9.0.15370.0 2009.12.12 -
Fortinet 4.0.14.0 2009.12.12 -
GData 19 2009.12.12 -
Ikarus T3.1.1.74.0 2009.12.11 -
Jiangmin 13.0.900 2009.12.12 -
K7AntiVirus 7.10.918 2009.12.11 -
Kaspersky 7.0.0.125 2009.12.12 -
McAfee 5829 2009.12.11 -
McAfee+Artemis 5829 2009.12.11 -
McAfee-GW-Edition 6.8.5 2009.12.12 -
Microsoft 1.5302 2009.12.11 -
NOD32 4680 2009.12.11 -
Norman 6.04.03 2009.12.11 -
nProtect 2009.1.8.0 2009.12.12 -
Panda 10.0.2.2 2009.12.11 -
PCTools 7.0.3.5 2009.12.12 -
Prevx 3.0 2009.12.12 -
Rising 22.25.05.03 2009.12.12 -
Sophos 4.48.0 2009.12.12 -
Sunbelt 3.2.1858.2 2009.12.12 -
Symantec 1.4.4.12 2009.12.12 -
TheHacker 6.5.0.2.091 2009.12.11 -
TrendMicro 9.100.0.1001 2009.12.12 -
VBA32 3.12.12.0 2009.12.12 -
ViRobot 2009.12.12.2084 2009.12.12 -
VirusBuster 5.0.21.0 2009.12.11 -
Additional information
File size: 332352 bytes
MD5...: 934af4d7c5f457b9f0743f4299b77b67
SHA1..: ccd3fcf65cad447c9b676996254b93f2a81cdab1
SHA256: f232554352bb7cd716d6173fc1ab2661e49480994bb22e9a6fe7a33b51f0a51b
ssdeep: 6144:sNrolrYkJ9K1DMkCVJrUczOXPXnnDkz5XgGHtldCl7cI:s6JJ43CVJzO/Dk
ziGHtl0F
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xd6005
timedatestamp.....: 0x49dcd6e2 (Wed Apr 08 16:54:58 2009)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4985c 0x49a00 6.48 13646c384f32c0398c8643e88b90eb52
.rdata 0x4b000 0xc3c 0xe00 5.05 08ce8a67367337d5626e536f9d65666a
.data 0x4c000 0x89c38 0x1000 4.84 f2cb9df10bdf195b52f8e615a49a43ce
INIT 0xd6000 0xef8 0x1000 5.35 37c43c3cf912c3a0799e0f9f3ecce575
.rsrc 0xd7000 0x458 0x600 2.61 30d185a9b9e0fecee9dad52912c9b4f7
.reloc 0xd8000 0x2324 0x2400 5.49 1ce4835312cf786e8d2b7a1108c79379

