My poor Asus desktop with Windows 7

[IglooRug]

Recently there were several times I found my computer had restarted while I was out. I thought perhaps an automatic update requiring an update had occurred. Finally today something was odd enough to indicate a problem.

I still have security software recommended by defunct volunteer malware removal help site castlecops.com. I ran ad-aware, which found and removed some issues. I decided to restart but it seemed I could not boot into windows. I went to safe mode and tried to run ad-aware again, but could not. I used Trend Micro Internet Security under safe mode but the scan found nothing.

I found my computer does actually boot into windows, but it takes longer and the screen goes black in between password entry and loading my desktop. I did another Trend Micro (full) scan. It found and removed several trojans but I can still run very little. My browsers won't open, for example. This is posted from a different computer.

I need outside help! I have attempted to run ERUNT and DDS as the forums instruct, but cannot. Can you help?

 

[Blade81]

Hi,

I have attempted to run ERUNT and DDS as the forums instruct, but cannot.

What happens when you attempt to run DDS?

 

[IglooRug]

Current Status

Thanks for volunteering. I have done various fixes on my own in the past, including using the castlecops wiki to remove malware from other PCs, but will just do what you say from here on out. Here's what has happened since my post as well as the answer to your question.

I thought a system restore might help, but the one I did within Windows didn't complete and left this PC unable to boot successfully in any mode. I used the recovery DVD to successfully complete the system restore and then backed up my data. I considered reinstalling the OS, but have held off.

The system works again but various things cause a BSOD. Firstly, it will eventually crash while logged in yet idle. Secondly, running DDS, Trend Micro House Call, and Windows 7 Update Advisor have caused crashes. Some error messages have been "System Service Exception", others "IRQL Not Less Than or Equal".

 

[Blade81]

Hi,

Rename DDS to something.com and try to run it.

 

[IglooRug]

Upon running dds.scr renamed to something.com

BSOD, stop error 0×0000001E

 

[Blade81]

Hi,

Let's see if other tool works any better.

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

 

[IglooRug]

OTL.txt

OTL logfile created on: 2/1/2011 11:40:26 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Mitch\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 81.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.61 Gb Total Space | 284.78 Gb Free Space | 76.43% Space Free | Partition Type: NTFS
Drive D: | 550.90 Gb Total Space | 526.00 Gb Free Space | 95.48% Space Free | Partition Type: NTFS

Computer Name: COLOSSUS | User Name: Mitch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mitch\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files (x86)\ASUS\AI Manager\AIManager.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\SysWOW64\AsHookDevice.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()
PRC - C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)


========== Modules (SafeList) ==========

MOD - C:\Users\Mitch\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Unlocker\UnlockerHook.dll ()
MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (Device Handle Service) -- C:\Windows\SysWOW64\AsHookDevice.exe (ASUSTeK Computer Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\drivers\vsapint.sys (Trend Micro Inc.)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\drivers\tmwfp.sys (Trend Micro Inc.)
DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\drivers\tmlwf.sys (Trend Micro Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ASInsHelp) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {22181a4d-af90-4ca3-a569-faed9118d6bc}:1.6.0.1126
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97


FF - HKLM\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2010/05/15 00:42:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/10 21:17:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/01/29 10:27:50 | 000,000,000 | ---D | M]

[2010/03/09 11:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Extensions
[2011/02/01 01:53:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\9ztenapv.default\extensions
[2011/01/29 10:27:50 | 000,000,000 | ---D | M] ("Glue") -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\9ztenapv.default\extensions\{D2A6A719-7CBC-4594-85FD-C36AD881424F}
[2011/01/29 03:58:24 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\9ztenapv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/02/01 01:53:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/15 00:22:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/11 23:01:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/20 14:13:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/29 03:58:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/05/15 00:42:04 | 000,000,000 | ---D | M] (Trend Micro Toolbar) -- C:\PROGRAM FILES\TREND MICRO\TRENDSECURE\TISPROTOOLBAR\FIREFOXEXTENSION
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/03/14 21:34:06 | 000,000,988 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5642c05e-2fd9-11df-9878-e0cb4eb4c690}\Shell - "" = AutoRun
O33 - MountPoints2\{5642c05e-2fd9-11df-9878-e0cb4eb4c690}\Shell\AutoRun\command - "" = F:\Borderlands.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/01 11:39:26 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe
[2011/02/01 01:06:24 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\Microsoft Corporation
[2011/02/01 01:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
[2011/01/31 01:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2011/01/31 01:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)
[2011/01/31 01:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x64)
[2011/01/31 01:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier
[2011/01/31 01:41:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Verifier
[2011/01/31 01:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier (x64)
[2011/01/31 01:41:19 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier (x64)
[2011/01/31 01:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
[2011/01/31 01:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011/01/30 01:08:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/30 01:05:49 | 000,000,000 | ---D | C] -- C:\Users\Mitch\Documents\Security
[2011/01/30 01:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/01/30 01:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/01/28 20:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2011/01/28 20:59:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2011/01/28 20:37:47 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\Sunbelt Software
[2011/01/28 20:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/01/28 20:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/01/28 20:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/01/24 20:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight
[2011/01/24 09:43:07 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Roaming\runic games
[2011/01/11 16:25:46 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/01/11 16:25:46 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/01/11 16:25:45 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/01/11 16:25:45 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/01/11 16:25:45 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/01/11 16:25:45 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/01/11 16:25:45 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/01/11 16:25:45 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/01/11 16:25:45 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/01/11 16:25:45 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/01/11 16:25:45 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/01/11 16:25:45 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/01/11 16:25:45 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/01/11 16:25:45 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/01/11 16:25:45 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/01/11 16:25:45 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/01/11 16:25:45 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/01/11 16:25:45 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/01/11 16:25:45 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/01/11 16:25:45 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/01/11 16:25:41 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/11 16:25:41 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2010/07/14 02:51:59 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Mitch\AppData\Roaming\pcouffin.sys
[2008/01/27 22:02:08 | 004,333,568 | ---- | C] (Gabest) -- C:\Program Files (x86)\mplayerc.exe

