Valued Member
hello,
all of a sudden yesterday my computer decided that my internet connection is untrusted and i get an error message on startup of firefoxi cannot access anything with https. gmail, facebook, hotmail, online banking etc.
i have kaspersky internet security 2011 (i get a years free because i bank with barclays bank) whenever i try to log in to anything like this i get the following page.
after searching the internet i have stopped the first error by uninstalling IEtab plus add on that installed the superfish. i have only included that as i may not have got rid of it all together.
now i have done a malwarebytes scan, a kaspersky scan and a spybot s&d scan before coming here for help and they found nothing,
Malwarebytes' Anti-Malware 1.50
Malwarebytes
Database version: 5325
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
16/12/2010 09:41:41
mbam-log-2010-12-16 (09-41-41).txt
Scan type: Quick scan
Objects scanned: 154555
Time elapsed: 5 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit quick scan 2010-12-16 10:16:19
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\0000007a SAMSUNG_HD300LJ rev.ZT100-13
Running: z4mhnn1c.exe; Driver: C:\DOCUME~1\Gavin\LOCALS~1\Temp\uwldqkob.sys
---- System - GMER 1.0.15 ----
SSDT sptd.sys ZwEnumerateKey [0xB81FAFB2]
SSDT sptd.sys ZwEnumerateValueKey [0xB81FB340]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 [B80A9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 [B80A9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B80A9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B80A9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-12 [B80A9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\a8w9y73l \Device\Scsi\a8w9y73l1 8B0BF790
Device \FileSystem\Ntfs \Ntfs 8B1831E8
---- EOF - GMER 1.0.15 ----
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000077c
Kernel Drivers (total 145):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7A85000 kl1.sys
0xB799B000 sptd.sys
0xB85AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB7983000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB7955000 ACPI.sys
0xB7944000 pci.sys
0xB80A8000 ohci1394.sys
0xB80B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB80C8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7925000 ftdisk.sys
0xB85AC000 dmload.sys
0xB78FF000 dmio.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB78E7000 atapi.sys
0xB78CE000 nvata.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB78AE000 fltmgr.sys
0xB789C000 sr.sys
0xB8338000 PxHelp20.sys
0xB7885000 KSecDD.sys
0xB7872000 WudfPf.sys
0xB77E5000 Ntfs.sys
0xB77B8000 NDIS.sys
0xB8118000 RapportKELL.sys
0xB85AE000 \WINDOWS\System32\Drivers\USBD.SYS
0xB779E000 Mup.sys
0xB8308000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xB4CB7000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB4CA3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB4C3B000 \SystemRoot\System32\Drivers\at6h2nbv.SYS
0xB58CD000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB4C17000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB58C5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8318000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8148000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
0xB6E46000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB6E36000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB4BF4000 \SystemRoot\system32\DRIVERS\ks.sys
0xB58BD000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB4BC6000 \SystemRoot\system32\DRIVERS\hcwPP2.sys
0xB4B87000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB4A95000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB49E3000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xB58B5000 \SystemRoot\System32\Drivers\Modem.SYS
0xB49BB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB6E26000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB48D1000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB58AD000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB6E16000 \SystemRoot\system32\DRIVERS\serial.sys
0xB7746000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB48BD000 \SystemRoot\system32\DRIVERS\parport.sys
0xB6E06000 \SystemRoot\system32\DRIVERS\klim5.sys
0xB86D6000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB6DF6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7742000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB48A6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB6DE6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB6DD6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB58A5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB4895000 \SystemRoot\system32\DRIVERS\psched.sys
0xB6DC6000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB47D1000 \SystemRoot\System32\drivers\dmboot.sys
0xB8480000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8488000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB47A1000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB6DB6000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8490000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8498000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB84A0000 \SystemRoot\system32\DRIVERS\seehcri.sys
0xB85F0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB4743000 \SystemRoot\system32\DRIVERS\update.sys
0xB73E1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xAF457000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAF447000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xABC7C000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xABC58000 \SystemRoot\system32\drivers\portcls.sys
0xAF427000 \SystemRoot\system32\drivers\drmk.sys
0xAB88C000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xA8915000 \SystemRoot\system32\DRIVERS\klif.sys
0xB85E0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA8EF9000 \SystemRoot\System32\Drivers\Null.SYS
0xB85E2000 \SystemRoot\System32\Drivers\Beep.SYS
0xA92AA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA92A2000 \SystemRoot\System32\drivers\vga.sys
0xB85E4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85E6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA929A000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA9292000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAFB48000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA928A000 \SystemRoot\system32\DRIVERS\kl2.sys
0xA40B3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA40AB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA2C30000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA2BD7000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA2BB1000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA2B89000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA3EB6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA2B67000 \SystemRoot\System32\drivers\afd.sys
0xA3EA6000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA2B3C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA2AEB000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
0xA40A3000 \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\1 9917\RapportCerberus_19917.sys
0xA2A7B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA3E86000 \SystemRoot\System32\Drivers\Fips.SYS
0xA3454000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA353A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA344C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA409B000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xA352A000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xA2A0A000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xA3448000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA393F000 \SystemRoot\system32\DRIVERS\point32.sys
0xA351A000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0xA34EA000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA29F1000 \SystemRoot\System32\Drivers\dump_nvata.sys
0xB85CC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA3146000 \SystemRoot\System32\drivers\Dxapi.sys
0xA3927000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xA396A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA1E97000 \SystemRoot\system32\drivers\wdmaud.sys
0xB8278000 \SystemRoot\system32\drivers\sysaudio.sys
0xB8626000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA1ABE000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8654000 \SystemRoot\system32\drivers\MSPQM.sys
0xA1A9E000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA199E000 \SystemRoot\system32\DRIVERS\srv.sys
0xB83B0000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xA055B000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA30CC000 \SystemRoot\system32\DRIVERS\DKRtWrt.sys
0xA0656000 \SystemRoot\System32\drivers\dgderdrv.sys
0xA051B000 \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 48):
0 System Idle Process
4 SYSTEM
976 C:\WINDOWS\system32\smss.exe
1032 csrss.exe
1056 C:\WINDOWS\system32\winlogon.exe
1108 C:\WINDOWS\system32\services.exe
1144 C:\WINDOWS\system32\savedump.exe
1152 C:\WINDOWS\system32\lsass.exe
1320 C:\WINDOWS\system32\nvsvc32.exe
1380 C:\WINDOWS\system32\svchost.exe
1436 svchost.exe
1568 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
1660 C:\WINDOWS\system32\svchost.exe
1756 C:\WINDOWS\system32\svchost.exe
1940 svchost.exe
296 C:\WINDOWS\explorer.exe
356 C:\WINDOWS\system32\spoolsv.exe
788 C:\WINDOWS\ehome\ehtray.exe
820 C:\WINDOWS\system32\rundll32.exe
844 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
904 C:\WINDOWS\system32\ctfmon.exe
968 C:\Program Files\Windows Media Player\wmpnscfg.exe
1480 C:\WINDOWS\ehome\RMSysTry.exe
1992 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
680 svchost.exe
736 C:\WINDOWS\system32\dgdersvc.exe
760 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
1328 C:\WINDOWS\ehome\ehrecvr.exe
676 C:\WINDOWS\ehome\ehSched.exe
1008 C:\WINDOWS\system32\FsUsbExService.Exe
1560 C:\WINDOWS\system32\svchost.exe
2020 C:\WINDOWS\ehome\RMSvc.exe
2680 svchost.exe
2872 C:\WINDOWS\system32\svchost.exe
3012 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3272 McrdSvc.exe
3348 svchost.exe
3492 wmpnetwk.exe
3696 C:\WINDOWS\system32\wuauclt.exe
2836 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
4040 C:\WINDOWS\ehome\ehmsas.exe
3488 alg.exe
3544 wmiprvse.exe
3864 C:\Program Files\Mozilla Firefox\firefox.exe
2848 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
3648 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
4064 C:\WINDOWS\system32\dllhost.exe
4008 C:\Documents and Settings\Gavin\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive1 Model Number: SAMSUNGHD300LJ, Rev: ZT100-13
PhysicalDrive0 Model Number: SAMSUNGHD753LJ, Rev: 1AA01110
Size Device Name MBR Status
--------------------------------------------
279 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
698 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
DDS (Ver_10-12-12.02) - NTFSx86
Run by Gavin at 10:12:10.82 on 16/12/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2559.1918 [GMT 0:00]
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
============== Running Processes ===============
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\ehome\RMSysTry.exe
svchost.exe
C:\WINDOWS\system32\dgdersvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\ehome\RMSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Gavin\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe " -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ext end~1.lnk - c:\windows\ehome\RMSysTry.exe
IE: &Search - http://tbedits.iwon.com/one-toolbare...D&n=2010100815
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269386687294
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269435345046
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\docume~1\alluse~1\avp11\mzvkbd3.dll,c:\docume~1 \alluse~1\avp11\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 SpywareInfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\gavin\applic~1\mozilla\firefox\profile s\xi50dzki.default\
FF - prefs.js: browser.search.selectedEngine - The Pirate Bay - Seeders
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnI=I%27m+Feeling+Lucky&q=
FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\comp onents\abhelperxpcom.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\compone nts\kavlinkfilter.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Clean And Close: clean_and_close@csb7.com - %profile%\extensions\clean_and_close@csb7.com
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
FF - Ext: Facebook Chat History Manager: fbchathistory@firechm.com - %profile%\extensions\fbchathistory@firechm.com
============= SERVICES / DRIVERS ===============
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R0 RapportKELL;RapportKELL;c:\windows\system32\driver s\RapportKELL.sys [2010-10-3 59240]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-12-2 475736]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\doc uments and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\1 9917\RapportCerberus_19917.sys [2010-10-3 34792]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-10-25 95568]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\ FsUsbExService.Exe [2010-9-8 233472]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgde rdrv.sys [2010-10-25 18120]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWr t.sys [2010-4-11 41120]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbE xDisk.Sys [2010-9-8 36640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-4-11 27632]
S2 AntiVirMailService;Avira AntiVir MailGuard;"c:\program files\avira\antivir desktop\avmailc.exe" --> c:\program files\avira\antivir desktop\avmailc.exe [?]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\avira\antivir desktop\sched.exe" --> c:\program files\avira\antivir desktop\sched.exe [?]
S2 AntiVirService;Avira AntiVir Guard;"c:\program files\avira\antivir desktop\avguard.exe" --> c:\program files\avira\antivir desktop\avguard.exe [?]
S2 AntiVirWebService;Avira AntiVir WebGuard;"c:\program files\avira\antivir desktop\avwebgrd.exe" --> c:\program files\avira\antivir desktop\AVWEBGRD.EXE [?]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgn tflt.sys --> c:\windows\system32\drivers\avgntflt.sys [?]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-7-1 352976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDB us.sys [2009-11-17 93848]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\genericmount.sy s --> c:\windows\system32\drivers\GenericMount.sys [?]