( 2 imports )
> ntoskrnl.exe: ZwOpenKey, DbgPrint, _allmul, IofCompleteRequest, KeSetEvent, PoSetPowerState, _aullshr, MmIsAddressValid, KeWaitForSingleObject, IoFreeWorkItem, IoUnregisterPlugPlayNotification, ObfDereferenceObject, IofCallDriver, IoBuildDeviceIoControlRequest, KeInitializeEvent, memcpy, IoGetDeviceObjectPointer, IoQueueWorkItem, IoAllocateWorkItem, IoRegisterPlugPlayNotification, KeClearEvent, WRITE_REGISTER_ULONG, READ_REGISTER_ULONG, ObReferenceObjectByHandle, KeQueryTimeIncrement, KeTickCount, _aulldiv, KeDelayExecutionThread, MmGetPhysicalAddress, KeCancelTimer, KeSetTimerEx, KeInitializeTimerEx, memmove, KeSetTimer, KeInitializeDpc, KeInitializeTimer, strncpy, strncmp, _purecall, sprintf, InterlockedPopEntrySList, InterlockedPushEntrySList, RtlCompareMemory, KeBugCheckEx, IoInvalidateDeviceRelations, RtlWriteRegistryValue, RtlDeleteRegistryValue, IoOpenDeviceRegistryKey, ExSystemTimeToLocalTime, KeQuerySystemTime, MmUnmapIoSpace, MmMapIoSpace, ZwCreateKey, swprintf, KeLeaveCriticalRegion, KeEnterCriticalRegion, MmMapLockedPagesSpecifyCache, ExDeleteNPagedLookasideList, KeBugCheck, PsTerminateSystemThread, KeWaitForMultipleObjects, KeSetPriorityThread, PsCreateSystemThread, ExInitializeNPagedLookasideList, ZwQueryValueKey, _aulldvrm, PoRequestPowerIrp, PoStartNextPowerIrp, PoCallDriver, IoReleaseRemoveLockEx, IoAcquireRemoveLockEx, IoFreeIrp, IoGetLowerDeviceObject, IoGetAttachedDeviceReference, IoAllocateIrp, strstr, RtlGetVersion, _alldiv, IoDeleteSymbolicLink, IoAttachDeviceToDeviceStack, IoCreateSymbolicLink, IoCsqInitialize, IoInitializeRemoveLockEx, IoCreateDevice, RtlUnicodeStringToInteger, wcsncpy, wcsstr, IoRegisterDeviceInterface, IoDeleteDevice, IoDetachDevice, _wcsupr, IoGetDeviceProperty, ZwCreateDirectoryObject, ExRegisterCallback, ExCreateCallback, IoConnectInterrupt, IoReportResourceForDetection, ExUnregisterCallback, IoDisconnectInterrupt, IoReleaseRemoveLockAndWaitEx, IoGetConfigurationInformation, IoSetDeviceInterfaceState, KeRemoveQueueDpc, IoCsqInsertIrp, IoCsqRemoveNextIrp, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, strncat, RtlAnsiStringToUnicodeString, RtlInitAnsiString, ObfReferenceObject, PoRegisterDeviceForIdleDetection, IoInvalidateDeviceState, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, KeInsertQueueDpc, IoInitializeWorkItem, IoSizeofWorkItem, IoGetDmaAdapter, RtlFreeUnicodeString, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, IoRequestDeviceEject, IoUninitializeWorkItem, RtlCreateRegistryKey, RtlCopyUnicodeString, RtlUnwind, ZwClose, memset, RtlInitUnicodeString, ExAllocatePoolWithTag, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, RtlQueryRegistryValues, _aullrem, ExFreePoolWithTag
> HAL.dll: KeAcquireInStackQueuedSpinLock, KfAcquireSpinLock, KfReleaseSpinLock, ExAcquireFastMutex, ExReleaseFastMutex, KeGetCurrentIrql, KeStallExecutionProcessor, KeReleaseInStackQueuedSpinLock

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Intel Corporation
copyright....: Copyright(C) Intel Corporation 1994-2008
product......: Intel Matrix Storage Manager driver
description..: Intel Matrix Storage Manager driver - ia32
original name: iaStor.sys
internal name: iaStor.sys
file version.: 8.6.2.1012
comments.....: -ia32
signers......: -
signing date.: -
verified.....: Unsigned

oddbse32K.dll

File oddbse32.dll received on 2009.12.12 06:02:08 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 70 and 100 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.12.11 -
AhnLab-V3 5.0.0.2 2009.12.11 -
AntiVir 7.9.1.108 2009.12.11 -
Antiy-AVL 2.0.3.7 2009.12.11 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.11 -
AVG 8.5.0.427 2009.12.12 -
BitDefender 7.2 2009.12.12 -
CAT-QuickHeal 10.00 2009.12.12 -
ClamAV 0.94.1 2009.12.12 -
Comodo 3212 2009.12.12 -
DrWeb 5.0.0.12182 2009.12.12 -
eSafe 7.0.17.0 2009.12.10 -
eTrust-Vet 35.1.7171 2009.12.11 -
F-Prot 4.5.1.85 2009.12.11 -
F-Secure 9.0.15370.0 2009.12.12 -
Fortinet 4.0.14.0 2009.12.12 -
GData 19 2009.12.12 -
Ikarus T3.1.1.74.0 2009.12.11 -
Jiangmin 13.0.900 2009.12.12 -
K7AntiVirus 7.10.918 2009.12.11 -
Kaspersky 7.0.0.125 2009.12.12 -
McAfee 5829 2009.12.11 -
McAfee+Artemis 5829 2009.12.11 -
McAfee-GW-Edition 6.8.5 2009.12.12 -
Microsoft 1.5302 2009.12.11 -
NOD32 4680 2009.12.11 -
Norman 6.04.03 2009.12.11 -
nProtect 2009.1.8.0 2009.12.12 -
Panda 10.0.2.2 2009.12.11 -
PCTools 7.0.3.5 2009.12.12 -
Prevx 3.0 2009.12.12 -
Rising 22.25.05.03 2009.12.12 -
Sophos 4.48.0 2009.12.12 -
Sunbelt 3.2.1858.2 2009.12.12 -
Symantec 1.4.4.12 2009.12.12 -
TheHacker 6.5.0.2.091 2009.12.11 -
TrendMicro 9.100.0.1001 2009.12.12 -
VBA32 3.12.12.0 2009.12.12 -
ViRobot 2009.12.12.2084 2009.12.12 -
VirusBuster 5.0.21.0 2009.12.11 -
Additional information
File size: 20480 bytes
MD5...: 74f6b38ca5a43a588c2a5f01e2fd77a2
SHA1..: dd1be249464cad0f1d420cd3ffaa6df39de326aa
SHA256: 30d95c6e45754d09c8eff59a70db7472984b654b44f007d5a422e4d62448391f
ssdeep: 96:zxmlpK1KWsej2zwAEvk8tgEBwVADxWulVAM6AqEW3pLWwyIvl8:zxJHsejnAA
kzcEaVT6A3W3pLWIvl
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x174d
timedatestamp.....: 0x4a5bcd5b (Tue Jul 14 00:12:11 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xe1a 0x1000 5.53 f807c9690915beb3d975b3c98aa3849d
.data 0x2000 0x350 0x1000 0.05 7ff1462d0cbd28b41ccec9ea82a87255
.rsrc 0x3000 0x408 0x1000 1.11 83005998c5bca7899a9b83bdc416356f
.reloc 0x4000 0x148 0x1000 0.67 4b5446bab0d07c6ccb615ef34dbba075