========== Files - Modified Within 30 Days ==========

[2011/02/01 11:42:15 | 000,000,988 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2011/02/01 11:41:52 | 000,000,988 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2011/02/01 11:39:26 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe
[2011/02/01 11:27:07 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/01 11:27:07 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/01 11:24:20 | 000,791,746 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/01 11:24:20 | 000,668,662 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/01 11:24:20 | 000,124,848 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/01 11:19:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/01 11:19:51 | 621,202,810 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/01 11:19:47 | 2058,657,791 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/01 04:42:04 | 000,003,344 | ---- | M] () -- C:\bootsqm.dat
[2011/02/01 01:00:07 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/01/31 12:24:24 | 000,187,119 | ---- | M] () -- C:\Users\Mitch\Documents\20110123 to 20110129 Unemployment.xps
[2011/01/30 01:05:21 | 000,001,068 | ---- | M] () -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/30 01:04:50 | 000,000,869 | ---- | M] () -- C:\Users\Mitch\Desktop\ERUNT.lnk
[2011/01/30 01:00:53 | 000,624,128 | ---- | M] () -- C:\Users\Mitch\Desktop\dds.scr
[2011/01/29 10:39:44 | 000,000,036 | ---- | M] () -- C:\Users\Mitch\AppData\Local\housecall.guid.cache
[2011/01/24 10:23:27 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/01/24 10:23:27 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/01/24 10:23:27 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/01/24 10:23:27 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/01/21 06:46:21 | 000,003,584 | ---- | M] () -- C:\Users\Mitch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/14 17:33:50 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/01/14 17:33:50 | 000,001,812 | ---- | M] () -- C:\Users\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/01/10 18:34:59 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\ComicRack.lnk

========== Files Created - No Company Name ==========

[2011/02/01 04:42:04 | 000,003,344 | ---- | C] () -- C:\bootsqm.dat
[2011/02/01 01:00:07 | 000,002,091 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011/02/01 01:00:07 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/01/31 12:24:23 | 000,187,119 | ---- | C] () -- C:\Users\Mitch\Documents\20110123 to 20110129 Unemployment.xps
[2011/01/30 01:05:21 | 000,001,068 | ---- | C] () -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/30 01:04:50 | 000,000,869 | ---- | C] () -- C:\Users\Mitch\Desktop\ERUNT.lnk
[2011/01/30 01:00:53 | 000,624,128 | ---- | C] () -- C:\Users\Mitch\Desktop\dds.scr
[2011/01/29 07:28:47 | 621,202,810 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/29 01:31:06 | 000,000,036 | ---- | C] () -- C:\Users\Mitch\AppData\Local\housecall.guid.cache
[2011/01/24 09:44:45 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/01/24 09:44:18 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/01/24 09:44:04 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/01/24 09:43:06 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/01/21 06:46:21 | 000,003,584 | ---- | C] () -- C:\Users\Mitch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/25 23:00:01 | 000,000,093 | ---- | C] () -- C:\Users\Mitch\AppData\Local\fusioncache.dat
[2010/07/27 23:56:59 | 000,000,662 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/07/14 02:52:28 | 000,000,034 | ---- | C] () -- C:\Users\Mitch\AppData\Roaming\pcouffin.log
[2010/07/14 02:51:59 | 000,099,384 | ---- | C] () -- C:\Users\Mitch\AppData\Roaming\inst.exe
[2010/07/14 02:51:59 | 000,007,859 | ---- | C] () -- C:\Users\Mitch\AppData\Roaming\pcouffin.cat
[2010/07/14 02:51:59 | 000,001,167 | ---- | C] () -- C:\Users\Mitch\AppData\Roaming\pcouffin.inf
[2010/06/30 01:21:27 | 000,007,611 | ---- | C] () -- C:\Users\Mitch\AppData\Local\Resmon.ResmonCfg
[2010/05/11 20:39:06 | 000,807,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/21 16:22:50 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/04/21 16:22:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/04/05 22:19:42 | 000,002,118 | ---- | C] () -- C:\Users\Mitch\AppData\Roaming\wklnhst.dat
[2010/03/28 16:29:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\Windows\SysWow64\vfprintpthelper.dll
[2009/11/13 12:09:40 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2009/11/13 12:07:53 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009/11/13 12:07:41 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/11/13 12:07:41 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/11/13 12:07:40 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/11/13 12:07:40 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/11/13 12:03:14 | 000,010,572 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/11/13 12:03:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/11/13 12:03:12 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/11/13 12:03:12 | 000,006,688 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

< End of report >

 

[IglooRug]

Extras.txt

OTL Extras logfile created on: 2/1/2011 11:40:26 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Mitch\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 81.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.61 Gb Total Space | 284.78 Gb Free Space | 76.43% Space Free | Partition Type: NTFS
Drive D: | 550.90 Gb Total Space | 526.00 Gb Free Space | 95.48% Space Free | Partition Type: NTFS

