View Full Version : Personal Shield Pro (fixed?) -> Search Engine Re-directs
Greetings, I was recently infected with the fake anti-virus called Personal Shield Pro. I think I have successfully cleared it from my system using Malwarebytes and Spybot S&D. However, I am now being re-directed to sketchy-looking websites whenever I click a link from a search (Google or Bing).
My system seems to be running well enough otherwise, perhaps startup is a little slower than usual.
My dds.txt log follows...many thanks for assisting :crowned:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Run by Bry at 4:55:24 on 2011-07-25
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1198 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Bry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Bry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mSearch Bar = hxxp://www.google.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Tango: {2d96ec5c-82c5-4153-9cf1-42f170074495} - c:\windows\system32\4578.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: aolcdn.com
Trusted Zone: shoutcast.com
Trusted Zone: winamp.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162990319359
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://crucial.com/controls/cpcScanner.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: DhcpNameServer = 192.168.123.254
TCP: Interfaces\{3B1037E0-4AB4-480A-B925-BF8C0A1B498D} : DhcpNameServer = 192.168.123.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\ad-aware 2007\aawservice.exe [2007-10-29 587096]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2008-2-9 2560]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-19 136176]
S2 TermServices;Remote Desktop Service;c:\windows\system32\svchost.exe -k termsvc [2001-8-23 14336]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\BCGAME.SYS [2002-4-12 9349]
S3 bcgbus;Nostromo USB Device Driver;c:\windows\system32\drivers\BCGBUS.SYS [2002-4-12 29112]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-19 136176]
S3 LiveTurbineMessageService;Turbine Message Service - Live;e:\turbine download manager\TurbineMessageService.exe [2009-11-10 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;e:\turbine download manager\TurbineNetworkService.exe [2009-11-10 218608]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-24 41272]
S3 mxDisk;mxDisk;c:\progra~1\vcom\fix-it\mxDisk.sys [2003-6-10 51212]
.
=============== Created Last 30 ================
.
2011-07-24 11:13:57 -------- d-----w- c:\program files\MPAccess
2011-07-24 09:41:22 -------- d-----w- c:\program files\PC Tools Security
2011-07-24 09:41:22 -------- d-----w- c:\program files\common files\PC Tools
2011-07-24 06:35:55 -------- d-----w- c:\documents and settings\bry\application data\Malwarebytes
2011-07-24 06:35:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-24 06:35:43 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-24 06:35:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-24 06:35:43 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-24 03:07:36 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-07-18 04:35:08 -------- d-----w- c:\program files\Traffic Simulator Configuration Tool
.
==================== Find3M ====================
.
2011-07-25 09:14:16 1441 --sha-w- c:\windows\system32\mmf.sys
2011-07-07 15:26:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: QUANTUM_FIREBALLlct20_30 rev.APL.0900 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A6A94D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a6af7d0]; MOV EAX, [0x8a6af84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13A7] -> \Device\Harddisk0\DR0[0x8A6B7030]
3 CLASSPNP[0xF766805B] -> nt!IofCallDriver[0x804E13A7] -> \Device\00000068[0x8A6E93B8]
5 ACPI[0xF74BF620] -> nt!IofCallDriver[0x804E13A7] -> [0x8A65F940]
\Driver\atapi[0x8A6E79B8] -> IRP_MJ_CREATE -> 0x8A6A94D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A6A931B
\Driver\atapi -> 0x8a7171d8
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 4:58:32.87 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Your infected with the TDSS Rootkit :sad:
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
Alright, I ran TDSSKiller, and the re-directs seem to be fixed. Another issue that I noticed since my first post, which is an svchost.exe using 40-90% of my CPU, is also tentatively fixed.
Also, Windows Firewall was being turned off upon reboot, and was not turned off this time.
The last thing I have noticed is that Windows insists that I have Automatic Updates turned off, even though I do not. This issue seems to be persisting.
TDSSKiller log follows:
2011/07/28 14:58:01.0406 3640 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/28 14:58:02.0484 3640 ================================================================================
2011/07/28 14:58:02.0484 3640 SystemInfo:
2011/07/28 14:58:02.0484 3640
2011/07/28 14:58:02.0484 3640 OS Version: 5.1.2600 ServicePack: 2.0
2011/07/28 14:58:02.0484 3640 Product type: Workstation
2011/07/28 14:58:02.0484 3640 ComputerName: BRY
2011/07/28 14:58:02.0484 3640 UserName: Bry
2011/07/28 14:58:02.0484 3640 Windows directory: C:\WINDOWS
2011/07/28 14:58:02.0484 3640 System windows directory: C:\WINDOWS
2011/07/28 14:58:02.0484 3640 Processor architecture: Intel x86
2011/07/28 14:58:02.0484 3640 Number of processors: 2
2011/07/28 14:58:02.0484 3640 Page size: 0x1000
2011/07/28 14:58:02.0484 3640 Boot type: Normal boot
2011/07/28 14:58:02.0484 3640 ================================================================================
2011/07/28 14:58:07.0781 3640 Initialize success
2011/07/28 14:58:21.0468 4416 ================================================================================
2011/07/28 14:58:21.0468 4416 Scan started
2011/07/28 14:58:21.0468 4416 Mode: Manual;
2011/07/28 14:58:21.0468 4416 ================================================================================
2011/07/28 14:58:27.0218 4416 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/28 14:58:27.0500 4416 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/28 14:58:27.0937 4416 aeaudio (5ca3873be2477f5dc0035e9ff9c7be0f) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/07/28 14:58:28.0250 4416 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/07/28 14:58:28.0546 4416 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/07/28 14:58:28.0812 4416 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/07/28 14:58:30.0031 4416 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
2011/07/28 14:58:30.0359 4416 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/28 14:58:32.0109 4416 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/28 14:58:32.0343 4416 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/28 14:58:33.0000 4416 ati2mtag (ed24215d4223c60989f02e196a1fff73) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/07/28 14:58:33.0500 4416 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/28 14:58:33.0734 4416 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/28 14:58:33.0984 4416 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/07/28 14:58:34.0250 4416 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/07/28 14:58:34.0500 4416 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/07/28 14:58:34.0734 4416 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/07/28 14:58:34.0968 4416 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/07/28 14:58:35.0250 4416 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/07/28 14:58:35.0484 4416 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/07/28 14:58:35.0718 4416 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/07/28 14:58:35.0984 4416 bcgame (37a2b1dff3d4627884de379271ede54a) C:\WINDOWS\system32\DRIVERS\BCGAME.SYS
2011/07/28 14:58:36.0250 4416 bcgbus (4cd6d98870a7d8fad6d4551ea93fbd4f) C:\WINDOWS\system32\DRIVERS\BCGBUS.SYS