( 3 imports )
> msvcrt.dll: _except_handler4_common, _amsg_exit, _initterm, free, malloc, _XcptFilter
> KERNEL32.dll: Sleep, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, InterlockedCompareExchange, MultiByteToWideChar, InterlockedExchange
> odbcjt32.dll: -

( 1 exports )
ConfigDSNW
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: ODBC (3.0) driver for DBase
original name: oddbse32.dll
internal name: oddbse32.dll
file version.: 6.1.7600.16385 (win7_rtm.090713-1255)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


Eset

C:\Program Files\MAGIX\Xtreme_Web_Designer_5_Download_Version\magix.xtreme.web.designer.5.0.10354-mpt.exe probably a variant of Win32/HackTool.Patcher.A application
C:\Program Files\RegAce\RegAce.exe probably a variant of Win32/HackTool.Patcher.A application
C:\Users\Dustin\Downloads\WebDesign Software\MAGIX_Xtreme_Web_Designer_5.0.10354.rar probably a variant of Win32/HackTool.Patcher.A application


Report •

#30
December 12, 2009 at 08:07:19
By any chance is this program a cracked version:

IDM Computer Solutions


Report •

#31
December 12, 2009 at 15:18:02
Ya its a cracked program.. you think thats the cause?

Report •

#32
December 12, 2009 at 15:56:24
I think so, there is just nothing else showing up. It could be from your p2p program utorrent or a completely new variant. I suspect these but there is no way to be positive that they are the problem as there is little to no info on the primary .dll :


C:\Users\Dustin\AppData\Roaming\IDMComp
C:\Users\Dustin\AC94B85D500D4B98ADE53E391934BB0A.TMP
C:\Program Files\IDM Computer Solutions
C:\Users\Dustin\D9E839BE66FC48C9BF97DB2802197EA7.TMP
C:\Windows\System32\oddbse32K.dll

You might want to uninstall them.

Then run TFC a very good temp file cleaner.

Please download TFC by Old Timer and save it to your desktop.
TFC by OldTimer

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately.


Report •

#33
December 12, 2009 at 17:19:55
Well sir I followed your instructions as good as I could. And I think we beat the sucker! Whatever it was, it seems to be gone. No more redirecting on Google anymore.....but

Theres always a but...

My internet speed does seem kind of slow. I don't know if its because its one of those rainy nights Florida. But maybe theres a way to boost it up??

And I have one more question. My laptop has a battery that does not charge up all the way. At one point it only charged to 67%. Than I noticed it was only charging too 32%. And now, a few months later, notice its up to 83%. Any clue on why this is happening and how I can get it to 100% and stay there?


Report •

#34
December 12, 2009 at 17:51:50
There were some recalls a month or two back on laptop batteries, you might do some google'in and see if yours was a recall. Also run the battery all the way down a time or two and see if the % of charge increases after doing that a few time.

I think my internet is slower after installing Firefox 3.5 maybe that.

A little clean-up to do.

Delete RSIT, GMER, TDSS.exe, mBR.exe, GooredFix ,OTL and Win32kDiag from your desktop

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.


Report •

#35
December 12, 2009 at 19:16:13
Ok I did everything but I could not Uninstall Combo-Fix


I get an error that says "Combo-Fix.exe: Windows cannot find 'Combo-Fix.exe'. Make sure you typed the name correctly, and then try again.


Report •

#36
December 12, 2009 at 22:23:39
Delete the Combofix icon from your desktop. Then navigate to and delete these files/folders.


C:\ Qoobox
C:\32788R22FWJFW
C:\Combo-Fix.txt

That should remove ComboFix.


Report •


Ask Question