Computer Name: COLOSSUS | User Name: Mitch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office Folder\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office Folder\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office Folder\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office Folder\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06CB1559-8956-4F61-8D12-498715F67ECC}" = MobileMe Control Panel
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{183C740A-0406-380F-A235-2EC2F8A28D13}" = Microsoft Windows SDK MSHelp (30514)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security Pro
"{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security Pro
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}" = Hellgate: London
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CCleaner" = CCleaner
"ComicRack" = ComicRack v0.9.134
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{361AA6F2-124E-4E98-9402-83B1445B8448}" = GameSpy Comrade
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}" = AI Manager
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{c0230012-7b9b-4be4-b846-477fd2d8f364}" = Nero 9 Essentials
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.02.04.8007
"4578-0181-0549-1546" = Altitude
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 7_is1" = DVDFab 7.0.6.2 (20/05/2010)
"EA Download Manager" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MyPoints Point Finder" = MyPoints Point Finder
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 65520" = ArcaniA: Gothic IV - Demo
"Steam App 70410" = Recettear: An Item Shop's Tale - Demo
"Steam App 70910" = Star Ruler - Demo
"Unlocker" = Unlocker 1.8.9
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/31/2011 2:50:03 AM | Computer Name = COLOSSUS | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3989 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 13d8 Start
Time: 01cbc1112ce3909d Termination Time: 7 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 52671026-2d06-11e0-8060-e0cb4eb4c690

Error - 1/31/2011 4:55:01 AM | Computer Name = COLOSSUS | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3989 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 13c8 Start
Time: 01cbc1245c241c3d Termination Time: 15 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: c78ad801-2d17-11e0-8060-e0cb4eb4c690

Error - 1/31/2011 10:21:20 AM | Computer Name = COLOSSUS | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 1/31/2011 11:19:12 AM | Computer Name = COLOSSUS | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3989 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1444 Start
Time: 01cbc15a154f7210 Termination Time: 0 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 731eb7b5-2d4d-11e0-8060-e0cb4eb4c690

Error - 2/1/2011 2:06:53 AM | Computer Name = COLOSSUS | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3989 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c88 Start
Time: 01cbc1d61f974ccb Termination Time: 15 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 73ad7769-2dc9-11e0-b866-e0cb4eb4c690

Error - 2/1/2011 2:38:53 AM | Computer Name = COLOSSUS | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\trend micro\internet
security\component\framework\200\UfNavi.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/1/2011 2:38:53 AM | Computer Name = COLOSSUS | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\trend micro\internet
security\component\framework\200\UfSeAgnt.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/1/2011 2:38:53 AM | Computer Name = COLOSSUS | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\trend micro\internet
security\component\framework\200\UfUpdUi.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/1/2011 2:39:01 AM | Computer Name = COLOSSUS | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 2/1/2011 5:26:03 AM | Computer Name = COLOSSUS | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 1/29/2011 11:42:22 AM | Computer Name = COLOSSUS | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 1/29/2011 12:58:52 PM | Computer Name = COLOSSUS | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:57:21 AM on ?1/?29/?2011 was unexpected.

Error - 1/29/2011 12:58:53 PM | Computer Name = COLOSSUS | Source = BugCheck | ID = 1001
Description =

Error - 1/29/2011 1:34:52 PM | Computer Name = COLOSSUS | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 1/30/2011 2:34:56 AM | Computer Name = COLOSSUS | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:32:54 AM on ?1/?30/?2011 was unexpected.

Error - 1/30/2011 2:34:58 AM | Computer Name = COLOSSUS | Source = BugCheck | ID = 1001
Description =

Error - 1/31/2011 12:24:51 AM | Computer Name = COLOSSUS | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:23:17 PM on ?1/?30/?2011 was unexpected.

Error - 1/31/2011 12:24:51 AM | Computer Name = COLOSSUS | Source = BugCheck | ID = 1001
Description =

Error - 1/31/2011 12:52:48 AM | Computer Name = COLOSSUS | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:50:42 PM on ?1/?30/?2011 was unexpected.

Error - 1/31/2011 12:52:49 AM | Computer Name = COLOSSUS | Source = BugCheck | ID = 1001
Description =


< End of report >

 

[Blade81]

Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Vuze


I'd like you to read this thread.

Please uninstall the programs listed above (in red).


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New OTL.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

 

[IglooRug]

Upon running ComboFix

I uninstalled Vuze and attempted to run ComboFix under the prescribed conditions. However, the PC appears to freeze up before ComboFix gets past its initial progress bar (loading?) screen.

 

[Blade81]

Hi,

Rename ComboFix.exe to testing.exe and try to run it in safe mode.

 

[IglooRug]

Upon running ComboFix as Testing in Safe Mode

BSOD, IRQL Not Less Than or Equal, 0x0000000A

 

[Blade81]

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

 

[IglooRug]

After running TDSSKiller and rebooting

Excited to see we're on the right path! It definitely seemed like those crashes were to prevent us from running security tools.