2011/07/28 14:58:36.0484 4416 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/28 14:58:36.0718 4416 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/28 14:58:37.0203 4416 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/28 14:58:37.0546 4416 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/28 14:58:37.0796 4416 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/28 14:58:39.0046 4416 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/28 14:58:39.0312 4416 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/07/28 14:58:39.0546 4416 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/07/28 14:58:39.0750 4416 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/07/28 14:58:39.0984 4416 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/07/28 14:58:40.0531 4416 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/07/28 14:58:41.0046 4416 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/07/28 14:58:41.0312 4416 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/07/28 14:58:41.0562 4416 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/07/28 14:58:41.0796 4416 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/07/28 14:58:42.0140 4416 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/28 14:58:42.0437 4416 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/28 14:58:42.0703 4416 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/28 14:58:42.0937 4416 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/28 14:58:43.0421 4416 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/28 14:58:43.0671 4416 drvmcdb (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/07/28 14:58:43.0968 4416 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/07/28 14:58:44.0312 4416 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/28 14:58:44.0562 4416 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/28 14:58:44.0781 4416 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/28 14:58:45.0031 4416 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/28 14:58:45.0281 4416 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/28 14:58:45.0593 4416 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/28 14:58:45.0828 4416 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/28 14:58:46.0078 4416 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/28 14:58:46.0484 4416 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/28 14:58:46.0921 4416 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/28 14:58:47.0796 4416 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/28 14:58:48.0687 4416 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/28 14:58:48.0921 4416 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/28 14:58:49.0234 4416 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/28 14:58:49.0468 4416 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/28 14:58:49.0718 4416 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/28 14:58:49.0968 4416 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/28 14:58:50.0234 4416 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/28 14:58:50.0484 4416 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/28 14:58:50.0750 4416 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/28 14:58:50.0984 4416 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/28 14:58:51.0250 4416 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/28 14:58:51.0562 4416 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/28 14:58:52.0140 4416 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2011/07/28 14:58:52.0453 4416 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/07/28 14:58:52.0750 4416 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/28 14:58:53.0031 4416 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/28 14:58:53.0296 4416 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/28 14:58:53.0531 4416 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/28 14:58:53.0750 4416 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/28 14:58:54.0250 4416 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/28 14:58:54.0593 4416 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/28 14:58:54.0937 4416 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/28 14:58:55.0203 4416 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/28 14:58:55.0453 4416 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/28 14:58:55.0687 4416 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/28 14:58:55.0921 4416 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/28 14:58:56.0218 4416 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/28 14:58:56.0468 4416 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/28 14:58:56.0640 4416 mxDisk (7faf79a12071a4d3ed325a58b57df72f) C:\PROGRA~1\VCOM\Fix-It\mxDisk.sys
2011/07/28 14:58:56.0906 4416 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
2011/07/28 14:58:57.0187 4416 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/28 14:58:57.0468 4416 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/28 14:58:57.0703 4416 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/28 14:58:57.0984 4416 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/28 14:58:58.0484 4416 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/28 14:58:59.0156 4416 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/28 14:58:59.0421 4416 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/28 14:58:59.0656 4416 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/28 14:58:59.0906 4416 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/28 14:59:00.0234 4416 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/28 14:59:00.0500 4416 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/28 14:59:00.0750 4416 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/28 14:59:01.0046 4416 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/28 14:59:01.0312 4416 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/28 14:59:01.0515 4416 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/28 14:59:01.0750 4416 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/28 14:59:02.0031 4416 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/28 14:59:02.0312 4416 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/28 14:59:02.0546 4416 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/28 14:59:02.0828 4416 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/28 14:59:03.0375 4416 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/28 14:59:03.0609 4416 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/28 14:59:05.0140 4416 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/28 14:59:05.0437 4416 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/28 14:59:05.0671 4416 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/28 14:59:05.0906 4416 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/28 14:59:06.0171 4416 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/28 14:59:06.0406 4416 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
2011/07/28 14:59:07.0609 4416 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/28 14:59:08.0171 4416 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/28 14:59:08.0578 4416 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/28 14:59:08.0812 4416 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/28 14:59:09.0093 4416 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/28 14:59:09.0437 4416 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/28 14:59:09.0687 4416 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/28 14:59:09.0968 4416 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/28 14:59:10.0281 4416 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/28 14:59:10.0625 4416 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/28 14:59:10.0875 4416 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/28 14:59:11.0125 4416 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/28 14:59:11.0437 4416 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/28 14:59:11.0875 4416 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/28 14:59:12.0156 4416 smwdm (d95c55be20d8a0b5b4dd9cf008c2305e) C:\WINDOWS\system32\drivers\smwdm.sys