S3 PORTIO64;PORTIO64;c:\documents and settings\gavin\desktop\jungleflasher v0.1.76 beta (166)\portio32.sys [2010-11-26 2560]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2010-4-2 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2010-4-2 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2010-4-2 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2010-4-2 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2010-4-2 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sy s [2010-4-2 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2010-4-2 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-4-2 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-4-2 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-4-2 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-4-2 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-4-2 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sy s [2010-4-2 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-4-2 117544]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-11-6 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-11-6 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-11-6 121576]
S3 vdrive;vdrive;c:\windows\system32\drivers\vdrive.s ys --> c:\windows\system32\drivers\vdrive.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-12-15 18:12:55 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 18:12:03 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-07 08:48:20 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-07 08:48:20 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-06 20:00:01 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-12-06 13:58:56 2496715 ----a-w- c:\windows\system32\abgx360.exe
2010-12-02 16:47:05 109240 ----a-w- c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\comp onents\abhelperxpcom.dll
2010-12-02 16:46:59 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\compone nts\kavlinkfilter.dll
2010-12-02 15:48:02 -------- d--h--we c:\documents and settings\all users\AVP11
2010-12-02 15:47:52 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2010-12-02 15:47:52 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2010-12-02 15:46:34 -------- d-----w- c:\program files\Kaspersky Lab
2010-12-02 15:46:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2010-12-02 15:45:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2010-11-30 11:15:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-11-26 19:25:42 -------- d-----w- c:\program files\mIRC
2010-11-26 15:33:57 -------- d-----w- c:\docume~1\gavin\applic~1\Malwarebytes
2010-11-26 15:32:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-26 15:32:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-26 15:32:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-26 15:32:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-26 14:54:49 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2010-11-26 14:54:49 22 --sha-w- c:\docume~1\gavin\applic~1\Sys6925.Config Collection.sys
2010-11-26 14:53:05 -------- d-----w- c:\program files\jv16 PowerTools 2010
2010-11-26 14:52:21 -------- d-----w- c:\program files\CCleaner
2010-11-25 19:48:27 -------- d-----w- c:\docume~1\gavin\locals~1\applic~1\Temp
2010-11-23 16:51:10 -------- d-----w- c:\docume~1\gavin\applic~1\mIRC
2010-11-18 18:12:44 81920 -c----w- c:\windows\system32\dllcache\isign32.dll
2010-11-16 17:33:11 -------- d-----w- c:\docume~1\gavin\applic~1\abgx360
2010-11-16 17:31:03 -------- d-----w- c:\program files\abgx360
==================== Find3M ====================
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34:11 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34:11 17408 ------w- c:\windows\system32\corpol.dll
2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-25 09:07:48 95568 ----a-w- c:\windows\system32\dgdersvc.exe
2010-10-25 09:07:48 763216 ----a-w- c:\windows\system32\dgderapi.dll
2010-10-25 09:07:48 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2010-10-25 09:03:52 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
============= FINISH: 10:12:47.23 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 22/03/2010 23:25:22
System Uptime: 16/12/2010 10:07:01 (0 hours ago)
Motherboard: C51PVGM-GB | | C51PVGM-GB
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket M2 | 2210/201mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 279 GiB total, 206.931 GiB free.
D: is CDROM ()
E: is Removable
F: is FIXED (NTFS) - 699 GiB total, 8.739 GiB free.
G: is Removable
I: is Removable
J: is Removable
K: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID:
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\FF691F030AE6
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\FF691F030AE6
Service: NIC1394
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&22A8B291&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce 10/100 Mbps Ethernet #2
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&22A8B291&0&00
Service: NVENETFD
==== System Restore Points ===================
RP215: 26/11/2010 14:55:00 - Software Distribution Service 3.0
RP216: 26/11/2010 14:55:00 - System Checkpoint
RP217: 26/11/2010 14:54:59 - System Checkpoint
RP218: 26/11/2010 14:54:59 - System Checkpoint
RP219: 26/11/2010 14:54:59 - System Checkpoint
RP220: 26/11/2010 14:54:58 - System Checkpoint
RP221: 26/11/2010 14:54:58 - System Checkpoint
RP222: 08/09/2010 20:22:02 - Installed Kies
RP223: 26/11/2010 14:54:58 - Removed Kies
RP224: 09/09/2010 19:57:37 - Installed Kies
RP225: 26/11/2010 14:54:58 - System Checkpoint
RP226: 26/11/2010 14:54:57 - System Checkpoint
RP227: 26/11/2010 14:54:57 - Software Distribution Service 3.0
RP228: 26/11/2010 14:54:57 - System Checkpoint
RP229: 26/11/2010 14:54:56 - System Checkpoint
RP230: 26/11/2010 14:54:56 - System Checkpoint
RP231: 26/11/2010 14:54:56 - Software Distribution Service 3.0
RP232: 26/11/2010 14:54:55 - System Checkpoint
RP233: 26/11/2010 14:54:55 - System Checkpoint
RP234: 26/11/2010 14:54:55 - System Checkpoint
RP235: 26/11/2010 14:54:55 - System Checkpoint
RP236: 26/11/2010 14:54:54 - System Checkpoint
RP237: 26/11/2010 14:54:54 - System Checkpoint
RP238: 26/11/2010 14:54:54 - System Checkpoint
RP239: 26/11/2010 14:54:54 - System Checkpoint
RP240: 26/11/2010 14:54:53 - Removed Kies
RP241: 08/10/2010 20:25:26 - Installed Kies
RP242: 26/11/2010 14:54:53 - System Checkpoint
RP243: 26/11/2010 14:54:53 - Removed Kies
RP244: 10/10/2010 10:57:09 - Installed Kies
RP245: 26/11/2010 14:54:51 - System Checkpoint
RP246: 26/11/2010 14:54:51 - Removed Kies
RP247: 16/10/2010 13:11:26 - Installed Kies
RP248: 26/11/2010 14:54:50 - System Checkpoint
RP249: 26/11/2010 14:54:50 - System Checkpoint
RP250: 26/11/2010 14:54:49 - Installed Rapport
RP251: 26/11/2010 14:54:48 - Software Distribution Service 3.0
RP252: 26/11/2010 14:54:48 - System Checkpoint
RP253: 26/11/2010 14:54:47 - Installed Steam
RP254: 26/11/2010 14:54:47 - Installed DirectX
RP255: 26/11/2010 14:54:46 - System Checkpoint
RP256: 26/11/2010 14:54:45 - System Checkpoint
RP257: 26/11/2010 14:54:45 - System Checkpoint
RP258: 26/11/2010 14:54:44 - Installed FMRTE
RP259: 26/11/2010 14:54:44 - System Checkpoint
RP260: 26/11/2010 14:54:43 - Software Distribution Service 3.0
RP261: 26/11/2010 14:54:43 - Installed FMRTE
RP262: 26/11/2010 14:54:43 - System Checkpoint
RP263: 26/11/2010 14:54:43 - System Checkpoint
RP264: 26/11/2010 14:54:42 - System Checkpoint
RP265: 26/11/2010 14:54:42 - Installed FMRTE
RP266: 26/11/2010 14:54:42 - System Checkpoint
RP267: 26/11/2010 14:54:41 - System Checkpoint
RP268: 26/11/2010 14:54:41 - System Checkpoint
RP269: 26/11/2010 14:54:41 - System Checkpoint
RP270: 26/11/2010 14:54:40 - Before uninstalling Kies
RP271: 26/11/2010 14:54:40 - Removed Kies
RP272: 06/11/2010 09:52:35 - Installed Kies
RP273: 26/11/2010 14:54:40 - Before uninstalling IWON
RP274: 26/11/2010 14:54:39 - Before uninstalling MyFreeCodec
RP275: 26/11/2010 14:54:39 - Before uninstalling MyFreeCodec
RP276: 26/11/2010 14:54:39 - Before uninstalling Veetle TV 0.9.18
RP277: 26/11/2010 14:54:38 - System Checkpoint
RP278: 26/11/2010 14:54:38 - System Checkpoint
RP279: 26/11/2010 14:54:38 - System Checkpoint
RP280: 26/11/2010 14:54:38 - Software Distribution Service 3.0
RP281: 26/11/2010 14:54:37 - Installed FMRTE
RP282: 26/11/2010 14:54:37 - Installed DirectX
RP283: 26/11/2010 14:54:36 - System Checkpoint
RP284: 26/11/2010 14:54:36 - System Checkpoint
RP285: 26/11/2010 14:54:36 - Installed FMRTE
RP286: 26/11/2010 14:54:35 - System Checkpoint
RP287: 26/11/2010 14:54:35 - System Checkpoint
RP288: 26/11/2010 14:54:35 - Installed FMRTE
RP289: 26/11/2010 14:54:35 - System Checkpoint
RP290: 26/11/2010 14:54:34 - System Checkpoint
RP291: 26/11/2010 14:54:34 - System Checkpoint
RP292: 26/11/2010 14:54:34 - System Checkpoint
RP293: 26/11/2010 14:54:33 - System Checkpoint
RP294: 26/11/2010 14:54:33 - System Checkpoint
RP295: 24/11/2010 02:18:45 - System Checkpoint
RP296: 26/11/2010 12:28:58 - System Checkpoint
RP297: 28/11/2010 21:26:37 - System Checkpoint
RP298: 30/11/2010 10:39:28 - Before uninstalling Avira AntiVir Premium
RP299: 30/11/2010 11:15:20 - avast! Free Antivirus Setup
RP300: 02/12/2010 12:16:27 - System Checkpoint
RP301: 02/12/2010 15:43:02 - Before uninstalling avast! Free Antivirus
RP302: 02/12/2010 15:43:22 - avast! Free Antivirus Setup
RP303: 02/12/2010 15:46:20 - Installed Kaspersky Internet Security 2011.
RP304: 02/12/2010 1617 - Before uninstalling Kaspersky Internet Security 2011
RP305: 05/12/2010 1144 - System Checkpoint
RP306: 06/12/2010 11:37:00 - System Checkpoint
RP307: 06/12/2010 20:00:01 - SPTD setup V1.50
RP308: 06/12/2010 20:47:21 - Installed FMRTE
RP309: 07/12/2010 08:47:50 - Restore Operation
RP310: 08/12/2010 09:38:53 - System Checkpoint
RP311: 09/12/2010 10:51:26 - System Checkpoint
RP312: 10/12/2010 17:28:03 - System Checkpoint
RP313: 15/12/2010 18:14:21 - Software Distribution Service 3.0
RP314: 16/12/2010 09:57:00 - Software Distribution Service 3.0
==== Installed Programs ======================
abgx360 v1.0.5
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
µTorrent
CCleaner
Diskeeper 2010 Pro Premier
Driving Test Success - All Tests (2008-2009)
EASEUS Data Recovery Wizard Free Edition 5.0.1
EPSON Attach To Email
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
FMRTE
Football Manager 2010
Football Manager 2011
Football Manager 2011 Demo
Hauppauge WinTV-PVR 150 Drivers
Hauppauge WinTV Radio
Hauppauge WinTV Scheduler
Hauppauge WinTV2000
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImgBurn
InterVideo FilterSDK for Hauppauge
Java Auto Updater
Java(TM) 6 Update 19
jv16 PowerTools 2010
K-Lite Mega Codec Pack 5.8.3
Kaspersky Internet Security 2011
Kies
LG PC Suite II
Malwarebytes' Anti-Malware
Media Center Extender
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 7.0
Microsoft IntelliType Pro 7.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows XP Video Decoder Checkup Utility
mIRC
Mozilla Firefox (3.6.13)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
Rapport
Realtek High Definition Audio Driver
SAMSUNG USB Driver for Mobile Phones
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy
Steam
System Requirements Lab
TMPGEnc 4.0 XPress
TMPGEnc DVD Author 3 with DivX Authoring
Unknown Device Identifier 7.00
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2466076)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 9.0 CRT (x86) WinSXS MSM
Visual C++ 9.0 OpenMP (x86) WinSXS MSM
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
VLC media player 1.0.5
WebFldrs XP
WinAVI Video Converter
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Your Uninstaller! 2010
==== Event Viewer Messages From Past Week ========
16/12/2010 10:10:24, error: nvata [5] - Device SAMSUNG HD753LJ [S13UJDWQ338409] reported CRC error.