2011/02/03 05:24:33.0624 5772 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/03 05:24:33.0764 5772 ================================================================================
2011/02/03 05:24:33.0764 5772 SystemInfo:
2011/02/03 05:24:33.0764 5772
2011/02/03 05:24:33.0764 5772 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/03 05:24:33.0764 5772 Product type: Workstation
2011/02/03 05:24:33.0764 5772 ComputerName: COLOSSUS
2011/02/03 05:24:33.0764 5772 UserName: Mitch
2011/02/03 05:24:33.0764 5772 Windows directory: C:\Windows
2011/02/03 05:24:33.0764 5772 System windows directory: C:\Windows
2011/02/03 05:24:33.0764 5772 Running under WOW64
2011/02/03 05:24:33.0764 5772 Processor architecture: Intel x64
2011/02/03 05:24:33.0764 5772 Number of processors: 4
2011/02/03 05:24:33.0764 5772 Page size: 0x1000
2011/02/03 05:24:33.0764 5772 Boot type: Normal boot
2011/02/03 05:24:33.0764 5772 ================================================================================
2011/02/03 05:24:36.0494 5772 Initialize success
2011/02/03 05:24:41.0268 2720 ================================================================================
2011/02/03 05:24:41.0268 2720 Scan started
2011/02/03 05:24:41.0268 2720 Mode: Manual;
2011/02/03 05:24:41.0268 2720 ================================================================================
2011/02/03 05:24:42.0235 2720 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/03 05:24:42.0282 2720 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/03 05:24:42.0297 2720 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/03 05:24:42.0344 2720 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/03 05:24:42.0375 2720 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/03 05:24:42.0391 2720 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/03 05:24:42.0422 2720 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/02/03 05:24:42.0438 2720 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/03 05:24:42.0469 2720 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/03 05:24:42.0485 2720 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/03 05:24:42.0516 2720 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/03 05:24:42.0531 2720 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/03 05:24:42.0547 2720 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/03 05:24:42.0563 2720 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/03 05:24:42.0578 2720 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/03 05:24:42.0609 2720 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/02/03 05:24:42.0656 2720 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/02/03 05:24:42.0687 2720 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/03 05:24:42.0750 2720 ASInsHelp (edaa17ce771c696655b6585f7cad2100) C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2011/02/03 05:24:42.0828 2720 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/03 05:24:42.0843 2720 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/03 05:24:42.0875 2720 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/02/03 05:24:42.0906 2720 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/02/03 05:24:42.0953 2720 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/02/03 05:24:42.0984 2720 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/03 05:24:43.0015 2720 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/03 05:24:43.0031 2720 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/03 05:24:43.0046 2720 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/03 05:24:43.0077 2720 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/02/03 05:24:43.0093 2720 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/03 05:24:43.0109 2720 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/03 05:24:43.0124 2720 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/03 05:24:43.0155 2720 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/03 05:24:43.0171 2720 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
2011/02/03 05:24:43.0202 2720 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/03 05:24:43.0218 2720 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/03 05:24:43.0249 2720 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/03 05:24:43.0280 2720 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/02/03 05:24:43.0311 2720 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/03 05:24:43.0327 2720 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/03 05:24:43.0358 2720 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/02/03 05:24:43.0374 2720 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/03 05:24:43.0389 2720 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/03 05:24:43.0405 2720 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/03 05:24:43.0452 2720 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/02/03 05:24:43.0483 2720 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/02/03 05:24:43.0499 2720 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/02/03 05:24:43.0530 2720 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/02/03 05:24:43.0561 2720 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/03 05:24:43.0623 2720 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/02/03 05:24:43.0701 2720 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/03 05:24:43.0717 2720 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/03 05:24:43.0748 2720 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/02/03 05:24:43.0764 2720 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/02/03 05:24:43.0779 2720 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/03 05:24:43.0795 2720 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/02/03 05:24:43.0826 2720 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/02/03 05:24:43.0842 2720 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/03 05:24:43.0857 2720 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/02/03 05:24:43.0873 2720 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/02/03 05:24:43.0904 2720 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/02/03 05:24:43.0935 2720 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/03 05:24:43.0967 2720 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/03 05:24:43.0982 2720 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/03 05:24:44.0013 2720 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/03 05:24:44.0029 2720 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/03 05:24:44.0060 2720 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/02/03 05:24:44.0091 2720 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/03 05:24:44.0107 2720 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/03 05:24:44.0123 2720 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/03 05:24:44.0138 2720 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/03 05:24:44.0169 2720 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/03 05:24:44.0216 2720 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/03 05:24:44.0247 2720 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/02/03 05:24:44.0279 2720 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/03 05:24:44.0294 2720 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/03 05:24:44.0325 2720 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/03 05:24:44.0497 2720 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/02/03 05:24:44.0637 2720 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/03 05:24:44.0700 2720 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys
2011/02/03 05:24:44.0778 2720 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/02/03 05:24:44.0793 2720 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/03 05:24:44.0809 2720 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/03 05:24:44.0840 2720 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/03 05:24:44.0856 2720 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/03 05:24:44.0871 2720 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/02/03 05:24:44.0887 2720 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/02/03 05:24:44.0903 2720 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/03 05:24:44.0934 2720 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/03 05:24:44.0965 2720 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/03 05:24:44.0981 2720 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/03 05:24:44.0996 2720 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/03 05:24:45.0027 2720 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/03 05:24:45.0043 2720 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/02/03 05:24:45.0074 2720 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/03 05:24:45.0105 2720 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/03 05:24:45.0121 2720 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/03 05:24:45.0152 2720 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/03 05:24:45.0168 2720 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/03 05:24:45.0199 2720 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/02/03 05:24:45.0215 2720 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/03 05:24:45.0246 2720 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/03 05:24:45.0261 2720 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/02/03 05:24:45.0293 2720 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/03 05:24:45.0324 2720 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/03 05:24:45.0324 2720 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/03 05:24:45.0355 2720 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/02/03 05:24:45.0371 2720 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/03 05:24:45.0402 2720 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/03 05:24:45.0417 2720 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/03 05:24:45.0464 2720 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/03 05:24:45.0480 2720 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/03 05:24:45.0511 2720 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/03 05:24:45.0527 2720 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/03 05:24:45.0542 2720 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/03 05:24:45.0573 2720 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/02/03 05:24:45.0589 2720 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/03 05:24:45.0605 2720 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/03 05:24:45.0636 2720 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/03 05:24:45.0667 2720 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/03 05:24:45.0698 2720 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/02/03 05:24:45.0714 2720 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/02/03 05:24:45.0745 2720 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/03 05:24:45.0761 2720 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/02/03 05:24:45.0776 2720 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/03 05:24:45.0807 2720 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/02/03 05:24:45.0823 2720 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/02/03 05:24:45.0854 2720 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/03 05:24:45.0917 2720 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/02/03 05:24:45.0948 2720 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/03 05:24:45.0979 2720 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/03 05:24:46.0010 2720 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/03 05:24:46.0026 2720 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/03 05:24:46.0041 2720 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/02/03 05:24:46.0057 2720 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/03 05:24:46.0088 2720 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/03 05:24:46.0119 2720 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