2011/07/28 14:59:12.0625 4416 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/28 14:59:13.0031 4416 sptd (4e3c4ffcb2c95c2ec1fa04a6f4531533) C:\WINDOWS\system32\Drivers\sptd.sys
2011/07/28 14:59:13.0046 4416 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4e3c4ffcb2c95c2ec1fa04a6f4531533
2011/07/28 14:59:13.0046 4416 sptd - detected LockedFile.Multi.Generic (1)
2011/07/28 14:59:13.0312 4416 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/28 14:59:13.0578 4416 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/28 14:59:13.0828 4416 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/28 14:59:14.0062 4416 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/28 14:59:14.0421 4416 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/28 14:59:15.0484 4416 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/28 14:59:15.0750 4416 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/28 14:59:16.0015 4416 Tcpip6 (00586ed87ab564b03870a2a3dcc84b55) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/07/28 14:59:16.0312 4416 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/28 14:59:16.0531 4416 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/28 14:59:16.0765 4416 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/28 14:59:17.0500 4416 tunmp (87a0e9e18c10a9e454238e3330e2a26d) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/07/28 14:59:17.0937 4416 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/28 14:59:18.0312 4416 UlSata (7bbac49fcfb5d31489420e2fe8a47f02) C:\WINDOWS\system32\DRIVERS\ulsata.sys
2011/07/28 14:59:18.0765 4416 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/28 14:59:19.0062 4416 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/28 14:59:19.0375 4416 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/28 14:59:19.0593 4416 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/28 14:59:19.0828 4416 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/28 14:59:20.0062 4416 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/28 14:59:20.0328 4416 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/28 14:59:20.0562 4416 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/07/28 14:59:20.0984 4416 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/28 14:59:21.0328 4416 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/28 14:59:21.0593 4416 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/07/28 14:59:22.0046 4416 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/28 14:59:22.0453 4416 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/07/28 14:59:22.0671 4416 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/28 14:59:22.0890 4416 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/28 14:59:23.0171 4416 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/28 14:59:23.0468 4416 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/28 14:59:23.0734 4416 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\WINDOWS\system32\DRIVERS\xusb21.sys
2011/07/28 14:59:24.0156 4416 ZSMC211 (9d1f9c88f973b68ca1db0ae72f00ec8d) C:\WINDOWS\system32\Drivers\ZS211.sys
2011/07/28 14:59:24.0468 4416 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/07/28 14:59:24.0484 4416 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/07/28 14:59:24.0500 4416 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR2
2011/07/28 14:59:24.0562 4416 Boot (0x1200) (ae23474a51fcf6880b41517e598bc053) \Device\Harddisk0\DR0\Partition0
2011/07/28 14:59:24.0578 4416 Boot (0x1200) (2727c5861400f09ddea8135a113a3b92) \Device\Harddisk1\DR2\Partition0
2011/07/28 14:59:24.0609 4416 ================================================================================
2011/07/28 14:59:24.0609 4416 Scan finished
2011/07/28 14:59:24.0609 4416 ================================================================================
2011/07/28 14:59:24.0625 4492 Detected object count: 2
2011/07/28 14:59:24.0625 4492 Actual detected object count: 2
2011/07/28 14:59:57.0437 4492 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/07/28 14:59:57.0468 4492 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/07/28 14:59:57.0468 4492 \Device\Harddisk0\DR0 - ok
2011/07/28 14:59:57.0468 4492 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/28 15:00:05.0000 1564 Deinitialize success
Hi,
Make sure you rebooted after running TDSSKiller .
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Thank you for helping :)
Here is my OTL.txt.....
OTL Extras logfile created on: 7/29/2011 9:03:09 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Bry\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.02% Memory free
2.85 Gb Paging File | 2.37 Gb Available in Paging File | 83.01% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 7.82 Gb Free Space | 27.98% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 391.01 Gb Free Space | 83.95% Space Free | Partition Type: NTFS
Computer Name: BRY | User Name: Bry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-861567501-1659004503-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"13000:UDP" = 13000:UDP:*:Enabled:SL
"12043:TCP" = 12043:TCP:*:Enabled:SL
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Grisoft\AVG Free\avginet.exe" = C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe" = C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\Program Files\Grisoft\AVG Free\avgcc.exe" = C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe
"E:\Everquest II\LaunchPad.exe" = E:\Everquest II\LaunchPad.exe:*:Enabled:LaunchPad
"E:\SecondLife\SecondLife.exe" = E:\SecondLife\SecondLife.exe:*:Enabled:SecondLife
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com)
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"E:\`FILES\Programs\StubInstaller.exe" = E:\`FILES\Programs\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- ()
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"E:\BladeOfDarkness\Bin\Blade.exe" = E:\BladeOfDarkness\Bin\Blade.exe:*:Enabled:Blade
"C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe" = C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"E:\SecondLife\SLVoice.exe" = E:\SecondLife\SLVoice.exe:*:Enabled:SLVoice
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"E:\Civ IV\Civilization4.exe" = E:\Civ IV\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4
"E:\SimCity3000\Apps\Updater\UPDATER.EXE" = E:\SimCity3000\Apps\Updater\UPDATER.EXE:*:Disabled:SC3UpdaterMFC
"E:\JLC\Internet TV.exe" = E:\JLC\Internet TV.exe:*:Enabled:Internet TV
"E:\Everquest II\EverQuest2.exe" = E:\Everquest II\EverQuest2.exe:*:Enabled:EQ2 Client Application
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"E:\SopCast\SopCast.exe" = E:\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
"C:\Program Files\VLCMediaPlayer\vlc.exe" = C:\Program Files\VLCMediaPlayer\vlc.exe:*:Enabled:VLC media player
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"E:\Second Life\SLVoice.exe" = E:\Second Life\SLVoice.exe:*:Enabled:SLVoice
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"E:\Scrabble\Scrabble v2.0.exe" = E:\Scrabble\Scrabble v2.0.exe:*:Enabled:Scrabble v2.0
"E:\EQII - The Shadow Odyssey\EQ2VoiceService.exe" = E:\EQII - The Shadow Odyssey\EQ2VoiceService.exe:*:Enabled:EQ2VoiceService -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"E:\EQII - The Shadow Odyssey\EverQuest2.exe" = E:\EQII - The Shadow Odyssey\EverQuest2.exe:*:Enabled:EQ2 Client Application -- (Sony Online Entertainment)
"E:\DDO\dndclient.exe" = E:\DDO\dndclient.exe:*:Enabled:dndclient -- (Turbine, Inc.)
"E:\Emerald Viewer\SLVoice.exe" = E:\Emerald Viewer\SLVoice.exe:*:Enabled:SLVoice
"E:\Emerald Viewer\Emerald.exe" = E:\Emerald Viewer\Emerald.exe:*:Enabled:Second Life Open Source [Emerald Viewer]
"E:\Second Life\SecondLife.exe" = E:\Second Life\SecondLife.exe:*:Enabled:Second Life
"E:\Second Life 2.0\SecondLifeBetaViewer.exe" = E:\Second Life 2.0\SecondLifeBetaViewer.exe:*:Enabled:Second Life
"E:\Turbine Download Manager\TurbineMessageService.exe" = E:\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService -- (Turbine, Inc.)