16/12/2010 10:10:24, error: nvata [5] - Device SAMSUNG HD300LJ [S0D7J1FL704884] reported CRC error.
16/12/2010 10:08:48, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\Gavin\Desktop\dds.scr. Reference error message: The operation completed successfully. .
16/12/2010 10:08:48, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Documents and Settings\Gavin\Desktop\dds.scr" on line 0.
16/12/2010 09:44:41, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
16/12/2010 09:44:27, error: Service Control Manager [7031] - The Universal Plug and Play Device Host service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
16/12/2010 09:44:20, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
16/12/2010 09:44:14, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
16/12/2010 09:44:12, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
16/12/2010 09:44:07, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
16/12/2010 09:44:04, error: Service Control Manager [7031] - The Universal Plug and Play Device Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
16/12/2010 09:43:50, error: Service Control Manager [7031] - The Universal Plug and Play Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
16/12/2010 09:43:45, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
16/12/2010 09:43:41, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
16/12/2010 09:43:35, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
16/12/2010 09:27:33, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
16/12/2010 09:27:32, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
16/12/2010 09:27:32, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
16/12/2010 09:27:32, error: Service Control Manager [7034] - The Device Error Recovery Service service terminated unexpectedly. It has done this 1 time(s).
15/12/2010 18:49:10, error: Service Control Manager [7034] - The FsUsbExService service terminated unexpectedly. It has done this 1 time(s).
15/12/2010 16:42:51, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.
10/12/2010 13
10/12/2010 13
10/12/2010 13
10/12/2010 13
10/12/2010 13
10/12/2010 13
09/12/2010 22:06:49, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0019212D42E6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
09/12/2010 14:00:00, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
09/12/2010 14:00:00, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
09/12/2010 14:00:00, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
09/12/2010 14:00:00, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
09/12/2010 14:00:00, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
09/12/2010 14:00:00, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
09/12/2010 10:39:48, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address B4:07:F9:71:F1:72. Network operations on this system may be disrupted as a result.
==== End Of File ===========================
Last edited by gazza1988; 16-12-2010 at 10:41 AM. Reason: added wrong screenshot
Senior Member
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
================================================== =========================
I can see some infection present and I see also some Avira leftovers.
We'll try to sort it out.
Download TDSSKiller and save it to your desktop.
- Extract (unzip) its contents to your desktop.
- Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
Valued Member
2010/12/17 02:00:56.0620 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/17 02:00:56.0620 ================================================== ==============================
2010/12/17 02:00:56.0620 SystemInfo:
2010/12/17 02:00:56.0620
2010/12/17 02:00:56.0620 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/17 02:00:56.0620 Product type: Workstation
2010/12/17 02:00:56.0620 ComputerName: GAVINSCOMPUTER
2010/12/17 02:00:56.0620 UserName: Gavin
2010/12/17 02:00:56.0620 Windows directory: C:\WINDOWS
2010/12/17 02:00:56.0620 System windows directory: C:\WINDOWS
2010/12/17 02:00:56.0620 Processor architecture: Intel x86
2010/12/17 02:00:56.0620 Number of processors: 2
2010/12/17 02:00:56.0620 Page size: 0x1000
2010/12/17 02:00:56.0620 Boot type: Normal boot
2010/12/17 02:00:56.0620 ================================================== ==============================
2010/12/17 02:00:57.0010 Initialize success
2010/12/17 02:00:58.0182 ================================================== ==============================
2010/12/17 02:00:58.0182 Scan started
2010/12/17 02:00:58.0182 Mode: Manual;
2010/12/17 02:00:58.0182 ================================================== ==============================
2010/12/17 02:00:58.0557 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/17 02:00:58.0604 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/17 02:00:58.0667 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/17 02:00:58.0745 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/17 02:00:58.0885 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/12/17 02:00:58.0948 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/17 02:00:59.0057 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/17 02:00:59.0088 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/17 02:00:59.0151 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/17 02:00:59.0198 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/17 02:00:59.0307 BazisVirtualCDBus (a8933e291b0b43af00782c6e5ccb0f60) C:\WINDOWS\system32\DRIVERS\BazisVirtualCDBus.sys
2010/12/17 02:00:59.0354 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/17 02:00:59.0417 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/12/17 02:00:59.0448 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2010/12/17 02:00:59.0479 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/12/17 02:00:59.0542 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/12/17 02:00:59.0573 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/12/17 02:00:59.0588 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/17 02:00:59.0651 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/17 02:00:59.0698 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/17 02:00:59.0729 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/17 02:00:59.0776 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2010/12/17 02:00:59.0807 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/17 02:00:59.0979 dgderdrv (3be1651c63954067940e7f473498ad70) C:\WINDOWS\system32\drivers\dgderdrv.sys
2010/12/17 02:01:00.0026 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/17 02:01:00.0073 DKRtWrt (d6a4d12c744359f6eb93bbdebcfbe351) C:\WINDOWS\system32\DRIVERS\DKRtWrt.sys
2010/12/17 02:01:00.0135 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/17 02:01:00.0182 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/17 02:01:00.0213 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/17 02:01:00.0260 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/17 02:01:00.0323 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/17 02:01:00.0385 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/17 02:01:00.0417 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/17 02:01:00.0448 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/17 02:01:00.0463 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/17 02:01:00.0495 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/17 02:01:00.0557 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\WINDOWS\system32\FsUsbExDisk.SYS
2010/12/17 02:01:00.0604 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/17 02:01:00.0635 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/17 02:01:00.0667 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/12/17 02:01:00.0729 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/17 02:01:00.0776 hcwPP2 (9436fbf3ca45a0fb726856b409734d7a) C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
2010/12/17 02:01:00.0807 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/17 02:01:00.0854 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys
2010/12/17 02:01:00.0885 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/17 02:01:00.0963 HSFHWBS2 (f3e718604c5a8a28003280d861d96c19) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/12/17 02:01:01.0026 HSF_DPV (4290713b7c3289ef87ee5ca474b21221) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/12/17 02:01:01.0104 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/17 02:01:01.0167 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2010/12/17 02:01:01.0182 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/17 02:01:01.0417 IntcAzAudAddService (1a5b97b5bffde5742f4209f734c4faf0) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/17 02:01:01.0573 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/17 02:01:01.0635 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/17 02:01:01.0651 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/17 02:01:01.0682 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/17 02:01:01.0713 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/17 02:01:01.0745 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/17 02:01:01.0792 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/17 02:01:01.0823 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/17 02:01:01.0838 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/17 02:01:01.0885 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys
2010/12/17 02:01:01.0917 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
2010/12/17 02:01:01.0963 KLIF (395a295fd9ea657b4a3621e402cc56c5) C:\WINDOWS\system32\DRIVERS\klif.sys
2010/12/17 02:01:01.0995 klim5 (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys
2010/12/17 02:01:02.0026 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2010/12/17 02:01:02.0057 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/17 02:01:02.0120 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/17 02:01:02.0229 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/17 02:01:02.0307 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/12/17 02:01:02.0370 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/17 02:01:02.0401 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/17 02:01:02.0417 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/17 02:01:02.0463 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/17 02:01:02.0510 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/17 02:01:02.0573 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/17 02:01:02.0620 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/17 02:01:02.0667 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/17 02:01:02.0698 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/17 02:01:02.0729 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/17 02:01:02.0760 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/17 02:01:02.0792 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/17 02:01:02.0807 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/17 02:01:02.0854 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/17 02:01:02.0885 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/17 02:01:02.0932 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/17 02:01:02.0963 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/17 02:01:02.0995 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/17 02:01:03.0026 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/17 02:01:03.0057 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/17 02:01:03.0104 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/17 02:01:03.0120 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/17 02:01:03.0151 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/17 02:01:03.0213 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/17 02:01:03.0260 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/17 02:01:03.0292 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/17 02:01:03.0354 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2010/12/17 02:01:03.0417 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/17 02:01:03.0807 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/17 02:01:03.0963 nvata (11d1ad7e946538e02f9ef6a6e1792061) C:\WINDOWS\system32\DRIVERS\nvata.sys
2010/12/17 02:01:04.0010 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/12/17 02:01:04.0042 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/12/17 02:01:04.0104 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/17 02:01:04.0120 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/17 02:01:04.0182 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/17 02:01:04.0229 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/17 02:01:04.0260 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/17 02:01:04.0292 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/17 02:01:04.0323 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/17 02:01:04.0385 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/17 02:01:04.0417 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/17 02:01:04.0604 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
2010/12/17 02:01:04.0713 PORTIO64 (5f86f324faa18c31a3ef3805169e508a) C:\Documents and Settings\Gavin\Desktop\JungleFlasher v0.1.76 Beta (166)\portio32.sys
2010/12/17 02:01:04.0745 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/17 02:01:04.0776 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/17 02:01:04.0807 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/17 02:01:04.0870 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/17 02:01:04.0917 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/17 02:01:05.0057 QWAVEDRV (2bb1d2baf3493362e5c1949c5f210d5f) C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
2010/12/17 02:01:05.0526 RapportCerberus_19917 (539fbdcff37a24102c507092b333ec2b) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\1 9917\RapportCerberus_19917.sys
2010/12/17 02:01:05.0651 RapportKELL (b64262f33c53d690ed662fde57102b10) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2010/12/17 02:01:05.0729 RapportPG (c9b8a131aaf77d969cbc3987537b319d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2010/12/17 02:01:05.0776 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/17 02:01:05.0838 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/17 02:01:05.0870 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/17 02:01:05.0917 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/17 02:01:05.0979 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/17 02:01:06.0073 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/17 02:01:06.0104 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/17 02:01:06.0182 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/17 02:01:06.0213 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/17 02:01:06.0276 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/12/17 02:01:06.0401 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\WINDOWS\system32\DRIVERS\s0016bus.sys
2010/12/17 02:01:06.0463 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys
2010/12/17 02:01:06.0526 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\WINDOWS\system32\DRIVERS\s0016mdm.sys
2010/12/17 02:01:06.0557 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys
2010/12/17 02:01:06.0573 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\WINDOWS\system32\DRIVERS\s0016nd5.sys
2010/12/17 02:01:06.0604 s0016obex (36792935847143e4a3cda0dc87248487) C:\WINDOWS\system32\DRIVERS\s0016obex.sys
2010/12/17 02:01:06.0620 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\WINDOWS\system32\DRIVERS\s0016unic.sys
2010/12/17 02:01:06.0682 s1018bus (27ccf532a08f437ffc795158b8b7a7f6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
2010/12/17 02:01:06.0760 s1018mdfl (2443aca3551cfb160ecaa642f6718b99) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
2010/12/17 02:01:06.0838 s1018mdm (9d273a6cf8f984097e61ecd68827d8c0) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
2010/12/17 02:01:06.0870 s1018mgmt (57d4d2efd2f3dc4bb8a351702ae01ba5) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
2010/12/17 02:01:06.0963 s1018nd5 (2102d69ed2ed4b89a607c4e09504fb59) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
2010/12/17 02:01:06.0979 s1018obex (382921439a5fb855cc6e000ac24d0c95) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
2010/12/17 02:01:06.0995 s1018unic (4e2c788d013e567bd68ae4ad36485239) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
2010/12/17 02:01:07.0073 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/17 02:01:07.0135 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
2010/12/17 02:01:07.0182 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/17 02:01:07.0213 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/17 02:01:07.0260 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/17 02:01:07.0417 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/17 02:01:07.0510 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/17 02:01:07.0573 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2010/12/17 02:01:07.0573 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2010/12/17 02:01:07.0588 sptd - detected Locked file (1)
2010/12/17 02:01:07.0604 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/17 02:01:07.0651 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/17 02:01:07.0698 ssadbus (6d83ff6722baf7e82a4521dbec363e5a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
2010/12/17 02:01:07.0745 ssadmdfl (5ae42e90f99749e0e35b9989a2d0275c) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
2010/12/17 02:01:07.0776 ssadmdm (9285d8aba50a4d6482b1574448f9eb76) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
2010/12/17 02:01:07.0807 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/17 02:01:07.0838 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/17 02:01:07.0870 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/17 02:01:07.0963 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/17 02:01:08.0026 Tcpip (d24ea301e2b36c4e975fd216ca85d8e7) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/17 02:01:08.0057 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/17 02:01:08.0104 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/17 02:01:08.0135 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/17 02:01:08.0182 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/17 02:01:08.0245 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/17 02:01:08.0292 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/17 02:01:08.0338 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/17 02:01:08.0385 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/17 02:01:08.0432 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/17 02:01:08.0479 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/17 02:01:08.0542 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/17 02:01:08.0557 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/17 02:01:08.0604 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/17 02:01:08.0792 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/17 02:01:08.0838 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/17 02:01:08.0901 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/12/17 02:01:08.0963 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/17 02:01:09.0042 winachsf (cb2dc26de2c815fc2309566f92d22ed4) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/17 02:01:09.0151 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/17 02:01:09.0213 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/17 02:01:09.0245 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/17 02:01:09.0307 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/17 02:01:09.0338 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/17 02:01:09.0495 ================================================== ==============================
2010/12/17 02:01:09.0495 Scan finished
2010/12/17 02:01:09.0495 ================================================== ==============================
2010/12/17 02:01:09.0510 Detected object count: 1
2010/12/17 02:02:08.0323 Locked file(sptd) - User select action: Skip
Senior Member
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: AVG - Download tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Valued Member
hello, i ran combofix, it did its thing but after it rebooted my system it was saving the log and i got a blue screen then my computer rebooted. i cannot find the logfile it may have created. i did run it in safe mode as well as rkill i will post them logs but i dont know if combo fix has already fixed something. however i am still getting the untrusted connection problem. Also the superfish.com error i reported as fixed, it has now returned but instead of superfish it now says mail.google.com (i.e. it is exactly the same but instead of www.superfish.com:443 it now says mail.google.com:443 instead)
ComboFix 10-12-16.02 - Gavin 17/12/2010 3:11.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2559.2256 [GMT 0:00]
Running from: c:\documents and settings\Gavin\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Gavin\Recent\Thumbs.db
c:\windows\system32\_000110_.tmp.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\Microsoft.Synchroniza tion.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))
.