2011/02/03 05:24:46.0151 2720 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/03 05:24:46.0166 2720 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/02/03 05:24:46.0197 2720 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/03 05:24:46.0244 2720 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/02/03 05:24:46.0291 2720 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/02/03 05:24:46.0307 2720 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/03 05:24:46.0338 2720 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/03 05:24:46.0353 2720 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/03 05:24:46.0369 2720 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/03 05:24:46.0400 2720 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/02/03 05:24:46.0400 2720 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/02/03 05:24:46.0431 2720 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/02/03 05:24:46.0447 2720 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/03 05:24:46.0478 2720 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/03 05:24:46.0525 2720 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2011/02/03 05:24:46.0541 2720 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/02/03 05:24:46.0556 2720 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/02/03 05:24:46.0634 2720 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/03 05:24:46.0650 2720 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/02/03 05:24:46.0681 2720 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/03 05:24:46.0712 2720 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/03 05:24:46.0759 2720 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/03 05:24:46.0790 2720 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/03 05:24:46.0790 2720 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/03 05:24:46.0821 2720 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/03 05:24:46.0837 2720 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/03 05:24:46.0853 2720 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/03 05:24:46.0868 2720 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/03 05:24:46.0899 2720 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/03 05:24:46.0915 2720 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/03 05:24:46.0931 2720 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/03 05:24:46.0962 2720 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/03 05:24:46.0977 2720 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/03 05:24:46.0993 2720 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/02/03 05:24:47.0009 2720 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/02/03 05:24:47.0055 2720 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/03 05:24:47.0087 2720 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/02/03 05:24:47.0133 2720 RtNdPt60 (5532c4bf15173270757a75b46baeb960) C:\Windows\system32\DRIVERS\RtNdPt60.sys
2011/02/03 05:24:47.0149 2720 RTTEAMPT (bc85bdc1c30066c78b8c67af1241d0b7) C:\Windows\system32\DRIVERS\RtTeam60.sys
2011/02/03 05:24:47.0165 2720 RTVLANPT (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVlan60.sys
2011/02/03 05:24:47.0180 2720 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/03 05:24:47.0196 2720 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/03 05:24:47.0274 2720 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/02/03 05:24:47.0321 2720 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/03 05:24:47.0336 2720 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/02/03 05:24:47.0383 2720 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/03 05:24:47.0430 2720 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/03 05:24:47.0461 2720 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/02/03 05:24:47.0492 2720 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/03 05:24:47.0508 2720 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/03 05:24:47.0523 2720 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/03 05:24:47.0555 2720 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/03 05:24:47.0570 2720 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/02/03 05:24:47.0601 2720 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/02/03 05:24:47.0648 2720 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/02/03 05:24:47.0648 2720 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/02/03 05:24:47.0648 2720 sptd - detected Locked file (1)
2011/02/03 05:24:47.0679 2720 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/02/03 05:24:47.0695 2720 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/03 05:24:47.0726 2720 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/03 05:24:47.0773 2720 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/03 05:24:47.0804 2720 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/03 05:24:47.0867 2720 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/02/03 05:24:47.0913 2720 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/03 05:24:47.0945 2720 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/03 05:24:47.0960 2720 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/02/03 05:24:47.0976 2720 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/02/03 05:24:47.0991 2720 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/03 05:24:48.0038 2720 TEAM (bc85bdc1c30066c78b8c67af1241d0b7) C:\Windows\system32\DRIVERS\RtTeam60.sys
2011/02/03 05:24:48.0054 2720 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/03 05:24:48.0101 2720 tmlwf (35a6aeb61c7cf21b10cc05bda47339b5) C:\Windows\system32\DRIVERS\tmlwf.sys
2011/02/03 05:24:48.0132 2720 tmpreflt (803ee35df92815ea5d41cee7410c8cc1) C:\Windows\system32\DRIVERS\tmpreflt.sys
2011/02/03 05:24:48.0179 2720 tmtdi (21cc12b7f8b44e91d03ead5b17aaf0b2) C:\Windows\system32\DRIVERS\tmtdi.sys
2011/02/03 05:24:48.0194 2720 tmwfp (a4670e50c15d7bce7226e4b62700df09) C:\Windows\system32\DRIVERS\tmwfp.sys
2011/02/03 05:24:48.0225 2720 tmxpflt (9bd32132a3470cefb3cbea5fa492bd6f) C:\Windows\system32\DRIVERS\tmxpflt.sys
2011/02/03 05:24:48.0257 2720 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/03 05:24:48.0303 2720 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/03 05:24:48.0319 2720 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/03 05:24:48.0350 2720 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/03 05:24:48.0366 2720 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/03 05:24:48.0397 2720 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/03 05:24:48.0413 2720 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/03 05:24:48.0459 2720 UnlockerDriver5 (d0cb75386d9e89c864d808d64ec9160f) C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys
2011/02/03 05:24:48.0491 2720 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/02/03 05:24:48.0506 2720 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/03 05:24:48.0522 2720 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/03 05:24:48.0537 2720 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/03 05:24:48.0553 2720 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/03 05:24:48.0584 2720 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/03 05:24:48.0600 2720 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/03 05:24:48.0631 2720 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/03 05:24:48.0647 2720 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/03 05:24:48.0662 2720 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/03 05:24:48.0678 2720 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/03 05:24:48.0709 2720 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/03 05:24:48.0725 2720 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/02/03 05:24:48.0756 2720 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/03 05:24:48.0771 2720 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/03 05:24:48.0787 2720 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/03 05:24:48.0818 2720 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/02/03 05:24:48.0834 2720 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/03 05:24:48.0896 2720 vsapint (b01ce1f5a44126892240d179a6dbd43f) C:\Windows\system32\DRIVERS\vsapint.sys
2011/02/03 05:24:48.0943 2720 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/03 05:24:48.0959 2720 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/02/03 05:24:48.0974 2720 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/02/03 05:24:49.0005 2720 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/03 05:24:49.0037 2720 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/03 05:24:49.0037 2720 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/03 05:24:49.0068 2720 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/02/03 05:24:49.0099 2720 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/03 05:24:49.0130 2720 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/03 05:24:49.0146 2720 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/02/03 05:24:49.0193 2720 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/02/03 05:24:49.0208 2720 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/03 05:24:49.0255 2720 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/03 05:24:49.0286 2720 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/02/03 05:24:49.0317 2720 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/03 05:24:49.0349 2720 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/03 05:24:49.0349 2720 ================================================================================
2011/02/03 05:24:49.0349 2720 Scan finished
2011/02/03 05:24:49.0349 2720 ================================================================================
2011/02/03 05:24:49.0349 4384 Detected object count: 2
2011/02/03 05:25:06.0384 4384 Locked file(sptd) - User select action: Skip
2011/02/03 05:25:06.0415 4384 \HardDisk0 - will be cured after reboot
2011/02/03 05:25:06.0415 4384 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/03 05:25:11.0625 5780 Deinitialize success