"E:\Turbine Download Manager\TurbineNetworkService.exe" = E:\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService -- (Turbine, Inc.)
"E:\SecondLifeViewer2\SLVoice.exe" = E:\SecondLifeViewer2\SLVoice.exe:*:Enabled:SLVoice -- (Vivox Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"E:\Civ 4\Civilization4.exe" = E:\Civ 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"E:\Steam\Steam.exe" = E:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"E:\Steam\steamapps\common\sid meier's civilization v\CivilizationV.exe" = E:\Steam\steamapps\common\sid meier's civilization v\CivilizationV.exe:*:Enabled:Sid Meier's Civilization V -- (Firaxis Games)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"E:\SecondLifeViewer2\SecondLife.exe" = E:\SecondLifeViewer2\SecondLife.exe:*:Enabled:SecondLife.exe -- (Linden Lab)
"E:\Steam\steamapps\common\europa universalis iii - complete\eu3game.exe" = E:\Steam\steamapps\common\europa universalis iii - complete\eu3game.exe:*:Enabled:Europa Universalis III -- ()
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"E:\Second Life\Snowglobe\SnowglobeRelease.exe" = E:\Second Life\Snowglobe\SnowglobeRelease.exe:*:Enabled:Cool VL Viewer
"E:\Snowglobe\SnowglobeRelease.exe" = E:\Snowglobe\SnowglobeRelease.exe:*:Enabled:Cool VL Viewer -- (Linden Lab)
"E:\DolphinViewer2\DolphinViewer2.exe" = E:\DolphinViewer2\DolphinViewer2.exe:*:Enabled:DolphinViewer2.exe -- (Lance Corrimal)
"E:\DolphinViewer2\slplugin.exe" = E:\DolphinViewer2\slplugin.exe:*:Enabled:slplugin.exe -- ()
"E:\Runes of Magic\Client.exe" = E:\Runes of Magic\Client.exe:*:Enabled:Runes of Magic -- (Runewaker)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"E:\Steam\steamapps\common\sid meier's civilization v\Launcher.exe" = E:\Steam\steamapps\common\sid meier's civilization v\Launcher.exe:*:Enabled:Sid Meier's Civilization V -- (Firaxis Games)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1E1300BC-6DBA-476B-8CCF-4AA81ED4DF6A}" = AVG 2011
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.5.2.1102
"{2D96EC5C-82C5-4153-9CF1-42F170074495}" = Tango
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = ZSMC USB PC Camera (ZS211)
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4704C796-05D9-40FC-AF0E-8A168B511AA8}" = Blade of Darkness
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80490945-CE48-45CF-9CCA-CA0EF44D9FE4}" = AVG 2011
"{81D2FECF-FB01-4120-828B-DB3213440356}" = EverQuest II: The Shadow Odyssey
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3071D0-B51E-11DD-72AE-01EFE8642CD6}" = Baseball Mogul 2009
"{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}" = NHL Eastside Hockey Manager 2007
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AF9C41C1-EC1D-4FCD-9C5D-1AFEFCB67CD1}" = VCOM Fix-It Utilities 5
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6ED3E86-5261-469D-B634-153B99817DE0}" = Nostromo Array Programming Software
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{E0303B6A-C675-4102-95DA-C013625BFA99}" = GTA San Andreas
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8DEF1A3-B91E-4935-914A-2AF55C3FC971}" = MLB 2K9
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons and Dragons Online™ - Eberron Unlimited™ - Live
"62289540-dc30-11dc-95ff-0800200c9a66_is1" = Turbine Download Manager - Live
"7-Zip" = 7-Zip 4.42
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.3 (Unicode)
"AudioBurst" = AudioBurst FX for Winamp
"AVG" = AVG 2011
"AZZ Cardfile" = AZZ Cardfile
"BitLord" = BitLord 1.1
"CCleaner" = CCleaner (remove only)
"comtypes-py2.5" = Python 2.5 comtypes-0.5.2
"DolphinViewer2" = DolphinViewer2 (remove only)
"eMusic Download Manager" = eMusic Download Manager 3.0
"EQ2MAP Updater" = EQ2MAP Updater 1.2.4
"ERUNT_is1" = ERUNT 1.1j
"Firestorm-Beta" = Firestorm-Beta (remove only)
"Firestorm-Preview" = Firestorm-Preview (remove only)
"Fraps" = Fraps
"Free Realms Installer" = Free Realms Installer
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LimeWire" = LimeWire 4.12.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mp3tag" = Mp3tag v2.44
"MS Access 97 SP2" = MS Access 97 SP2
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"PC Doc Pro_is1" = PC Doc Pro 3.5
"PeerGuardian_is1" = PeerGuardian 2.0
"PIL-py2.5" = Python 2.5 PIL-1.1.6
"Port Royale 2" = Port Royale 2
"psyco-py2.5" = Python 2.5 psyco-1.6
"pywin32-py2.5" = Python 2.5 pywin32-212
"RealPlayer 6.0" = RealPlayer
"Scrabble v2.0" = Scrabble v2.0
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Snowglobe" = Snowglobe (remove only)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Steam App 25800" = Europa Universalis III
"Steam App 8930" = Sid Meier's Civilization V
"SystemRequirementsLab" = System Requirements Lab
"TablEdit_is1" = TablEdit 2.69
"Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
"VLC media player" = VLC media player 0.9.9
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"wxPython2.8-ansi-py25_is1" = wxPython 2.8.7.1 (ansi) for Python 2.5
"Xvid_is1" = Xvid 1.1.3 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Minoral" = Minoral.exe
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Minoral" = Minoral.exe
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-861567501-1659004503-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Network Addon Mod" = Network Addon Mod Version 29
"Network Addon Mod Retexture and Cosmetic Mod Setup" = Network Addon Mod Retexture and Cosmetic Mod Setup North American Version 1.0
"SOE-Free Realms" = Free Realms
"Winamp Detect" = Winamp Detector Plug-in
"Winamp Toolbar" = Winamp Toolbar
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7/28/2011 8:30:04 AM | Computer Name = BRYS | Source = PerfNet | ID = 2005
Description = Unable to read performance data from the Server service. No Server
performance data will be returned in this sample. Error code returned is in data
DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.
