Solved Google Redirect Virus Vista

VirusVictim1 · 2010/10/06

[Resolved] Google Redirect Virus Vista

Hey, my notebook has been running very slowly of late and now google has begun to redirect my searches etc. Normal methods e.g. MBAM McAffe Norton etc turn up blank so now im desperate for your help. (I dare say there will be more than just the redirect). Any help would be greatly appreciated.

DDS (Ver_10-03-17.01) - NTFSx86
Run by ASUS at 0:13:48.06 on Thu 07/10/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vistaâ„¢ Ultimate 6.0.6002.2.1252.61.1033.18.2046.1026 [GMT 11:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
D:\Program Files\Hotspot Shield\bin\openvpnas.exe
D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
D:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Windows\ehome\ehsched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ASScrPro.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ASUS\SmartLogon\smartlogon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\ASUS\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://optusnet.com.au/
uDefault_Page_URL = hxxp://www.asus.com
mDefault_Page_URL = hxxp://www.asus.com
uInternet Settings,ProxyOverride = *.scotchmel.vic.edu.au;<local>;*.local
uInternet Settings,ProxyServer = proxy.scotchmel.vic.edu.au:8080
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {15d9574d-01a3-5f8e-033f-597d68ef24eb} - c:\windows\system32\KBDVNTTC.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ASUS Security Protect Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\asus security center\asus security protect manager\bin\ItIEAddIn.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - d:\program files\hotspot shield\hssie\HssIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [ASUS Camera ScreenSaver] c:\windows\ASScrProlog.exe
mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\asusse~1\asusse~1\bin\ASTSVCC.dll,RegisterModule
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-au.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
AppInit_DLLs: APSHook.dll
LSA: Notification Packages = scecli ASWLNPkg

============= SERVICES / DRIVERS ===============

R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2009-5-22 15416]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-4 310320]
R1 1UnHooker;1UnHooker;c:\windows\system32\drivers\1UnHooker.sys [2010-3-2 22016]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-4 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-4 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20101005.004\IDSvix86.sys [2010-10-6 344112]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\itsdisk.sys [2006-5-17 23232]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 HssWd;Hotspot Shield Monitoring Service;d:\program files\hotspot shield\bin\hsswd.exe -product hss --> d:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-4 117640]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-2-24 90112]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-10-10 14976]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2007-10-31 46592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-31 102448]
R3 Ltn_hyd7700pc;TV tuner device ;c:\windows\system32\drivers\Ltn_hyd7700pc.sys [2007-5-19 374144]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-5-31 6638080]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-2-4 48688]
S2 CSIScanner;CSIScanner; "c:\program files\prevx\prevx.exe" /service --> c:\program files\prevx\prevx.exe [?]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-5-22 12800]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 hidkmdf;MotioninJoy Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\drivers\hidkmdf.sys [2009-10-23 4608]
S3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\drivers\MijUfilt.sys [2009-10-24 17408]