 

[Blade81]

Hi,

That looks good. Please see if you're able to run ComboFix now.

 

[IglooRug]

After running ComboFix

Yes, that worked.

ComboFix 11-01-31.02 - Mitch 02/03/2011 10:47:06.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8079.6440 [GMT -5:00]
Running from: c:\users\Mitch\Desktop\Testing.exe
AV: Trend Micro Internet Security Pro *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security Pro *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Mitch\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-03 to 2011-02-03 )))))))))))))))))))))))))))))))
.

2011-02-03 15:49 . 2011-02-03 15:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-03 04:20 . 2011-02-03 04:20 -------- d-----w- c:\program files (x86)\NirSoft
2011-02-02 18:27 . 2011-02-02 18:27 -------- d-----w- c:\program files\iTunes
2011-02-02 18:27 . 2011-02-02 18:27 -------- d-----w- c:\program files (x86)\iTunes
2011-02-02 18:27 . 2011-02-02 18:27 -------- d-----w- c:\program files\iPod
2011-02-02 08:20 . 2010-07-30 17:30 309840 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2011-02-02 08:20 . 2010-07-30 17:30 42576 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2011-02-02 08:20 . 2010-07-30 17:24 1988176 ----a-w- c:\windows\system32\drivers\vsapint.sys
2011-02-02 05:11 . 2011-02-02 08:18 -------- d-----w- c:\programdata\Trend Micro
2011-02-02 05:10 . 2011-02-02 05:11 -------- d-----w- c:\program files\Trend Micro
2011-02-01 06:06 . 2011-02-01 06:06 -------- d-----w- c:\users\Mitch\AppData\Local\Microsoft Corporation
2011-02-01 06:00 . 2011-02-01 06:00 -------- d-----w- c:\program files (x86)\Microsoft Windows 7 Upgrade Advisor
2011-01-31 06:41 . 2011-01-31 06:41 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-01-31 06:41 . 2011-01-31 06:41 -------- d-----w- c:\program files\Debugging Tools for Windows (x64)
2011-01-31 06:41 . 2011-01-31 06:41 -------- d-----w- c:\program files\Application Verifier (x64)
2011-01-31 06:41 . 2011-01-31 06:41 -------- d-----w- c:\program files (x86)\Application Verifier
2011-01-31 06:40 . 2011-01-31 06:40 -------- d-----w- c:\program files\Microsoft SDKs
2011-01-30 06:04 . 2011-01-30 06:05 -------- d-----w- c:\program files (x86)\ERUNT
2011-01-29 01:59 . 2011-01-29 01:59 -------- d-----w- c:\programdata\NOS
2011-01-29 01:59 . 2011-01-29 01:59 -------- d-----w- c:\program files (x86)\NOS
2011-01-29 01:37 . 2011-01-29 01:37 -------- d-----w- c:\users\Mitch\AppData\Local\Sunbelt Software
2011-01-29 01:35 . 2011-01-29 08:58 -------- dc----w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-01-29 01:35 . 2011-01-29 01:38 -------- d-----w- c:\programdata\Lavasoft
2011-01-29 01:35 . 2011-01-29 01:35 -------- d-----w- c:\program files (x86)\Lavasoft
2011-01-24 14:43 . 2011-01-24 14:43 -------- d-----w- c:\users\Mitch\AppData\Roaming\runic games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 00:08 . 2010-12-23 00:08 176488 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10136.bin
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2008-01-28 03:02 . 2008-01-28 03:02 4333568 ----a-w- c:\program files (x86)\mplayerc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files (x86)\MyPoints Point Finder\Toolbar.dll" [2010-03-13 1517056]

[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-21 1242448]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-08-20 225280]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

c:\users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office Folder\Office\OSA9.EXE [2000-1-21 65588]
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2008-9-23 415072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-07-07 35840]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 43008]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 43008]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-21 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-15 834544]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-05-15 200720]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-08-20 196608]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2007-12-11 26624]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2010-07-30 42576]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-05-15 339984]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-25 233984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2010-05-15 595960]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-05-15 917768]