2010-12-16 14:40 . 2010-12-16 14:40 -------- d--h--w- c:\windows\PIF
2010-12-15 18:12 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 18:12 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-07 08:48 . 2010-12-07 08:48 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-07 08:43 . 2010-12-07 08:48 -------- d-s---w- c:\documents and settings\android
2010-12-06 20:00 . 2010-12-06 20:00 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-12-06 13:58 . 2010-12-06 13:58 2496715 ----a-w- c:\windows\system32\abgx360.exe
2010-12-02 16:47 . 2010-07-01 21:34 109240 ----a-w- c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\comp onents\abhelperxpcom.dll
2010-12-02 16:46 . 2010-07-01 21:35 150200 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\compone nts\kavlinkfilter.dll
2010-12-02 15:48 . 2010-12-02 15:48 -------- d--h--we c:\documents and settings\All Users\AVP11
2010-12-02 15:47 . 2010-12-08 01:51 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2010-12-02 15:47 . 2010-12-08 01:51 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2010-12-02 15:46 . 2010-12-02 15:46 -------- d-----w- c:\program files\Kaspersky Lab
2010-12-02 15:46 . 2010-12-17 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-12-02 15:45 . 2010-12-02 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-11-30 11:15 . 2010-11-30 11:15 -------- d-----w- c:\program files\Alwil Software
2010-11-30 11:15 . 2010-11-30 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-26 19:25 . 2010-11-26 21:56 -------- d-----w- c:\program files\mIRC
2010-11-26 15:33 . 2010-11-26 15:33 -------- d-----w- c:\documents and settings\Gavin\Application Data\Malwarebytes
2010-11-26 15:32 . 2010-11-29 17:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-26 15:32 . 2010-11-26 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-26 15:32 . 2010-12-16 09:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-26 15:32 . 2010-11-29 17:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-26 14:54 . 2010-11-26 14:54 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2010-11-26 14:54 . 2010-11-26 14:54 22 --sha-w- c:\documents and settings\Gavin\Application Data\Sys6925.Config Collection.sys
2010-11-26 14:53 . 2010-11-26 14:55 -------- d-----w- c:\program files\jv16 PowerTools 2010
2010-11-26 14:52 . 2010-11-26 14:52 -------- d-----w- c:\program files\CCleaner
2010-11-25 19:48 . 2010-11-25 19:48 -------- d-----w- c:\documents and settings\Gavin\Local Settings\Application Data\Temp
2010-11-23 16:51 . 2010-11-26 21:59 -------- d-----w- c:\documents and settings\Gavin\Application Data\mIRC
2010-11-18 18:12 . 2010-11-18 18:12 81920 -c----w- c:\windows\system32\dllcache\isign32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-11-18 18:12 . 2010-03-22 23:20 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-18 02:04 . 2010-11-18 02:04 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2010-11-18 02:04 . 2004-08-10 11:00 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2010-11-06 00:34 . 2004-08-10 11:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2004-08-10 11:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2004-08-10 11:00 17408 ------w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2004-08-10 11:00 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-10 11:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-10 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-10 11:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-25 09:09 . 2010-10-25 09:09 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2010-10-25 09:09 . 2010-10-25 09:09 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2010-10-25 09:09 . 2010-10-25 09:09 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2010-10-25 09:09 . 2010-10-25 09:09 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2010-10-25 09:09 . 2010-10-25 09:09 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2010-10-25 09:09 . 2010-10-25 09:09 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2010-10-25 09:09 . 2010-10-25 09:09 569344 ----a-w- c:\windows\system32\muzdecode.ax
2010-10-25 09:09 . 2010-10-25 09:09 491520 ----a-w- c:\windows\system32\muzapp.dll
2010-10-25 09:09 . 2010-10-25 09:09 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2010-10-25 09:09 . 2010-10-25 09:09 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2010-10-25 09:09 . 2010-10-25 09:09 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2010-10-25 09:09 . 2010-10-25 09:09 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2010-10-25 09:09 . 2010-10-25 09:09 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2010-10-25 09:09 . 2010-10-25 09:09 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2010-10-25 09:09 . 2010-10-25 09:09 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2010-10-25 09:09 . 2010-10-25 09:09 245760 ----a-w- c:\windows\system32\MSCLib.dll
2010-10-25 09:09 . 2010-10-25 09:09 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2010-10-25 09:09 . 2010-10-25 09:09 243576 ----a-w- c:\windows\system32\MASetupCaller.dll
2010-10-25 09:09 . 2010-10-25 09:09 200704 ----a-w- c:\windows\system32\muzwmts.dll
2010-10-25 09:09 . 2010-10-25 09:09 155648 ----a-w- c:\windows\system32\MSFLib.dll
2010-10-25 09:09 . 2010-10-25 09:09 135168 ----a-w- c:\windows\system32\muzaf1.dll
2010-10-25 09:09 . 2010-10-25 09:09 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2010-10-25 09:09 . 2010-10-25 09:09 122880 ----a-w- c:\windows\system32\muzeffect.ax
2010-10-25 09:09 . 2010-10-25 09:09 118784 ----a-w- c:\windows\system32\MaDRM.dll
2010-10-25 09:09 . 2010-10-25 09:09 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2010-10-25 09:09 . 2010-09-15 08:41 511328 ----a-w- c:\windows\system32\Synchronization2.dll
2010-10-25 09:09 . 2010-09-15 08:41 288608 ----a-w- c:\windows\system32\Microsoft.Synchronization.dll
2010-10-25 09:09 . 2010-09-15 08:41 253280 ----a-w- c:\windows\system32\MetaStore2.dll
2010-10-25 09:07 . 2010-10-25 09:07 95568 ----a-w- c:\windows\system32\dgdersvc.exe
2010-10-25 09:07 . 2010-10-25 09:07 763216 ----a-w- c:\windows\system32\dgderapi.dll
2010-10-25 09:07 . 2010-10-25 09:07 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2010-10-25 09:07 . 2010-10-25 09:07 18120 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2010-10-25 09:03 . 2010-09-08 19:17 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-09-18 11:23 . 2004-08-10 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 11:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 11:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.
------- Sigcheck -------
[-] 2010-11-18 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2010-11-18 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
c:\program files\Ask.com\GenericAskToolbar.dll [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [BU]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [BU]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-30 328056]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2008-11-04 435096]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\docume~1\ALLUSE~1\AVP11\mzvkbd3. dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2010-10-27 10:36 3365176 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 20:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OMSI download service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"Norton Ghost"=2 (0x2)
"afcdpsrv"=2 (0x2)
"WSearch"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Documents and Settings\\Gavin\\Desktop\\FlashFXP.v3.3.5.1110.Cra cked-PirateX\\FlashFXP.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2011 demo\\fm.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2011\\fm.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"50500:TCP"= 50500:TCP:50500
"50500:UDP"= 50500:UDP:50500-2
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
"51500:TCP"= 51500:TCP:51500
"51500:UDP"= 51500:UDP:51500 2
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 RapportKELL;RapportKELL;c:\windows\system32\driver s\RapportKELL.sys [03/10/2010 22:43 59240]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/12/2010 20:00 685816]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [11/04/2010 19:19 27632]
S1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09/06/2010 17:43 11352]
S1 RapportCerberus_19917;RapportCerberus_19917;c:\doc uments and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\1 9917\RapportCerberus_19917.sys [03/10/2010 22:54 34792]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 22:43 169320]
S2 AntiVirMailService;Avira AntiVir MailGuard;"c:\program files\Avira\AntiVir Desktop\avmailc.exe" --> c:\program files\Avira\AntiVir Desktop\avmailc.exe [?]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 AntiVirWebService;Avira AntiVir WebGuard;"c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE" --> c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [25/10/2010 09:07 95568]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\ FsUsbExService.Exe [08/09/2010 19:17 233472]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 22:43 767208]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDB us.sys [17/11/2009 15:12 93848]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgde rdrv.sys [25/10/2010 09:07 18120]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWr t.sys [11/04/2010 21:12 41120]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbE xDisk.Sys [08/09/2010 19:17 36640]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sy s --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [07/05/2010 12:06 32856]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]
S3 PORTIO64;PORTIO64;c:\documents and settings\Gavin\Desktop\JungleFlasher v0.1.76 Beta (166)\portio32.sys [26/11/2010 19:50 2560]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [02/04/2010 18:18 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [02/04/2010 18:18 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [02/04/2010 18:18 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [02/04/2010 18:18 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [02/04/2010 18:18 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sy s [02/04/2010 18:18 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [02/04/2010 18:18 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [02/04/2010 18:18 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [02/04/2010 18:18 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [02/04/2010 18:18 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [02/04/2010 18:18 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [02/04/2010 18:18 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sy s [02/04/2010 18:18 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [02/04/2010 18:18 117544]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [06/11/2010 09:52 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [06/11/2010 09:52 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [06/11/2010 09:52 121576]
S3 vdrive;vdrive;c:\windows\system32\DRIVERS\vdrive.s ys --> c:\windows\system32\DRIVERS\vdrive.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [10/08/2004 11:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MDMXSDK
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
WINRM REG_MULTI_SZ WINRM
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Gavin\Application Data\Mozilla\Firefox\Profiles\xi50dzki.default\
FF - prefs.js: browser.search.selectedEngine - isoHunt › BT Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnI=I%27m+Feeling+Lucky&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Clean And Close: clean_and_close@csb7.com - %profile%\extensions\clean_and_close@csb7.com
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
FF - Ext: Facebook Chat History Manager: fbchathistory@firechm.com - %profile%\extensions\fbchathistory@firechm.com
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-12-17 03:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1409082233-1614895754-839522115-500\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\Gavin\\My Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"="c:\\Documents and Settings\\Gavin\\My Documents\\Sports Interactive\\Football Manager 2010\\shortlists"
"ScreenshotsDir"="c:\\Documents and Settings\\Gavin\\My Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\Gavin\\My Documents\\Sports Interactive\\Football Manager 2010\\"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\Gavin\\My Documents\\Sports Interactive\\Football Manager 2010\\games\\Copy of new gav stags after edit test.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009da6
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000074
"UniqueID"="68-F9C5-2EF3"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1092)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-12-17 03:18:20
ComboFix-quarantined-files.txt 2010-12-17 03:18
Pre-Run: 221,901,094,912 bytes free
Post-Run: 221,869,715,456 bytes free
- - End Of File - - 32E94947B1515CEA3F77B9EAD37A6135
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 17/12/2010 at 3:18:45.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
Rkill completed on 17/12/2010 at 3:18:47.