Error - 7/28/2011 8:30:04 AM | Computer Name = BRYS | Source = PerfNet | ID = 2006
Description = Unable to read Server Queue performance data from the Server service.
No
Server Queue performance data will be returned in this sample. Error code returned
is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.
Error - 7/28/2011 8:30:05 AM | Computer Name = BRYS | Source = PerfNet | ID = 2005
Description = Unable to read performance data from the Server service. No Server
performance data will be returned in this sample. Error code returned is in data
DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.
Error - 7/28/2011 8:30:05 AM | Computer Name = BRYS | Source = PerfNet | ID = 2006
Description = Unable to read Server Queue performance data from the Server service.
No
Server Queue performance data will be returned in this sample. Error code returned
is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.
Error - 7/28/2011 8:30:05 AM | Computer Name = BRYS | Source = PerfNet | ID = 2005
Description = Unable to read performance data from the Server service. No Server
performance data will be returned in this sample. Error code returned is in data
DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.
Error - 7/28/2011 8:30:05 AM | Computer Name = BRYS | Source = PerfNet | ID = 2006
Description = Unable to read Server Queue performance data from the Server service.
No
Server Queue performance data will be returned in this sample. Error code returned
is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.
Error - 7/28/2011 8:30:06 AM | Computer Name = BRYS | Source = PerfNet | ID = 2005
Description = Unable to read performance data from the Server service. No Server
performance data will be returned in this sample. Error code returned is in data
DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.
Error - 7/28/2011 8:30:06 AM | Computer Name = BRYS | Source = PerfNet | ID = 2006
Description = Unable to read Server Queue performance data from the Server service.
No
Server Queue performance data will be returned in this sample. Error code returned
is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.
Error - 7/28/2011 8:30:06 AM | Computer Name = BRYS | Source = PerfNet | ID = 2005
Description = Unable to read performance data from the Server service. No Server
performance data will be returned in this sample. Error code returned is in data
DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.
Error - 7/28/2011 8:30:06 AM | Computer Name = BRYS | Source = PerfNet | ID = 2006
Description = Unable to read Server Queue performance data from the Server service.
No
Server Queue performance data will be returned in this sample. Error code returned
is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.
[ System Events ]
Error - 7/28/2011 8:53:10 AM | Computer Name = BRY | Source = Service Control Manager | ID = 7023
Description = The Remote Desktop Service service terminated with the following error:
%%126
Error - 7/28/2011 8:53:21 AM | Computer Name = BRY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Imapi
Error - 7/28/2011 3:59:24 PM | Computer Name = BRY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.
Error - 7/28/2011 3:59:24 PM | Computer Name = BRY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.
Error - 7/28/2011 3:59:24 PM | Computer Name = BRY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.
Error - 7/28/2011 3:59:24 PM | Computer Name = BRY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.
Error - 7/28/2011 3:59:24 PM | Computer Name = BRY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.
Error - 7/28/2011 4:05:15 PM | Computer Name = BRY | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126
Error - 7/28/2011 4:05:15 PM | Computer Name = BRY | Source = Service Control Manager | ID = 7023
Description = The Remote Desktop Service service terminated with the following error:
%%126
Error - 7/28/2011 4:05:57 PM | Computer Name = BRY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Imapi
< End of report >
Sorry, that was the extras.txt. Here is the OTL.txt.
OTL logfile created on: 7/29/2011 9:03:09 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Bry\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.02% Memory free
2.85 Gb Paging File | 2.37 Gb Available in Paging File | 83.01% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 7.82 Gb Free Space | 27.98% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 391.01 Gb Free Space | 83.95% Space Free | Partition Type: NTFS
Computer Name: BRY | User Name: Bry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Bry\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\WINDOWS\Runservice.exe ()
PRC - C:\Program Files\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Bry\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (TermServices) -- File not found
SRV - (helpsvc) -- File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (LiveTurbineMessageService) -- E:\Turbine Download Manager\TurbineMessageService.exe (Turbine, Inc.)
SRV - (LiveTurbineNetworkService) -- E:\Turbine Download Manager\TurbineNetworkService.exe (Turbine, Inc.)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (LicCtrlService) -- C:\WINDOWS\Runservice.exe ()
SRV - (aawservice) -- C:\Program Files\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SRV - (Fix-It Task Manager) -- C:\Program Files\VCOM\Fix-It\MXTASK.exe (V Communications, Inc.)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ZSMC211) ZSMC USB PC Camera (ZS211) -- C:\WINDOWS\system32\drivers\ZS211.sys (ZSMC.Corporation)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (mxDisk) -- C:\Program Files\VCOM\Fix-It\mxDisk.sys ()
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (AN983) -- C:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.)