--- Other Services/Drivers In Memory ---

*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1023416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
FF - ProfilePath - c:\users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\9ztenapv.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Trend Micro Toolbar: {22181a4d-af90-4ca3-a569-faed9118d6bc} - c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{A057A204-BACC-4D26-CEC4-75A487FD6484} - (no file)
WebBrowser-{89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1891506818-3025599532-512531374-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-1891506818-3025599532-512531374-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-03 10:50:37
ComboFix-quarantined-files.txt 2011-02-03 15:50

Pre-Run: 301,585,567,744 bytes free
Post-Run: 301,859,823,616 bytes free

- - End Of File - - CC72933FCBB3FE7B5056B184B2462FB7

 

[Blade81]

Hi,

* Go here to run an online scanner from ESET.

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is UNchecked.
• Click Scan
• Wait for the scan to finish. Post back the results + fresh OTL.txt log.

 

[IglooRug]

After running ESET & OTL

ESET didn't find any problems. Here's the OTL log:

OTL logfile created on: 2/3/2011 2:39:02 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Mitch\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 74.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.61 Gb Total Space | 281.09 Gb Free Space | 75.44% Space Free | Partition Type: NTFS
Drive D: | 550.90 Gb Total Space | 526.00 Gb Free Space | 95.48% Space Free | Partition Type: NTFS

Computer Name: COLOSSUS | User Name: Mitch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mitch\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Turbine\The Lord of the Rings Online\TurbineLauncher.exe (Turbine, Inc.)
PRC - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe (Trend Micro Inc.)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files (x86)\ASUS\AI Manager\AIManager.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\SysWOW64\AsHookDevice.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()
PRC - C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)


========== Modules (SafeList) ==========

MOD - C:\Users\Mitch\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (Device Handle Service) -- C:\Windows\SysWOW64\AsHookDevice.exe (ASUSTeK Computer Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\drivers\vsapint.sys (Trend Micro Inc.)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\drivers\tmwfp.sys (Trend Micro Inc.)
DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\drivers\tmlwf.sys (Trend Micro Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ASInsHelp) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97
FF - prefs.js..extensions.enabledItems: {22181a4d-af90-4ca3-a569-faed9118d6bc}:1.6.0.1126


FF - HKLM\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2011/02/02 00:11:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/02/01 23:58:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/01 23:58:22 | 000,000,000 | ---D | M]

[2010/03/09 11:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Extensions
[2011/02/03 05:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\9ztenapv.default\extensions
[2011/01/29 10:27:50 | 000,000,000 | ---D | M] ("Glue") -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\9ztenapv.default\extensions\{D2A6A719-7CBC-4594-85FD-C36AD881424F}
[2011/01/29 03:58:24 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\9ztenapv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/02/03 05:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/15 00:22:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/11 23:01:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/20 14:13:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/29 03:58:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/02 00:11:50 | 000,000,000 | ---D | M] (Trend Micro Toolbar) -- C:\PROGRAM FILES\TREND MICRO\TRENDSECURE\TISPROTOOLBAR\FIREFOXEXTENSION
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/03/14 21:34:06 | 000,000,988 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/03 13:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/02/03 10:50:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/02/03 10:46:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/03 10:46:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/03 10:46:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/03 10:40:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/03 10:39:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/02 23:20:20 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2011/02/02 23:20:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2011/02/02 13:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/02/02 13:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/02/02 13:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/02 13:27:28 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/02/02 03:20:25 | 001,988,176 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\vsapint.sys
[2011/02/02 03:20:25 | 000,309,840 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmxpflt.sys
[2011/02/02 03:20:25 | 000,042,576 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmpreflt.sys
[2011/02/02 00:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Internet Security Pro
[2011/02/02 00:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2011/02/02 00:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/02/01 23:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/02/01 11:39:26 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe
[2011/02/01 01:06:24 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\Microsoft Corporation
[2011/02/01 01:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
[2011/01/31 01:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2011/01/31 01:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)
[2011/01/31 01:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x64)
[2011/01/31 01:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier
[2011/01/31 01:41:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Verifier
[2011/01/31 01:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier (x64)
[2011/01/31 01:41:19 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier (x64)
[2011/01/31 01:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
[2011/01/31 01:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011/01/30 01:08:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/30 01:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/01/30 01:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/01/28 20:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2011/01/28 20:59:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2011/01/28 20:37:47 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\Sunbelt Software
[2011/01/28 20:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/01/28 20:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/01/28 20:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/01/24 20:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight
[2011/01/24 09:43:07 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Roaming\runic games
[2011/01/11 16:25:46 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/01/11 16:25:46 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/01/11 16:25:45 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/01/11 16:25:45 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/01/11 16:25:45 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/01/11 16:25:45 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/01/11 16:25:45 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/01/11 16:25:45 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/01/11 16:25:45 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/01/11 16:25:45 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/01/11 16:25:45 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/01/11 16:25:45 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/01/11 16:25:45 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/01/11 16:25:45 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/01/11 16:25:45 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/01/11 16:25:45 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/01/11 16:25:45 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/01/11 16:25:45 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/01/11 16:25:45 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/01/11 16:25:45 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/01/11 16:25:41 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/11 16:25:41 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2010/07/14 02:51:59 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Mitch\AppData\Roaming\pcouffin.sys
[2008/01/27 22:02:08 | 004,333,568 | ---- | C] (Gabest) -- C:\Program Files (x86)\mplayerc.exe