Last edited by gazza1988; 17-12-2010 at 03:36 AM. Reason: added new info
Senior Member
Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to VirusTotal - Free Online Virus, Malware and URL Scanner for security check:
- c:\windows\system32\dllcache\wab.exe
- c:\windows\system32\dllcache\ndproxy.sys
If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
================================================== =====================
1. Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:FCopy:: c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\drivers\TCPIP.SYS c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\dllcache\TCPIP.SYS Folder:: c:\program files\Alwil Software c:\documents and settings\All Users\Application Data\Alwil Software Driver:: AntiVirMailService AntiVirSchedulerService AntiVirWebService Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"=- [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"=- [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=-
3. Save the above as CFScript.txt
4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.
5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
Valued Member
hello when went onto the site to upload the files, i checked the use ssl checkbox and it immediately came up with untrusted connection. (i pressed back and was able to uncheck it and complete the task)
combo fix ran in normal mode and i tried to get it to generate the report in safe mode but i was too late and got another blue screen all i could see was BAD_POOL_HEADER before the computer restarted so again i managed to get a report but i fear it may have already done its thing.
wab.exe
Antivirus Version Last Update Result
AhnLab-V3 2010.12.17.05 2010.12.17 -
AntiVir 7.11.0.75 2010.12.17 -
Antiy-AVL 2.0.3.7 2010.12.17 -
Avast 4.8.1351.0 2010.12.17 -
Avast5 5.0.677.0 2010.12.16 -
AVG 9.0.0.851 2010.12.17 -
BitDefender 7.2 2010.12.17 -
CAT-QuickHeal 11.00 2010.12.17 -
ClamAV 0.96.4.0 2010.12.17 -
Command 5.2.11.5 2010.12.17 -
Comodo 7093 2010.12.17 -
DrWeb 5.0.2.03300 2010.12.17 -
Emsisoft 5.1.0.1 2010.12.17 -
eSafe 7.0.17.0 2010.12.16 -
eTrust-Vet 36.1.8047 2010.12.17 -
F-Prot 4.6.2.117 2010.12.16 -
F-Secure 9.0.16160.0 2010.12.17 -
Fortinet 4.2.254.0 2010.12.17 -
GData 21 2010.12.17 -
Ikarus T3.1.1.90.0 2010.12.17 -
Jiangmin 13.0.900 2010.12.17 -
K7AntiVirus 9.73.3267 2010.12.16 -
Kaspersky 7.0.0.125 2010.12.17 -
McAfee 5.400.0.1158 2010.12.17 -
McAfee-GW-Edition 2010.1C 2010.12.17 -
Microsoft 1.6402 2010.12.17 -
NOD32 5710 2010.12.17 -
Norman 6.06.12 2010.12.17 -
nProtect 2010-12-17.01 2010.12.17 -
Panda 10.0.2.7 2010.12.16 -
PCTools 7.0.3.5 2010.12.17 -
Prevx 3.0 2010.12.17 -
Rising 22.78.04.00 2010.12.17 -
Sophos 4.60.0 2010.12.17 -
SUPERAntiSpyware 4.40.0.1006 2010.12.17 -
Symantec 20101.3.0.103 2010.12.17 -
TheHacker 6.7.0.1.101 2010.12.15 -
TrendMicro 9.120.0.1004 2010.12.17 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.17 -
VBA32 3.12.14.2 2010.12.17 -
VIPRE 7687 2010.12.17 -
ViRobot 2010.12.17.4206 2010.12.17 -
VirusBuster 13.6.98.1 2010.12.16 -
ndproxy.sys
Antivirus Version Last Update Result
AhnLab-V3 2010.12.17.05 2010.12.17 -
AntiVir 7.11.0.75 2010.12.17 -
Antiy-AVL 2.0.3.7 2010.12.17 -
Avast 4.8.1351.0 2010.12.17 -
Avast5 5.0.677.0 2010.12.17 -
AVG 9.0.0.851 2010.12.17 -
BitDefender 7.2 2010.12.17 -
CAT-QuickHeal 11.00 2010.12.17 -
ClamAV 0.96.4.0 2010.12.17 -
Command 5.2.11.5 2010.12.17 -
Comodo 7093 2010.12.17 -
DrWeb 5.0.2.03300 2010.12.17 -
Emsisoft 5.1.0.1 2010.12.17 -
eSafe 7.0.17.0 2010.12.16 -
eTrust-Vet 36.1.8047 2010.12.17 -
F-Prot 4.6.2.117 2010.12.16 -
F-Secure 9.0.16160.0 2010.12.17 -
Fortinet 4.2.254.0 2010.12.17 -
GData 21 2010.12.17 -
Ikarus T3.1.1.90.0 2010.12.17 -
Jiangmin 13.0.900 2010.12.17 -
K7AntiVirus 9.73.3267 2010.12.16 -
Kaspersky 7.0.0.125 2010.12.17 -
McAfee 5.400.0.1158 2010.12.17 -
McAfee-GW-Edition 2010.1C 2010.12.17 -
Microsoft 1.6402 2010.12.17 -
NOD32 5710 2010.12.17 -
Norman 6.06.12 2010.12.17 -
nProtect 2010-12-17.01 2010.12.17 -
Panda 10.0.2.7 2010.12.16 -
PCTools 7.0.3.5 2010.12.17 -
Prevx 3.0 2010.12.17 -
Rising 22.78.04.00 2010.12.17 -
Sophos 4.60.0 2010.12.17 -
SUPERAntiSpyware 4.40.0.1006 2010.12.17 -
Symantec 20101.3.0.103 2010.12.17 -
TheHacker 6.7.0.1.101 2010.12.15 -
TrendMicro 9.120.0.1004 2010.12.17 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.17 -
VBA32 3.12.14.2 2010.12.17 -
VIPRE 7687 2010.12.17 -
ViRobot 2010.12.17.4206 2010.12.17 -
VirusBuster 13.6.98.1 2010.12.16 -
ComboFix 10-12-16.04 - Gavin 17/12/2010 12
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2559.2252 [GMT 0:00]
Running from: c:\documents and settings\Gavin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Gavin\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Alwil Software\Avast5\log\Logging.log
c:\documents and settings\All Users\Application Data\Alwil Software\Avast5\log\usntr.log
.
--------------- FCopy ---------------
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\drivers\TCPIP.SYS
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\dllcache\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ANTIVIRMAILSERVICE
-------\Legacy_ANTIVIRSCHEDULERSERVICE
-------\Legacy_ANTIVIRWEBSERVICE
-------\Service_AntiVirMailService
-------\Service_AntiVirSchedulerService
-------\Service_AntiVirWebService
((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))
.
2010-12-16 14:40 . 2010-12-16 14:40 -------- d--h--w- c:\windows\PIF
2010-12-15 18:12 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 18:12 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-07 08:48 . 2010-12-07 08:48 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-07 08:43 . 2010-12-07 08:48 -------- d-s---w- c:\documents and settings\android
2010-12-06 20:00 . 2010-12-06 20:00 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-12-06 13:58 . 2010-12-06 13:58 2496715 ----a-w- c:\windows\system32\abgx360.exe
2010-12-02 16:47 . 2010-07-01 21:34 109240 ----a-w- c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\comp onents\abhelperxpcom.dll
2010-12-02 16:46 . 2010-07-01 21:35 150200 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\compone nts\kavlinkfilter.dll
2010-12-02 15:48 . 2010-12-02 15:48 -------- d--h--we c:\documents and settings\All Users\AVP11
2010-12-02 15:47 . 2010-12-08 01:51 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2010-12-02 15:47 . 2010-12-08 01:51 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2010-12-02 15:46 . 2010-12-02 15:46 -------- d-----w- c:\program files\Kaspersky Lab
2010-12-02 15:46 . 2010-12-17 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-12-02 15:45 . 2010-12-02 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-11-26 19:25 . 2010-11-26 21:56 -------- d-----w- c:\program files\mIRC
2010-11-26 15:33 . 2010-11-26 15:33 -------- d-----w- c:\documents and settings\Gavin\Application Data\Malwarebytes
2010-11-26 15:32 . 2010-11-29 17:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-26 15:32 . 2010-11-26 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-26 15:32 . 2010-12-16 09:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-26 15:32 . 2010-11-29 17:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-26 14:54 . 2010-11-26 14:54 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2010-11-26 14:54 . 2010-11-26 14:54 22 --sha-w- c:\documents and settings\Gavin\Application Data\Sys6925.Config Collection.sys
2010-11-26 14:53 . 2010-11-26 14:55 -------- d-----w- c:\program files\jv16 PowerTools 2010
2010-11-26 14:52 . 2010-11-26 14:52 -------- d-----w- c:\program files\CCleaner
2010-11-25 19:48 . 2010-11-25 19:48 -------- d-----w- c:\documents and settings\Gavin\Local Settings\Application Data\Temp
2010-11-23 16:51 . 2010-11-26 21:59 -------- d-----w- c:\documents and settings\Gavin\Application Data\mIRC
2010-11-18 18:12 . 2010-11-18 18:12 81920 -c----w- c:\windows\system32\dllcache\isign32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-11-18 18:12 . 2010-03-22 23:20 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-18 02:04 . 2010-11-18 02:04 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2010-11-06 00:34 . 2004-08-10 11:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2004-08-10 11:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2004-08-10 11:00 17408 ------w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2004-08-10 11:00 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-10 11:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-10 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-10 11:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-25 09:09 . 2010-10-25 09:09 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2010-10-25 09:09 . 2010-10-25 09:09 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2010-10-25 09:09 . 2010-10-25 09:09 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2010-10-25 09:09 . 2010-10-25 09:09 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2010-10-25 09:09 . 2010-10-25 09:09 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2010-10-25 09:09 . 2010-10-25 09:09 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2010-10-25 09:09 . 2010-10-25 09:09 569344 ----a-w- c:\windows\system32\muzdecode.ax
2010-10-25 09:09 . 2010-10-25 09:09 491520 ----a-w- c:\windows\system32\muzapp.dll
2010-10-25 09:09 . 2010-10-25 09:09 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2010-10-25 09:09 . 2010-10-25 09:09 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2010-10-25 09:09 . 2010-10-25 09:09 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2010-10-25 09:09 . 2010-10-25 09:09 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2010-10-25 09:09 . 2010-10-25 09:09 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2010-10-25 09:09 . 2010-10-25 09:09 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2010-10-25 09:09 . 2010-10-25 09:09 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2010-10-25 09:09 . 2010-10-25 09:09 245760 ----a-w- c:\windows\system32\MSCLib.dll
2010-10-25 09:09 . 2010-10-25 09:09 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2010-10-25 09:09 . 2010-10-25 09:09 243576 ----a-w- c:\windows\system32\MASetupCaller.dll
2010-10-25 09:09 . 2010-10-25 09:09 200704 ----a-w- c:\windows\system32\muzwmts.dll
2010-10-25 09:09 . 2010-10-25 09:09 155648 ----a-w- c:\windows\system32\MSFLib.dll
2010-10-25 09:09 . 2010-10-25 09:09 135168 ----a-w- c:\windows\system32\muzaf1.dll
2010-10-25 09:09 . 2010-10-25 09:09 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2010-10-25 09:09 . 2010-10-25 09:09 122880 ----a-w- c:\windows\system32\muzeffect.ax
2010-10-25 09:09 . 2010-10-25 09:09 118784 ----a-w- c:\windows\system32\MaDRM.dll
2010-10-25 09:09 . 2010-10-25 09:09 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2010-10-25 09:09 . 2010-09-15 08:41 511328 ----a-w- c:\windows\system32\Synchronization2.dll
2010-10-25 09:09 . 2010-09-15 08:41 288608 ----a-w- c:\windows\system32\Microsoft.Synchronization.dll
2010-10-25 09:09 . 2010-09-15 08:41 253280 ----a-w- c:\windows\system32\MetaStore2.dll
2010-10-25 09:07 . 2010-10-25 09:07 95568 ----a-w- c:\windows\system32\dgdersvc.exe
2010-10-25 09:07 . 2010-10-25 09:07 763216 ----a-w- c:\windows\system32\dgderapi.dll