=============== Created Last 30 ================

2010-10-06 04:31:30 70192 ----a-w- c:\windows\system32\PxSecure.dll-188038597
2010-10-05 03:56:05 0 d-----w- c:\windows\system32\1040
2010-09-29 02:38:01 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-27 16:14:18 28672 ----a-w- c:\windows\system32\AVEQT.dll
2010-09-27 16:14:18 129024 ----a-w- c:\windows\system32\AVERM.dll
2010-09-20 14:35:05 0 d-----w- C:\Hotspot Shield
2010-09-19 06:26:07 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-09-19 06:26:07 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-09-19 06:26:03 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-09-19 06:26:03 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-09-19 06:26:03 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-09-19 06:26:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-09-19 06:26:00 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-09-19 06:26:00 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-09-19 06:23:57 0 d-----w- c:\windows\system32\directx
2010-09-15 06:36:05 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 06:35:59 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 06:35:55 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 06:35:51 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 14:10:04 0 d-----w- c:\programdata\NVIDIA Corporation
2010-09-14 14:09:28 0 d-----w- c:\program files\NVIDIA Corporation
2010-09-14 14:05:27 9596 ----a-w- c:\windows\system32\nvinfo.pb
2010-09-14 14:05:27 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-09-14 14:05:27 5107816 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-09-14 14:05:27 11008040 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-09-14 14:05:27 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-09-14 14:05:25 14092904 ----a-w- c:\windows\system32\nvoglv32.dll
2010-09-14 14:05:24 4553832 ----a-w- c:\windows\system32\nvcuda.dll
2010-09-14 14:05:24 2892904 ----a-w- c:\windows\system32\nvcuvid.dll
2010-09-14 14:05:24 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-09-14 14:05:22 236136 ----a-w- c:\windows\system32\nvcod1922.dll
2010-09-14 14:05:22 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-09-14 14:05:22 10267240 ----a-w- c:\windows\system32\nvcompiler.dll
2010-09-14 12:20:29 0 d-----w- c:\program files\Cisco
2010-09-14 12:20:26 0 d-----w- c:\program files\common files\Intel
2010-09-14 12:14:56 0 d-----w- c:\program files\SystemRequirementsLab
2010-09-13 11:52:28 47984 ----a-w- c:\windows\system32\AdvUninstCPL.cpl
2010-09-13 11:52:25 0 d-----w- c:\program files\Innovative Solutions
2010-09-11 18:34:07 0 d-----w- c:\users\asus\.dvdcss
2010-09-11 17:44:26 0 d-----w- c:\programdata\PopCap Games
2010-09-08 07:39:35 0 d-----w- c:\program files\Windows Portable Devices
2010-09-08 07:38:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-09-08 07:37:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-09-07 17:06:24 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-09-07 17:06:23 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-09-07 17:06:22 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-09-07 17:03:06 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-09-07 17:03:05 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-09-07 17:03:05 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-09-06 17:07:24 0 d-----w- c:\programdata\Sony Corporation
2010-09-06 16:02:25 0 d-----w- c:\windows\system32\eu-ES
2010-09-06 16:02:25 0 d-----w- c:\windows\system32\ca-ES
2010-09-06 16:02:23 0 d-----w- c:\windows\system32\vi-VN
2010-09-06 15:53:49 0 d-----w- c:\windows\system32\SPReview
2010-09-06 15:40:46 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-09-06 15:40:29 57856 ----a-w- c:\windows\system32\compcln.exe
2010-09-06 15:38:59 869888 ----a-w- c:\windows\system32\printui.dll
2010-09-06 15:37:59 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-09-06 15:36:44 891904 ----a-w- c:\windows\system32\WindowsUltimateExtrasCPL.dll
2010-09-06 15:35:59 389632 ----a-w- c:\windows\system32\sysmon.ocx
2010-09-06 14:44:08 0 d-----w- c:\windows\system32\EventProviders

==================== Find3M ====================

2010-10-04 09:00:10 55637 ----a-w- c:\programdata\nvModes.dat
2010-10-04 08:59:39 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-10-02 13:11:41 2140 ----a-w- c:\windows\bthservsdp.dat
2010-09-28 16:00:58 8456 --sha-w- c:\programdata\KGyGaAvL.sys
2010-09-24 10:29:39 87608 ----a-w- c:\users\asus\appdata\roaming\inst.exe
2010-09-24 10:29:39 47360 ----a-w- c:\users\asus\appdata\roaming\pcouffin.sys
2010-09-20 14:37:00 86016 ----a-w- c:\windows\inf\infpub.dat
2010-09-20 14:36:59 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-20 14:36:58 143360 ----a-w- c:\windows\inf\infstor.dat
2010-09-11 18:08:09 81920 ----a-w- c:\users\asus\appdata\roaming\ezpinst.exe
2010-09-08 07:39:13 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-09-06 15:50:48 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-09-03 22:24:40 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2010-09-03 22:24:40 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-07-16 19:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-09 22:37:00 9818728 ----a-w- c:\windows\system32\nvd3dum.dll
2010-07-09 22:37:00 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-09 22:37:00 1625192 ----a-w- c:\windows\system32\nvapi.dll
2010-07-09 06:20:08 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 06:20:06 261736 ----a-w- c:\windows\system32\nvhotkey.dll
2010-07-09 06:20:06 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-07-09 06:20:06 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 06:20:06 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 06:20:06 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2008-01-21 02:41:56 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 0:14:54.69 ===============

Attach TXT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vistaâ„¢ Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 22/05/2009 4:20:25 AM
System Uptime: 10/05/2010 7:29:24 AM (3593 hours ago)

Motherboard: ASUSTeK Computer Inc. | | M51Sn
Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz | Socket 478 | 2501/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 116 GiB total, 20.876 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 47.909 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP526: 3/10/2010 2:12:10 PM - Scheduled Checkpoint
RP527: 4/10/2010 5:53:37 PM - Scheduled Checkpoint
RP528: 5/10/2010 2:22:10 PM - Scheduled Checkpoint
RP529: 6/10/2010 10:54:32 AM - Scheduled Checkpoint