DRV - (bcgbus) -- C:\WINDOWS\system32\drivers\BCGBUS.SYS (Belkin Components)
DRV - (bcgame) -- C:\WINDOWS\system32\drivers\BCGAME.SYS (Belkin Components)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861567501-1659004503-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-861567501-1659004503-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Bry\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Bry\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/09/13 10:02:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 09:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/07/12 09:03:39 | 000,000,000 | ---D | M]
[2011/07/24 17:04:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/31 09:19:22 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2006/12/31 16:01:47 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2011/03/22 13:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
O1 HOSTS File: ([2011/07/25 04:21:01 | 000,436,064 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-domains-registrations.com
O1 - Hosts: 127.0.0.1 www.1-domains-registrations.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 15009 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Tango) - {2D96EC5C-82C5-4153-9CF1-42F170074495} - File not found
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-861567501-1659004503-1801674531-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-1659004503-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-861567501-1659004503-1801674531-1003\..Trusted Domains: aolcdn.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-861567501-1659004503-1801674531-1003\..Trusted Domains: shoutcast.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-861567501-1659004503-1801674531-1003\..Trusted Domains: winamp.com ([]* in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162990319359 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Bry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/08 06:36:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/31 14:17:24 | 000,000,118 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/07/29 21:01:25 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bry\Desktop\OTL.exe
[2011/07/28 14:56:12 | 001,436,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bry\Desktop\TDSSKiller.exe
[2011/07/25 04:55:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bry\Start Menu\Programs\Administrative Tools
[2011/07/25 04:54:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/25 04:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/24 17:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bry\Start Menu\Programs\Google Chrome
[2011/07/24 08:34:49 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/07/24 06:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\MPAccess
[2011/07/24 04:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/07/24 04:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/07/24 04:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/07/24 01:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bry\Application Data\Malwarebytes
[2011/07/24 01:35:45 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/24 01:35:43 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/24 01:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/24 01:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/23 23:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/07/23 23:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/07/23 22:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/07/23 22:04:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/07/23 21:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/07/23 21:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/07/17 23:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Traffic Simulator Configuration Tool
[2011/07/15 05:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bry\My Documents\SimCity 4
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/07/29 21:01:14 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bry\Desktop\OTL.exe
[2011/07/29 21:00:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bry\Local Settings\Application Data\prvlcl.dat
[2011/07/29 20:13:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/29 18:29:00 | 126,165,571 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/29 17:05:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1659004503-1801674531-1003Core.job
[2011/07/29 04:13:00 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/28 15:04:03 | 000,001,441 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2011/07/28 15:02:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/28 07:57:54 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Firestorm-Beta.lnk
[2011/07/28 05:32:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/25 04:21:01 | 000,436,064 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/25 03:54:35 | 000,000,734 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110725-042101.backup
[2011/07/24 17:09:54 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Bry\Desktop\Google Chrome.lnk
[2011/07/24 17:09:54 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Bry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/24 16:28:19 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011/07/24 04:43:48 | 000,733,118 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/07/24 01:08:43 | 000,001,312 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ri0p4h6jr26wsn2jg66g16vdqw7p305h2e508i8
[2011/07/14 21:30:47 | 000,000,783 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2011/07/12 09:04:10 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/07/11 16:58:52 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bry\Desktop\TDSSKiller.exe
[2011/07/07 10:26:19 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/07/24 17:09:54 | 000,002,268 | ---- | C] () -- C:\Documents and Settings\Bry\Desktop\Google Chrome.lnk
[2011/07/24 17:09:54 | 000,002,246 | ---- | C] () -- C:\Documents and Settings\Bry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/24 17:00:55 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1659004503-1801674531-1003Core.job
[2011/07/24 04:43:05 | 000,733,118 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/07/24 01:08:43 | 000,001,312 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ri0p4h6jr26wsn2jg66g16vdqw7p305h2e508i8
[2011/07/24 01:08:43 | 000,001,312 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ri0p4h6jr26wsn2jg66g16vdqw7p305h2e508i8
[2011/01/31 09:23:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/23 04:40:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bry\Local Settings\Application Data\prvlcl.dat
[2010/02/07 00:20:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\PControl.ini
[2009/05/29 18:47:07 | 000,000,215 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/05/20 15:22:42 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2009/05/20 15:22:42 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2009/05/02 23:06:20 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/04/13 18:21:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\Domino.exe
[2009/03/27 16:26:52 | 000,000,016 | ---- | C] () -- C:\WINDOWS\RealityFusion.ini
[2008/12/26 19:04:09 | 000,002,379 | ---- | C] () -- C:\WINDOWS\tabled32.ini
[2008/05/22 09:48:46 | 000,000,122 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008/05/09 16:27:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/05/09 16:21:30 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/03/28 22:36:13 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/03/28 22:36:13 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/03/28 22:36:13 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/03/24 17:20:08 | 000,345,097 | ---- | C] () -- C:\WINDOWS\CSUPP.EXE
[2008/03/06 09:40:54 | 000,168,883 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/02/09 15:03:38 | 000,001,441 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2008/02/09 15:03:36 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2008/02/09 15:03:36 | 000,002,560 | ---- | C] () -- C:\WINDOWS\Runservice.exe
[2008/02/09 08:57:55 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins001.exe
[2008/02/09 08:57:54 | 000,003,439 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2008/01/30 06:10:14 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/30 06:10:14 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/20 07:21:41 | 000,000,783 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/09/17 10:33:39 | 000,000,106 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2007/09/09 08:15:46 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/09/09 08:15:44 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/08/22 06:44:11 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/04/13 15:19:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2007/02/24 05:43:53 | 000,000,154 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/18 02:16:48 | 000,506,744 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2007/02/07 13:23:56 | 000,042,132 | ---- | C] () -- C:\WINDOWS\XF2000.INI
[2007/02/03 12:21:39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/23 07:39:11 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/01/06 20:55:55 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2006/11/25 22:56:31 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Bry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/12 04:38:51 | 000,001,580 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2006/11/12 04:37:50 | 000,003,375 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2006/11/11 21:36:10 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Bry\Local Settings\Application Data\fusioncache.dat
[2006/11/11 11:22:43 | 000,000,220 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/08 19:53:21 | 000,004,572 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/08 10:37:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/08 10:37:16 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/11/08 10:08:43 | 000,003,731 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/08 09:16:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ArmAccess.dll
[2006/11/08 08:46:56 | 000,003,248 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/11/08 08:22:49 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/11/08 06:41:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/11/08 06:31:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/11/08 00:10:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/11/08 00:08:12 | 000,104,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/16 14:05:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/15 17:40:22 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/06/10 16:03:38 | 000,029,600 | ---- | C] () -- C:\WINDOWS\System32\mxntdfg.exe
[2002/08/28 22:57:58 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/03/14 13:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/01/28 01:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe
[2000/01/28 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
========== LOP Check ==========
[2011/05/16 09:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/18 19:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/18 20:15:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/10/01 05:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2011/04/11 01:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/07/07 08:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SimCity Societies
[2011/07/24 05:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/10 12:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine
[2009/03/12 05:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/08/05 19:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\2K Sports
[2010/12/30 22:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\Ascaron Entertainment
[2008/03/24 10:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\Audacity
[2010/10/18 20:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\AVG10
[2008/03/24 10:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\BonkEnc
[2009/02/14 19:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\DAoC Portal
[2007/09/08 22:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\DaocTB
[2007/09/02 11:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\Electronic Arts
[2011/05/24 20:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\Firestorm
[2011/06/26 18:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\gtk-2.0
[2008/05/10 19:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\JLC's Software
[2007/09/09 17:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\KSCraft
[2007/02/18 08:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\Leadertech
[2009/09/19 06:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\Mp3tag
[2007/05/06 12:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\MusicIP
[2010/09/19 23:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\My Games
[2009/09/24 17:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\ProfitUI Reborn Updater
[2010/09/29 17:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\SecondLife
[2008/02/09 15:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\Sports Interactive
[2008/10/21 16:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\Stardock
[2008/01/11 20:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\SystemRequirementsLab
[2008/11/28 14:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bry\Application Data\VCOM
[2009/05/23 22:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tiggie\Application Data\SecondLife
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 362 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
Hi,
Looks like your hosts file is infected, lets clean it all out
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
O3 - HKLM\..\Toolbar: (Tango) - {2D96EC5C-82C5-4153-9CF1-42F170074495} - File not found
[2011/07/25 03:54:35 | 000,000,734 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110725-042101.backup
:Services
:Reg
:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
Take your time, I will be offline the rest of the day and returning late evening
I did the Run Fix with OTL and got an error .. 'Windows cannot open C:\Windows\System32\Drivers\etc\hosts' or something similar ... the computer seemed to lock up at that point and I re-booted it. Here is the log that came up:
-----------------------------
Files\Folders moved on Reboot...