2010-10-25 09:07 . 2010-10-25 09:07 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2010-10-25 09:07 . 2010-10-25 09:07 18120 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2010-10-25 09:03 . 2010-09-08 19:17 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-30 328056]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2008-11-04 435096]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\docume~1\ALLUSE~1\AVP11\mzvkbd3. dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2010-10-27 10:36 3365176 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 20:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OMSI download service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"Norton Ghost"=2 (0x2)
"afcdpsrv"=2 (0x2)
"WSearch"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Documents and Settings\\Gavin\\Desktop\\FlashFXP.v3.3.5.1110.Cra cked-PirateX\\FlashFXP.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2011 demo\\fm.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2011\\fm.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"50500:TCP"= 50500:TCP:50500
"50500:UDP"= 50500:UDP:50500-2
"5985:TCP"= 5985:TCP:*
"51500:TCP"= 51500:TCP:51500
"51500:UDP"= 51500:UDP:51500 2
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 RapportKELL;RapportKELL;c:\windows\system32\driver s\RapportKELL.sys [03/10/2010 22:43 59240]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [11/04/2010 19:19 27632]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/12/2010 20:00 685816]
S1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09/06/2010 17:43 11352]
S1 RapportCerberus_19917;RapportCerberus_19917;c:\doc uments and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\1 9917\RapportCerberus_19917.sys [03/10/2010 22:54 34792]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 22:43 169320]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [25/10/2010 09:07 95568]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\ FsUsbExService.Exe [08/09/2010 19:17 233472]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 22:43 767208]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDB us.sys [17/11/2009 15:12 93848]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgde rdrv.sys [25/10/2010 09:07 18120]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWr t.sys [11/04/2010 21:12 41120]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbE xDisk.Sys [08/09/2010 19:17 36640]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sy s --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [07/05/2010 12:06 32856]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]
S3 PORTIO64;PORTIO64;c:\documents and settings\Gavin\Desktop\JungleFlasher v0.1.76 Beta (166)\portio32.sys [26/11/2010 19:50 2560]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [02/04/2010 18:18 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [02/04/2010 18:18 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [02/04/2010 18:18 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [02/04/2010 18:18 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [02/04/2010 18:18 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sy s [02/04/2010 18:18 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [02/04/2010 18:18 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [02/04/2010 18:18 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [02/04/2010 18:18 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [02/04/2010 18:18 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [02/04/2010 18:18 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [02/04/2010 18:18 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sy s [02/04/2010 18:18 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [02/04/2010 18:18 117544]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [06/11/2010 09:52 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [06/11/2010 09:52 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [06/11/2010 09:52 121576]
S3 vdrive;vdrive;c:\windows\system32\DRIVERS\vdrive.s ys --> c:\windows\system32\DRIVERS\vdrive.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [10/08/2004 11:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MDMXSDK
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
WINRM REG_MULTI_SZ WINRM
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Gavin\Application Data\Mozilla\Firefox\Profiles\xi50dzki.default\
FF - prefs.js: browser.search.selectedEngine - isoHunt › BT Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnI=I%27m+Feeling+Lucky&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Clean And Close: clean_and_close@csb7.com - %profile%\extensions\clean_and_close@csb7.com
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
FF - Ext: Facebook Chat History Manager: fbchathistory@firechm.com - %profile%\extensions\fbchathistory@firechm.com
.
************************************************** ************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1409082233-1614895754-839522115-500\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\Gavin\\My Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"="c:\\Documents and Settings\\Gavin\\My Documents\\Sports Interactive\\Football Manager 2010\\shortlists"
"ScreenshotsDir"="c:\\Documents and Settings\\Gavin\\My Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\Gavin\\My Documents\\Sports Interactive\\Football Manager 2010\\"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\Gavin\\My Documents\\Sports Interactive\\Football Manager 2010\\games\\Copy of new gav stags after edit test.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009da6
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000074
"UniqueID"="68-F9C5-2EF3"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1520)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-12-17 12:27:50
ComboFix-quarantined-files.txt 2010-12-17 12:27
ComboFix2.txt 2010-12-17 03:18
Pre-Run: 221,858,635,776 bytes free
Post-Run: 221,827,493,888 bytes free
- - End Of File - - 0D84CB2016433CDF206509476775030B
Senior Member
That looks good
Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Valued Member
extras.txt
OTL Extras logfile created on: 17/12/2010 22:09:53 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Gavin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 206.44 Gb Free Space | 73.87% Space Free | Partition Type: NTFS
Drive F: | 698.63 Gb Total Space | 10.02 Gb Free Space | 1.43% Space Free | Partition Type: NTFS
Drive K: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: GAVINSCOMPUTER | User Name: Gavin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3776:UDP" = 3776:UDP:*:Enabled:Media Center Extender Service
"3390:TCP" = 3390:TCP:*:Enabled:Remote Media Center Experience
"50500:TCP" = 50500:TCP:*:Enabled:50500
"50500:UDP" = 50500:UDP:*:Enabled:50500-2
"5985:TCP" = 5985:TCP:*
"51500:TCP" = 51500:TCP:*:Enabled:51500
"51500:UDP" = 51500:UDP:*:Enabled:51500 2
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"C:\Documents and Settings\Gavin\Desktop\FlashFXP.v3.3.5.1110.Cracke d-PirateX\FlashFXP.exe" = C:\Documents and Settings\Gavin\Desktop\FlashFXP.v3.3.5.1110.Cracke d-PirateX\FlashFXP.exe:*:Enabled:TeAM YYePG -- (Copyright @ 1998-2005 =NF=LOVE[BCG][DFCG])
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\common\football manager 2011 demo\fm.exe" = C:\Program Files\Steam\steamapps\common\football manager 2011 demo\fm.exe:*:Enabled:Football Manager 2011 Demo -- (Sports Interactive)
"C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe:*:Enabled:Football Manager 2011 -- (Sports Interactive)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FE964A-853B-4176-86D7-9E18B5CA1FC0}" = Media Center Extender
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E9F2540-DD55-42FB-8EB6-5508EEC54013}" = TMPGEnc DVD Author 3 with DivX Authoring
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{841D4524-7950-4A4F-A4E6-931A1A2E201C}" = TMPGEnc 4.0 XPress
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D015A2F-4D85-419E-8E1D-93B0C246D491}" = Diskeeper 2010 Pro Premier
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A0B0BCE9-2994-36F2-BE66-D23C884372E8}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AA2EBBCC-4E3B-3442-865E-7BB3E9F45F0C}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C18DAD9E-AC61-40D6-9BBF-0F1E0DFE0C15}" = FMRTE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EB5BA578-FF7F-3863-8E53-7A003222B7FC}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{EB6C11E5-449C-3BA3-9086-80B18BCFF947}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"abgx360" = abgx360 v1.0.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_20001 4F1" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B3204 85DF8CE.1" = Acrobat.com
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Driving Test Success - All Tests_is1" = Driving Test Success - All Tests (2008-2009)
"EASEUS Data Recovery Wizard Free Edition 5.0.1_is1" = EASEUS Data Recovery Wizard Free Edition 5.0.1
"EHome Devices" = Media Center Extender
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Football Manager 2010" = Football Manager 2010
"Football Manager 2011" = Football Manager 2011
"Hauppauge WinTV Radio" = Hauppauge WinTV Radio
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"Hauppauge WinTV-PVR 150 Drivers" = Hauppauge WinTV-PVR 150 Drivers
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ImgBurn" = ImgBurn
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"jv16 PowerTools 2010" = jv16 PowerTools 2010
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.8.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"mIRC" = mIRC
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Rapport_msi" = Rapport
"Steam App 34390" = Football Manager 2011 Demo
"Unknown Device Identifier_is1" = Unknown Device Identifier 7.00
"uTorrent" = µTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"WinAVI Video Converter 10.1_is1" = WinAVI Video Converter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YU2010_is1" = Your Uninstaller! 2010
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/11/2010 05:09:52 | Computer Name = GAVINSCOMPUTER | Source = ESENT | ID = 490
Description = svchost (1180) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 12/11/2010 13:32:15 | Computer Name = GAVINSCOMPUTER | Source = ESENT | ID = 490
Description = svchost (1188) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 18/11/2010 11:52:42 | Computer Name = GAVINSCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application fm.exe, version 11.1.1.26966, faulting module
fm.exe, version 11.1.1.26966, fault address 0x009adc47.
Error - 20/11/2010 14:07:47 | Computer Name = GAVINSCOMPUTER | Source = WindowsLiveMessenger | ID = 15728647
Description =
Error - 20/11/2010 14:07:49 | Computer Name = GAVINSCOMPUTER | Source = WindowsLiveMessenger | ID = 15728647
Description =
Error - 25/11/2010 04:11:44 | Computer Name = GAVINSCOMPUTER | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 kies.exe, P2 1.5.3.10103, P3 4cc80037, P4 msc.thunder.mainstage,
P5 1.5.3.10103, P6 4cc80037, P7 29, P8 0, P9 system.nullreferenceexception, P10
NIL.