========== Files - Modified Within 30 Days ==========

[2011/02/03 14:39:22 | 000,000,988 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2011/02/03 14:39:21 | 000,000,988 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2011/02/03 11:58:32 | 000,002,868 | ---- | M] () -- C:\Users\Mitch\Documents\Torchlight More Stash.zip
[2011/02/03 11:54:10 | 000,012,220 | ---- | M] () -- C:\Users\Mitch\Documents\Torchlight Easy Respecs 1.1b.zip
[2011/02/03 05:33:14 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/03 05:33:14 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/03 05:32:00 | 000,791,746 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/03 05:32:00 | 000,668,662 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/03 05:32:00 | 000,124,848 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/03 05:26:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/03 05:25:55 | 2058,657,791 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/02 20:50:14 | 330,621,922 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/02 03:18:01 | 004,263,406 | R--- | M] () -- C:\Users\Mitch\Desktop\Testing.exe
[2011/02/02 00:11:10 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\Trend Micro Internet Security Pro.lnk
[2011/02/01 23:58:23 | 000,001,927 | ---- | M] () -- C:\Users\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/01 23:58:23 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/01 11:39:26 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe
[2011/02/01 01:00:07 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/01/31 12:24:24 | 000,187,119 | ---- | M] () -- C:\Users\Mitch\Documents\20110123 to 20110129 Unemployment.xps
[2011/01/30 01:05:21 | 000,001,068 | ---- | M] () -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/30 01:04:50 | 000,000,869 | ---- | M] () -- C:\Users\Mitch\Desktop\ERUNT.lnk
[2011/01/29 10:39:44 | 000,000,036 | ---- | M] () -- C:\Users\Mitch\AppData\Local\housecall.guid.cache
[2011/01/21 06:46:21 | 000,003,584 | ---- | M] () -- C:\Users\Mitch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/10 18:34:59 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\ComicRack.lnk

========== Files Created - No Company Name ==========

[2011/02/03 11:58:32 | 000,002,868 | ---- | C] () -- C:\Users\Mitch\Documents\Torchlight More Stash.zip
[2011/02/03 11:54:10 | 000,012,220 | ---- | C] () -- C:\Users\Mitch\Documents\Torchlight Easy Respecs 1.1b.zip
[2011/02/03 10:46:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/03 10:46:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/03 10:46:30 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/03 10:46:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/03 10:46:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/02 03:18:00 | 004,263,406 | R--- | C] () -- C:\Users\Mitch\Desktop\Testing.exe
[2011/02/02 00:11:10 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\Trend Micro Internet Security Pro.lnk
[2011/02/01 23:58:23 | 000,001,927 | ---- | C] () -- C:\Users\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/01 23:58:23 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/01 01:00:07 | 000,002,091 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011/02/01 01:00:07 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/01/31 12:24:23 | 000,187,119 | ---- | C] () -- C:\Users\Mitch\Documents\20110123 to 20110129 Unemployment.xps
[2011/01/30 01:05:21 | 000,001,068 | ---- | C] () -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/30 01:04:50 | 000,000,869 | ---- | C] () -- C:\Users\Mitch\Desktop\ERUNT.lnk
[2011/01/29 07:28:47 | 330,621,922 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/29 01:31:06 | 000,000,036 | ---- | C] () -- C:\Users\Mitch\AppData\Local\housecall.guid.cache
[2011/01/21 06:46:21 | 000,003,584 | ---- | C] () -- C:\Users\Mitch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/25 23:00:01 | 000,000,093 | ---- | C] () -- C:\Users\Mitch\AppData\Local\fusioncache.dat
[2010/07/27 23:56:59 | 000,000,662 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/07/14 02:52:28 | 000,000,034 | ---- | C] () -- C:\Users\Mitch\AppData\Roaming\pcouffin.log
[2010/07/14 02:51:59 | 000,007,859 | ---- | C] () -- C:\Users\Mitch\AppData\Roaming\pcouffin.cat
[2010/07/14 02:51:59 | 000,001,167 | ---- | C] () -- C:\Users\Mitch\AppData\Roaming\pcouffin.inf
[2010/06/30 01:21:27 | 000,007,611 | ---- | C] () -- C:\Users\Mitch\AppData\Local\Resmon.ResmonCfg
[2010/05/11 20:39:06 | 000,807,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/21 16:22:50 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/04/21 16:22:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/04/05 22:19:42 | 000,002,118 | ---- | C] () -- C:\Users\Mitch\AppData\Roaming\wklnhst.dat
[2010/03/28 16:29:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\Windows\SysWow64\vfprintpthelper.dll
[2009/11/13 12:09:40 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2009/11/13 12:07:53 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009/11/13 12:07:41 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/11/13 12:07:41 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/11/13 12:07:40 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/11/13 12:07:40 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/11/13 12:03:14 | 000,010,572 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/11/13 12:03:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/11/13 12:03:12 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/11/13 12:03:12 | 000,006,688 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

< End of report >

 

[Blade81]

Good. Any issues left? If not, then let's see the final steps.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.


Now lets uninstall ComboFix:

• Click START then RUN
• Now copy-paste Combofix /uninstall in the runbox and click OK

Please download OTC and save it to desktop.

• Double-click OTC.exe.
• Click the CleanUp! button.
• Select Yes when the
  Begin cleanup Process?
  prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



Download and run Secunia Personal Software Inspector (PSI) and fix its findings.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

 

[IglooRug]

After the last set of instructions

System Restore has been reset and re-enabled.
ComboFix has been uninstalled.
OTC has cleaned up security files.
IE was already using those settings, except for one, which has been changed.
WindowsUpdate was already set to daily auto-update.
PSI has been used to patch holes.

Thank you very much! I am impressed with your ability to parse the indicators from the logs and identify the tools that can solve the problem. I thought I was going to have to reinstall the OS.