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
Registry entries deleted on Reboot...
-----------------------------
I did Run Fix again and got no errors and the following log:
-----------------------------
All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2D96EC5C-82C5-4153-9CF1-42F170074495} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D96EC5C-82C5-4153-9CF1-42F170074495}\ not found.
File C:\WINDOWS\System32\drivers\etc\hosts.20110725-042101.backup not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
IP Address. . . . . . . . . . . . : fe80::204:5aff:fe80:3256%4
Default Gateway . . . . . . . . . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
Default Gateway . . . . . . . . . :
C:\Documents and Settings\Bry\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Bry\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.123.102
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::204:5aff:fe80:3256%4
Default Gateway . . . . . . . . . : 192.168.123.254
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
Default Gateway . . . . . . . . . :
Tunnel adapter Automatic Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : fe80::5efe:192.168.123.102%2
Default Gateway . . . . . . . . . :
C:\Documents and Settings\Bry\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Bry\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Bry\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Bry\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33728 bytes
User: All Users
User: Bry
->Temp folder emptied: 88980967 bytes
->Temporary Internet Files folder emptied: 3523163 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 232951012 bytes
->Flash cache emptied: 513 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33728 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 328026338 bytes
->Flash cache emptied: 11513 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 19077436 bytes
->Flash cache emptied: 7246 bytes
User: Tiggie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33728 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1110549 bytes
%systemroot%\System32 .tmp files removed: 4182033 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 60537 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 94777097 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes
RecycleBin emptied: 27792562 bytes
Total Files Cleaned = 764.00 mb
OTL by OldTimer - Version 3.2.26.1 log created on 07302011_225500
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
------------------------------
I'm going to guess that it is OK to continue with your instructions... more logs coming....
OTL.txt log:
OTL logfile created on: 7/30/2011 11:29:10 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Bry\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.93% Memory free
2.85 Gb Paging File | 2.39 Gb Available in Paging File | 83.81% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 8.73 Gb Free Space | 31.25% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 390.75 Gb Free Space | 83.90% Space Free | Partition Type: NTFS
Computer Name: BRY | User Name: Bry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Bry\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\WINDOWS\Runservice.exe ()
PRC - C:\Program Files\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Bry\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (TermServices) -- File not found
SRV - (helpsvc) -- File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (LiveTurbineMessageService) -- E:\Turbine Download Manager\TurbineMessageService.exe (Turbine, Inc.)
SRV - (LiveTurbineNetworkService) -- E:\Turbine Download Manager\TurbineNetworkService.exe (Turbine, Inc.)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (LicCtrlService) -- C:\WINDOWS\Runservice.exe ()
SRV - (aawservice) -- C:\Program Files\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SRV - (Fix-It Task Manager) -- C:\Program Files\VCOM\Fix-It\MXTASK.exe (V Communications, Inc.)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ZSMC211) ZSMC USB PC Camera (ZS211) -- C:\WINDOWS\system32\drivers\ZS211.sys (ZSMC.Corporation)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (mxDisk) -- C:\Program Files\VCOM\Fix-It\mxDisk.sys ()
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (AN983) -- C:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.)