Error - 25/11/2010 04:11:46 | Computer Name = GAVINSCOMPUTER | Source = .NET Runtime | ID = 1026
Description = Application: Kies.exe Framework Version: v4.0.30319 Description: The
process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException
Stack:
at MSC.Thunder.MainStage.DipatcherExceptionHandler.Ap plication_DipatcherException(System.Object,
System.Windows.Threading.DispatcherUnhandledExcept ionEventArgs) at System.Windows.Threading.Dispatcher.CatchException (System.Exception)
at System.Windows.Threading.Dispatcher.CatchException Static(System.Object, System.Exception)
at System.Windows.Threading.ExceptionWrapper.CatchExc eption(System.Object, System.Exception,
System.Delegate) at MS.Internal.Threading.ExceptionFilterHelper.TryCat chWhen(System.Object,
System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.Dispatcher.InvokeImpl(Sys tem.Windows.Threading.DispatcherPriority,
System.TimeSpan, System.Delegate, System.Object, Int32) at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr,
Int32, IntPtr, IntPtr) at MS.Win32.UnsafeNativeMethods.DispatchMessage(Syste m.Windows.Interop.MSG
ByRef) at System.Windows.Threading.Dispatcher.PushFrameImpl( System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(Syst em.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.Run() at System.Windows.Application.RunDispatcher(System.Ob ject)
at System.Windows.Application.RunInternal(System.Wind ows.Window) at System.Windows.Application.Run(System.Windows.Wind ow)
at MSC.Thunder.MainStage.App.Main()
Error - 30/11/2010 05:45:52 | Computer Name = GAVINSCOMPUTER | Source = Avira AntiVir | ID = 4118
Description =
Error - 16/12/2010 08:38:31 | Computer Name = GAVINSCOMPUTER | Source = Diskeeper | ID = 5
Description = Diskeeper Control Center - ERROR The Diskeeper News and Information
feature was unable to contact the Diskeeper Corporation web server. Ensure this
computer has Internet access. The Error Code is 5.
Error - 17/12/2010 10:41:27 | Computer Name = GAVINSCOMPUTER | Source = Diskeeper | ID = 5
Description = Diskeeper Control Center - ERROR The Diskeeper News and Information
feature was unable to contact the Diskeeper Corporation web server. Ensure this
computer has Internet access. The Error Code is 5.
[ System Events ]
Error - 17/12/2010 08:20:01 | Computer Name = GAVINSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 17/12/2010 08:20:08 | Computer Name = GAVINSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 17/12/2010 08
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31
Error - 17/12/2010 08
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31
Error - 17/12/2010 08
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK8 avipbb Fips IPSec kl2 KLIF MRxSmb NetBIOS NetBT ohci1394 RasAcd Rdbss sptd Tcpip
Error - 17/12/2010 08:28:40 | Computer Name = GAVINSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 17/12/2010 08:31:47 | Computer Name = GAVINSCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The avgntflt service failed to start due to the following error: %%2
Error - 17/12/2010 08:31:48 | Computer Name = GAVINSCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Guard service failed to start due to the following
error: %%2
Error - 17/12/2010 08:32:29 | Computer Name = GAVINSCOMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avipbb
Error - 17/12/2010 08:33:25 | Computer Name = GAVINSCOMPUTER | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.
< End of report >
Valued Member
i cannot put both logs on the same post so i have posted them in separate posts.
otl.txt
OTL logfile created on: 17/12/2010 22:09:53 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Gavin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 206.44 Gb Free Space | 73.87% Space Free | Partition Type: NTFS
Drive F: | 698.63 Gb Total Space | 10.02 Gb Free Space | 1.43% Space Free | Partition Type: NTFS
Drive K: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: GAVINSCOMPUTER | User Name: Gavin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2010/12/17 22:08:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gavin\Desktop\OTL.exe
PRC - [2010/12/02 15:58:43 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/10/25 09:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\system32\dgdersvc.exe
PRC - [2010/10/03 22:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/07/01 21:34:46 | 000,129,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
PRC - [2010/06/09 09:26:50 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe
PRC - [2009/10/23 18:44:36 | 001,732,960 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/12/17 22:08:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gavin\Desktop\OTL.exe
MOD - [2010/10/03 22:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\ComboFix\PEV.cfx -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] -- -- (LiveUpdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - File not found [Disabled | Stopped] -- -- (AcrSch2Svc)
SRV - [2010/12/02 15:58:43 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/10/25 09:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\dgdersvc.exe -- (dgdersvc)
SRV - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/06/12 13:38:50 | 000,145,504 | ---- | M] (B.H.A Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2010/06/09 09:26:50 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspn et_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe -- (NetTcpPortSharing)
SRV - [2009/10/23 18:44:36 | 001,732,960 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vdrive.sys -- (vdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\GenericMount.sys -- (GenericMount)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Gavin\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb)
DRV - File not found [File_System | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2010/12/06 20:00:01 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/12/02 15:58:43 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/10/25 09:07:48 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010/10/25 09:03:52 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/10/03 22:54:04 | 000,034,792 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\1 9917\RapportCerberus_19917.sys -- (RapportCerberus_19917)
DRV - [2010/10/03 22:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/10/03 22:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/07/28 13:33:06 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/07/28 13:33:06 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/07/28 13:33:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/07/10 04:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/06/12 13:38:50 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/05/07 12:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2010/04/18 09:07:57 | 000,093,848 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/10/21 00:04:34 | 000,041,120 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2008/09/10 20:08:20 | 000,002,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Gavin\Desktop\JungleFlasher v0.1.76 Beta (166)\portio32.sys -- (PORTIO64)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/06/04 06:34:08 | 000,122,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2008/06/04 06:34:08 | 000,115,368 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2008/06/04 06:34:08 | 000,090,408 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2008/06/04 06:34:08 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2008/06/04 06:34:06 | 000,117,544 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2008/06/04 06:34:06 | 000,111,784 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2008/06/04 06:34:06 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/05/16 10:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 10:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 10:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 10:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 10:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 10:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 10:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/02/06 13:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2006/10/26 16:50:00 | 004,064,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/07/18 15:16:08 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/18 15:15:18 | 000,256,128 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/07/18 15:15:10 | 000,728,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/08/12 16:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "isoHunt › BT Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig"
FF - prefs.js..extensions.enabledItems: clean_and_close@csb7.com:2.5.1
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: fbchathistory@firechm.com:1.1.5
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..keyword.URL: "http://www.google.co.in/search?btnI=I%27m+Feeling+Lucky&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/15 19:10:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/15 19:10:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea 12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/12/02 15:47:07 | 000,000,000 | ---D | M]
[2010/03/23 23:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\Mozilla\Extensions
[2010/12/17 17:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\Mozilla\Firefox\Profiles\xi50dzki.default\ext ensions
[2010/04/27 19:00:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Gavin\Application Data\Mozilla\Firefox\Profiles\xi50dzki.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/24 06:48:55 | 000,000,000 | ---D | M] (IE View) -- C:\Documents and Settings\Gavin\Application Data\Mozilla\Firefox\Profiles\xi50dzki.default\ext ensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/03/24 06:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\Mozilla\Firefox\Profiles\xi50dzki.default\ext ensions\clean_and_close@csb7.com
[2010/10/01 18:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\Mozilla\Firefox\Profiles\xi50dzki.default\ext ensions\fbchathistory@firechm.com
[2010/12/15 16:53:33 | 000,002,580 | ---- | M] () -- C:\Documents and Settings\Gavin\Application Data\Mozilla\Firefox\Profiles\xi50dzki.default\sea rchplugins\imdb.xml
[2010/12/15 16:53:33 | 000,004,873 | ---- | M] () -- C:\Documents and Settings\Gavin\Application Data\Mozilla\Firefox\Profiles\xi50dzki.default\sea rchplugins\isohunt--bt-search.xml
[2010/04/10 23:33:21 | 000,000,998 | ---- | M] () -- C:\Documents and Settings\Gavin\Application Data\Mozilla\Firefox\Profiles\xi50dzki.default\sea rchplugins\mininova.xml
[2010/12/15 16:53:33 | 000,001,942 | ---- | M] () -- C:\Documents and Settings\Gavin\Application Data\Mozilla\Firefox\Profiles\xi50dzki.default\sea rchplugins\mycroft-project.xml
[2010/12/15 16:53:33 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\Gavin\Application Data\Mozilla\Firefox\Profiles\xi50dzki.default\sea rchplugins\queen-torrent.xml
[2010/12/15 16:53:33 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\Gavin\Application Data\Mozilla\Firefox\Profiles\xi50dzki.default\sea rchplugins\the-pirate-bay---seeders.xml
[2010/04/23 14:29:58 | 000,002,057 | ---- | M] () -- C:\Documents and Settings\Gavin\Application Data\Mozilla\Firefox\Profiles\xi50dzki.default\sea rchplugins\youtube-video-search.xml
[2010/12/17 17:15:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/02 16:47:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010/12/02 16:47:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/03/16 18:27:25 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/16 18:27:25 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/16 18:27:25 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/16 18:27:25 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2010/12/17 12:11:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1269386687294 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1269435345046 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} Page not found | Facebook (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/22 23:23:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/16 12:57:50 | 000,000,154 | R--- | M] () - K:\autorun.cfg -- [ UDF ]
O32 - AutoRun File - [2010/10/05 14:53:16 | 000,214,344 | R--- | M] (Sports Interactive) - K:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006/09/11 13:26:42 | 000,000,027 | R--- | M] () - K:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (www)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)
========== Files/Folders - Created Within 30 Days ==========
[2010/12/17 22:08:50 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gavin\Desktop\OTL.exe
[2010/12/17 12:27:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/12/17 12:20:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/12/17 11:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gavin\Desktop\ndproxysysreport_files
[2010/12/17 11:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gavin\Desktop\wabexereport_files
[2010/12/17 02:33:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/17 02:27:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/17 02:27:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/17 02:27:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/17 02:27:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/17 02:27:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/17 02:27:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/17 02:00:51 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Gavin\Desktop\TDSSKiller.exe
[2010/12/16 14:40:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/12/16 09:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gavin\Desktop\68933-read-first-important-instructions-updated_files
[2010/12/16 09:36:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gavin\Desktop\clean comp stuff
[2010/12/07 18:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gavin\My Documents\video
[2010/12/06 20:02:51 | 000,590,392 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Gavin\My Documents\SPTDinst-v175-x86.exe
[2010/12/02 15:48:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\AVP11
[2010/12/02 15:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/12/02 15:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/12/02 15:46:15 | 000,475,736 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/12/02 15:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/12/02 12:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gavin\Desktop\christmas
[2010/11/26 22:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gavin\My Documents\LiteOn_iXtreme_LT_v1.1
[2010/11/26 20:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gavin\My Documents\hitatchi
[2010/11/26 19:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gavin\Desktop\JungleFlasher v0.1.76 Beta (166)
[2010/11/26 19:39:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gavin\Desktop\Hitachi-LG GDR-3120L
[2010/11/26 19:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2010/11/26 19:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gavin\Desktop\danny JungleFlasher v0.1.76 Beta (166)
[2010/11/26 15:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gavin\Application Data\Malwarebytes
[2010/11/26 15:32:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/26 15:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/26 15:32:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/26 15:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/26 14:58:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gavin\Recent
[2010/11/26 14:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2010
[2010/11/26 14:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/26 13:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/11/25 19:48:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gavin\Local Settings\Application Data\Temp
[2010/11/23 16:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gavin\Application Data\mIRC
========== Files - Modified Within 30 Days ==========
[2010/12/17 22:08:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gavin\Desktop\OTL.exe
[2010/12/17 16:09:22 | 000,002,183 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FMRTE.lnk
[2010/12/17 12:31:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/17 12:11:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/17 11:49:23 | 003,993,469 | R--- | M] () -- C:\Documents and Settings\Gavin\Desktop\ComboFix.exe
[2010/12/17 11:48:19 | 000,028,776 | ---- | M] () -- C:\Documents and Settings\Gavin\Desktop\ndproxysysreport.html
[2010/12/17 11:48:05 | 000,030,118 | ---- | M] () -- C:\Documents and Settings\Gavin\Desktop\wabexereport.html
[2010/12/17 02:40:30 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/17 02:33:09 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2010/12/17 02:25:24 | 000,660,752 | ---- | M] () -- C:\Documents and Settings\Gavin\Desktop\rkill.exe
[2010/12/16 23:35:23 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Gavin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/16 10:33:58 | 002,196,522 | ---- | M] () -- C:\Documents and Settings\Gavin\Desktop\fffff.bmp
[2010/12/16 10:17:25 | 000,000,221 | ---- | M] () -- C:\Boot.bak
[2010/12/16 09:38:55 | 000,045,553 | ---- | M] () -- C:\Documents and Settings\Gavin\Desktop\68933-read-first-important-instructions-updated.html
[2010/12/16 09:37:37 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Gavin\Desktop\MBRCheck.exe
[2010/12/16 09:33:22 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Gavin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/16 08:45:19 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 21:46:32 | 001,323,054 | ---- | M] () -- C:\Documents and Settings\Gavin\Desktop\superfish error.bmp
[2010/12/15 18:15:51 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/10 17:02:39 | 000,001,549 | ---- | M] () -- C:\Documents and Settings\Gavin\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2010/12/10 09:06:34 | 000,140,288 | ---- | M] () -- C:\Documents and Settings\Gavin\fbchathistory.dat
[2010/12/08 14:48:08 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Gavin\Desktop\TDSSKiller.exe
[2010/12/08 10:40:45 | 001,343,214 | ---- | M] () -- C:\Documents and Settings\Gavin\Desktop\untitled.bmp
[2010/12/08 01:51:01 | 000,114,243 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/12/08 01:51:01 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/12/07 09:10:02 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mini-FMRTE.lnk
[2010/12/06 20:02:53 | 000,590,392 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Gavin\My Documents\SPTDinst-v175-x86.exe
[2010/12/06 20:00:01 | 000,685,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/12/06 13:58:56 | 002,496,715 | ---- | M] () -- C:\WINDOWS\System32\abgx360.exe
[2010/12/02 15:58:43 | 000,475,736 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/12/02 15:43:23 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/26 21:58:51 | 001,932,503 | ---- | M] () -- C:\Documents and Settings\Gavin\My Documents\LiteOn_iXtreme_LT_v1.1.rar
[2010/11/26 19:25:42 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk
[2010/11/26 15:32:11 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/26 14:54:49 | 000,000,022 | -HS- | M] () -- C:\Documents and Settings\Gavin\Application Data\Sys6925.Config Collection.sys
[2010/11/26 14:54:49 | 000,000,022 | -HS- | M] () -- C:\WINDOWS\Sys3390 SettingsCollection.bin
[2010/11/26 14:53:08 | 000,001,585 | ---- | M] () -- C:\Documents and Settings\Gavin\Application Data\Microsoft\Internet Explorer\Quick Launch\jv16 PowerTools 2010.lnk
[2010/11/26 14:53:08 | 000,001,567 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\jv16 PowerTools 2010.lnk
[2010/11/26 14:52:22 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/25 19:45:57 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\Gavin\Desktop\Your Uninstaller!.lnk
[2010/11/25 19:45:31 | 000,000,932 | ---- | M] () -- C:\Documents and Settings\Gavin\Application Data\Microsoft\Internet Explorer\Quick Launch\Your Uninstaller!.lnk
[2010/11/25 09:58:51 | 3543,728,127 | ---- | M] () -- C:\Documents and Settings\Gavin\Desktop\mvl-fifi.iso
[2010/11/25 08:12:23 | 009,013,618 | ---- | M] () -- C:\Documents and Settings\Gavin\Desktop\abgx360_v1.0.4_setup.exe
[2010/11/18 18:52:26 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diskeeper 2010.lnk
[2010/11/18 08:41:45 | 000,002,898 | ---- | M] () -- C:\aqua_bitmap.cpp
========== Files Created - No Company Name ==========
[2010/12/17 11:48:18 | 000,028,776 | ---- | C] () -- C:\Documents and Settings\Gavin\Desktop\ndproxysysreport.html
[2010/12/17 11:48:05 | 000,030,118 | ---- | C] () -- C:\Documents and Settings\Gavin\Desktop\wabexereport.html
[2010/12/17 02:33:09 | 000,000,221 | ---- | C] () -- C:\Boot.bak
[2010/12/17 02:33:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/17 02:27:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/17 02:27:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/17 02:27:56 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/17 02:27:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/17 02:27:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/17 02:26:12 | 003,993,469 | R--- | C] () -- C:\Documents and Settings\Gavin\Desktop\ComboFix.exe
[2010/12/17 02:25:24 | 000,660,752 | ---- | C] () -- C:\Documents and Settings\Gavin\Desktop\rkill.exe
[2010/12/16 10:31:49 | 002,196,522 | ---- | C] () -- C:\Documents and Settings\Gavin\Desktop\fffff.bmp
[2010/12/16 09:38:35 | 000,045,553 | ---- | C] () -- C:\Documents and Settings\Gavin\Desktop\68933-read-first-important-instructions-updated.html
[2010/12/16 09:37:37 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Gavin\Desktop\MBRCheck.exe
[2010/12/15 21:46:32 | 001,323,054 | ---- | C] () -- C:\Documents and Settings\Gavin\Desktop\superfish error.bmp
[2010/12/15 18:14:37 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/12/10 16:46:37 | 3543,728,127 | ---- | C] () -- C:\Documents and Settings\Gavin\Desktop\mvl-fifi.iso
[2010/12/10 16:46:36 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Gavin\Desktop\mvl-fifi.dvd
[2010/12/08 10:40:45 | 001,343,214 | ---- | C] () -- C:\Documents and Settings\Gavin\Desktop\untitled.bmp
[2010/12/06 20:00:01 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/12/06 13:58:56 | 002,496,715 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe
[2010/12/02 15:47:52 | 000,114,243 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/12/02 15:47:52 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/11/26 19:25:42 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk
[2010/11/26 15:32:11 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Gavin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/26 15:32:11 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/26 14:54:49 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Gavin\Application Data\Sys6925.Config Collection.sys
[2010/11/26 14:54:49 | 000,000,022 | -HS- | C] () -- C:\WINDOWS\Sys3390 SettingsCollection.bin
[2010/11/26 14:53:08 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\Gavin\Application Data\Microsoft\Internet Explorer\Quick Launch\jv16 PowerTools 2010.lnk
[2010/11/26 14:53:08 | 000,001,567 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\jv16 PowerTools 2010.lnk
[2010/11/26 14:52:22 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/25 08:11:42 | 009,013,618 | ---- | C] () -- C:\Documents and Settings\Gavin\Desktop\abgx360_v1.0.4_setup.exe
[2010/10/25 09:09:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2010/10/25 09:09:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2010/10/25 09:09:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2010/10/25 09:09:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010/10/08 20:41:47 | 004,352,728 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1409082233-1614895754-839522115-500-0.dat
[2010/10/08 20:41:47 | 000,277,338 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/09/10 21:30:34 | 000,697,536 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/08 19:17:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/09/08 19:17:46 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/09/08 19:17:37 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Gavin\Application Data\$_hpcst$.hpc
[2010/09/08 15:58:06 | 001,814,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2010/08/22 19:49:38 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/08/10 20
[2010/07/25 16:08:01 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2010/07/25 16:06:50 | 000,004,011 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2010/07/25 15:16:38 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Gavin\Local Settings\Application Data\fusioncache.dat
[2010/05/17 23:49:00 | 000,206,336 | ---- | C] () -- C:\Documents and Settings\Gavin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/09 20:27:45 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2010/05/09 20:26:41 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2010/05/02 13:44:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/03/23 23:00:05 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/03/23 23:00:04 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/03/23 23:00:03 | 002,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010/03/23 23:00:03 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/23 23:00:03 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/03/23 23:00:02 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/03/23 23:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/03/23 22:48:56 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/03/22 23:12:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/21 15:50:34 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
========== LOP Check ==========
[2010/11/09 22:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/05/21 17:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/04/11 21:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2010/05/22 06:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success
[2010/08/10 20:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/08/08 13:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/04/07 17:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2010/11/06 09:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2010/03/29 19:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010/12/02 16:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/11 10:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/08/14 13:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/04/07 17:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Media
[2010/05/17 20:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[2010/11/26 16:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\abgx360
[2010/05/10 16:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\Acronis
[2010/05/21 17:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\DAEMON Tools Pro
[2010/08/22 19:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\EPSON
[2010/04/27 20:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\FlashFXP
[2010/05/05 20:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\ImgBurn
[2010/06/12 13:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\LEAPS
[2010/04/04 13:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\LG Electronics
[2010/06/12 13:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\Pegasys Inc
[2010/11/06 09:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\Samsung
[2010/08/27 10:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\Shareaza
[2010/11/02 17:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\Sports Interactive
[2010/06/18 20:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\SystemRequirementsLab
[2010/04/11 10:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\Trusteer
[2010/03/23 23:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\URSoft
[2010/12/17 16:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\uTorrent
[2010/05/05 20:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\WinAVI
[2010/04/20 10:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\Windows Search
[2010/11/12 16:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\Xbins
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/11/18 08:41:45 | 000,002,898 | ---- | M] () -- C:\aqua_bitmap.cpp
[2010/03/22 23:23:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/09 23:03:10 | 000,627,433 | ---- | M] () -- C:\BESR2010PatchLog.txt
[2010/12/16 10:17:25 | 000,000,221 | ---- | M] () -- C:\Boot.bak
[2010/12/17 02:33:09 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/12/17 12:27:50 | 000,021,212 | ---- | M] () -- C:\ComboFix.txt
[2010/03/22 23:23:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/03/22 23:23:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/22 23:23:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 11:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/03/25 12:09:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/17 12:31:05 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/12/17 03:18:47 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2010/12/17 02:00:46 | 000,047,342 | ---- | M] () -- C:\TDSSKiller.2.4.11.0_17.12.2010_01.59.32_log.txt
[2010/12/17 02:27:33 | 000,047,342 | ---- | M] () -- C:\TDSSKiller.2.4.11.0_17.12.2010_02.00.56_log.txt
[2010/07/25 16:09:32 | 000,000,164 | ---- | M] () -- C:\uniTvTv.log
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2010/03/22 23:22:58 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
[2006/10/26 19
[2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfil terpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2010/03/22 23:10:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/03/22 23:10:56 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/03/22 23:10:56 | 000,929,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/03/25 12:12:23 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/24 06:24:47 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Gavin\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/03/22 23:26:47 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Gavin\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2010/11/25 08:12:23 | 009,013,618 | ---- | M] () -- C:\Documents and Settings\Gavin\Desktop\abgx360_v1.0.4_setup.exe
[2010/12/17 11:49:23 | 003,993,469 | R--- | M] () -- C:\Documents and Settings\Gavin\Desktop\ComboFix.exe
[2010/12/16 09:37:37 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Gavin\Desktop\MBRCheck.exe
[2010/12/17 22:08:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gavin\Desktop\OTL.exe
[2010/12/17 02:25:24 | 000,660,752 | ---- | M] () -- C:\Documents and Settings\Gavin\Desktop\rkill.exe
[2010/12/08 14:48:08 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Gavin\Desktop\TDSSKiller.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
[2010/12/06 20:02:53 | 000,590,392 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Gavin\My Documents\SPTDinst-v175-x86.exe
[2010/12/15 18:48:17 | 012,468,680 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Gavin\My Documents\windows-kb890830-v3.14.exe
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2010/03/22 23:26:47 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Gavin\Favorites\Desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
[2010/04/27 19:51:48 | 000,000,418 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2010/12/17 22:07:43 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Gavin\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
[2008/04/14 00:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 14:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 17:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 00:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 18:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 18:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 18:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Gavin\My Documents\Shareaza Downloads:Shareaza.GUID
< End of report >
Last edited by gazza1988; 17-12-2010 at 10:27 PM.