DRV - (bcgbus) -- C:\WINDOWS\system32\drivers\BCGBUS.SYS (Belkin Components)
DRV - (bcgame) -- C:\WINDOWS\system32\drivers\BCGAME.SYS (Belkin Components)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861567501-1659004503-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-861567501-1659004503-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Bry\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Bry\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/09/13 10:02:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 09:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/07/12 09:03:39 | 000,000,000 | ---D | M]
[2011/07/24 17:04:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/31 09:19:22 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2006/12/31 16:01:47 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2011/03/22 13:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
O1 HOSTS File: ([2011/07/30 22:55:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-861567501-1659004503-1801674531-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-1659004503-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-861567501-1659004503-1801674531-1003\..Trusted Domains: aolcdn.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-861567501-1659004503-1801674531-1003\..Trusted Domains: shoutcast.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-861567501-1659004503-1801674531-1003\..Trusted Domains: winamp.com ([]* in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162990319359 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Bry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/08 06:36:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/31 14:17:24 | 000,000,118 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/07/30 22:25:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/30 22:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/07/30 06:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bry\Desktop\My eMusic
[2011/07/30 05:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eMusic Download Manager v5.0.2
[2011/07/29 21:01:25 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bry\Desktop\OTL.exe
[2011/07/28 14:56:12 | 001,436,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bry\Desktop\TDSSKiller.exe
[2011/07/25 04:55:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bry\Start Menu\Programs\Administrative Tools
[2011/07/25 04:54:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/25 04:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/24 17:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bry\Start Menu\Programs\Google Chrome
[2011/07/24 08:34:49 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/07/24 06:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\MPAccess
[2011/07/24 04:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/07/24 04:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/07/24 04:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/07/24 01:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bry\Application Data\Malwarebytes
[2011/07/24 01:35:45 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/24 01:35:43 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/24 01:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/24 01:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/23 23:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/07/23 23:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/07/23 22:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/07/23 22:04:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/07/23 21:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/07/23 21:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/07/17 23:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Traffic Simulator Configuration Tool
[2011/07/15 05:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bry\My Documents\SimCity 4
========== Files - Modified Within 30 Days ==========
[2011/07/30 23:19:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/30 23:09:24 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/30 23:09:03 | 000,001,441 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2011/07/30 23:08:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/30 22:55:08 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/30 22:31:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/30 18:28:27 | 126,296,615 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/30 17:30:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bry\Local Settings\Application Data\prvlcl.dat
[2011/07/30 17:05:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1659004503-1801674531-1003Core.job
[2011/07/30 05:56:42 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eMusic Download Manager.lnk
[2011/07/29 21:01:14 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bry\Desktop\OTL.exe
[2011/07/28 07:57:54 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Firestorm-Beta.lnk
[2011/07/24 17:09:54 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Bry\Desktop\Google Chrome.lnk
[2011/07/24 17:09:54 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Bry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/24 16:28:19 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011/07/24 04:43:48 | 000,733,118 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/07/24 01:08:43 | 000,001,312 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ri0p4h6jr26wsn2jg66g16vdqw7p305h2e508i8
[2011/07/14 21:30:47 | 000,000,783 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2011/07/12 09:04:10 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/07/11 16:58:52 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bry\Desktop\TDSSKiller.exe
[2011/07/07 10:26:19 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2011/07/30 05:56:42 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eMusic Download Manager.lnk
[2011/07/24 17:09:54 | 000,002,268 | ---- | C] () -- C:\Documents and Settings\Bry\Desktop\Google Chrome.lnk
[2011/07/24 17:09:54 | 000,002,246 | ---- | C] () -- C:\Documents and Settings\Bry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/24 17:00:55 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1659004503-1801674531-1003Core.job
[2011/07/24 04:43:05 | 000,733,118 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/07/24 01:08:43 | 000,001,312 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ri0p4h6jr26wsn2jg66g16vdqw7p305h2e508i8
[2011/07/24 01:08:43 | 000,001,312 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ri0p4h6jr26wsn2jg66g16vdqw7p305h2e508i8
[2011/01/31 09:23:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/23 04:40:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bry\Local Settings\Application Data\prvlcl.dat
[2010/02/07 00:20:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\PControl.ini
[2009/05/29 18:47:07 | 000,000,215 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/05/20 15:22:42 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2009/05/20 15:22:42 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2009/05/02 23:06:20 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/04/13 18:21:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\Domino.exe
[2009/03/27 16:26:52 | 000,000,016 | ---- | C] () -- C:\WINDOWS\RealityFusion.ini
[2008/12/26 19:04:09 | 000,002,379 | ---- | C] () -- C:\WINDOWS\tabled32.ini
[2008/05/22 09:48:46 | 000,000,122 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008/05/09 16:27:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/05/09 16:21:30 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/03/28 22:36:13 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/03/28 22:36:13 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/03/28 22:36:13 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/03/24 17:20:08 | 000,345,097 | ---- | C] () -- C:\WINDOWS\CSUPP.EXE
[2008/03/06 09:40:54 | 000,168,883 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/02/09 15:03:38 | 000,001,441 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2008/02/09 15:03:36 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2008/02/09 15:03:36 | 000,002,560 | ---- | C] () -- C:\WINDOWS\Runservice.exe
[2008/02/09 08:57:55 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins001.exe
[2008/02/09 08:57:54 | 000,003,439 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2008/01/30 06:10:14 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/30 06:10:14 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/20 07:21:41 | 000,000,783 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/09/17 10:33:39 | 000,000,106 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2007/09/09 08:15:46 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/09/09 08:15:44 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/08/22 06:44:11 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/04/13 15:19:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2007/02/24 05:43:53 | 000,000,154 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/18 02:16:48 | 000,506,744 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2007/02/07 13:23:56 | 000,042,132 | ---- | C] () -- C:\WINDOWS\XF2000.INI
[2007/02/03 12:21:39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/23 07:39:11 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/01/06 20:55:55 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2006/11/25 22:56:31 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Bry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/12 04:38:51 | 000,001,580 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2006/11/12 04:37:50 | 000,003,375 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2006/11/11 21:36:10 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Bry\Local Settings\Application Data\fusioncache.dat
[2006/11/11 11:22:43 | 000,000,220 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/08 19:53:21 | 000,004,572 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/08 10:37:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/08 10:37:16 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/11/08 10:08:43 | 000,003,731 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/08 09:16:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ArmAccess.dll
[2006/11/08 08:46:56 | 000,003,248 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/11/08 08:22:49 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/11/08 06:41:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/11/08 06:31:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/11/08 00:10:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/11/08 00:08:12 | 000,104,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/16 14:05:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/15 17:40:22 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/06/10 16:03:38 | 000,029,600 | ---- | C] () -- C:\WINDOWS\System32\mxntdfg.exe
[2002/08/28 22:57:58 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/03/14 13:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/01/28 01:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe
[2000/01/28 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 362 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
ESET log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=23a744ebf5fd474280552823e1d78f08
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-31 07:30:37
# local_time=2011-07-31 02:30:37 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1032 16777189 100 95 0 55144366 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=182587
# found=0
# cleaned=0
# scan_time=9214
Looking good, how are things running, any redirects or unwanted pop up windows ?
Everything seems to be running well. The only thing I can't figure out is why Windows won't acknowledge that automatic updates are turned on. I have it set to notify me of new updates but not d/l or install them, yet I have the red shield in my taskbar, telling me that updates are off, my computer is at risk, etc.
This may be unrelated to malware/viruses and beyond the scope of what you do here, not sure.
Lets see if there is anything else lurking. It looks like your security center is set correctly , when where done I will link you to a windows forum to help you straighten that out.
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Due to inactivity, this thread will now be closed.
If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.