==== Installed Programs ======================

1Click DVD Converter 1.2.1.0
Adobe Audition 3.0
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.0
Adobe Shockwave Player 11.5
Advanced Uninstaller PRO - Version 10
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS CopyProtect
ASUS InstantFun
ASUS LifeFrame3
ASUS Live Update
ASUS Security Protect Manager
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
Asus_Camera_ScreenSaver
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
AuthenTec Fingerprint Sensor Minimum Install
BitTorrent
Bonjour
CloneDVD2
Combined Community Codec Pack 2009-09-09
Contents
Corel VideoStudio Pro X3
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW(R) Graphics Suite X4
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
DeviceIO
DivX Codec
DivX Converter
DivX Player
DivX Setup
DoremiSoft AVI to MP4 Converter 1.0
FLV Player 2.0 (build 25)
Fly The Airbus A380 v2 for FSX
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotspot Shield 1.50
ICA
ImTOO DVD Ripper Platinum 5
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager
IPM_VS_Pro
ISI ResearchSoft - Export Helper
iTunes
Java Auto Updater
Java(TM) 6 Update 21
KONICA MINOLTA magicolor 2400W
Logitech Gaming Software 5.04
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
MCE Software Encoder 1.1
Media Go
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Flight Simulator X
Microsoft Flight Simulator X: Acceleration
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
MLE
MSVC80_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NB Probe
Norton 360
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
OJOsoft Audio Converter
P4P
Power4Gear eXtreme
PowerISO
PureHD
QuickTime
QuickTime Alternative 1.81
Realtek High Definition Audio Driver
Remote Control USB Driver
Remote Play with PlayStation 3
Remote Play with PlayStation®3
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
SecureW2 EAP Suite 1.1.3 for Windows
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Setup
Share
Silent Hunter Wolves of the Pacific
SmartSound Common Data
SmartSound Quicktracks 5
Sony Ericsson PC Suite 6.011.00
Synaptics Pointing Device Driver
System Requirements Lab for Intel
The Simsâ„¢ 3
Ultra Video Joiner 5.2.0108
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB 2.0 1.3M UVC WebCam
VC80CRTRedist - 8.0.50727.4053
VIO
Virtual DJ - Atomix Productions
VistaFeaturePack
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
VOB2MPG v3
VSClassic
VSPro
WavePad Sound Editor
Windows Live Upload Tool
Windows Media Encoder 9 Series
WinFlash
WinRAR archiver
Wireless Console 2
Worms Reloaded
Xilisoft AVI to DVD Converter
Xvid 1.1.3 final uninstall

==== End Of File ===========================

Admin. · 2010/10/06

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

broni · 2010/10/06

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

VirusVictim1 · 2010/10/07

Thankyou for your ongoing support,

The GMER scan log is a rather large 250 000 characters long, should i uncheck some of the options e.g. modules, devices etc or just paste over multiple posts?

MBAM SCAN

Malwarebytes' Anti-Malware 1.44
Database version: 3761
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

7/10/2010 1:36:45 PM
mbam-log-2010-10-07 (13-36-45).txt

Scan type: Quick Scan
Objects scanned: 105580
Time elapsed: 8 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MBR CHECK

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: M51Sn
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 189):
0x8243E000 \SystemRoot\system32\ntkrnlpa.exe
0x8240B000 \SystemRoot\system32\hal.dll
0x80406000 \SystemRoot\system32\kdcom.dll
0x8040D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047D000 \SystemRoot\system32\PSHED.dll
0x8048E000 \SystemRoot\system32\BOOTVID.dll
0x80496000 \SystemRoot\system32\CLFS.SYS
0x804D7000 \SystemRoot\system32\CI.dll
0x80606000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80675000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80683000 \SystemRoot\system32\drivers\acpi.sys
0x806C9000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D2000 \SystemRoot\system32\drivers\msisadrv.sys
0x806DA000 \SystemRoot\system32\drivers\pci.sys
0x80701000 \SystemRoot\System32\drivers\partmgr.sys
0x80710000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80713000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8071D000 \SystemRoot\system32\drivers\volmgr.sys
0x8072C000 \SystemRoot\System32\drivers\volmgrx.sys
0x80776000 \SystemRoot\system32\drivers\intelide.sys
0x8077D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8078B000 \SystemRoot\System32\drivers\mountmgr.sys
0x82A09000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82AD1000 \SystemRoot\system32\drivers\atapi.sys
0x82AD9000 \SystemRoot\system32\drivers\ataport.SYS
0x82AF7000 \SystemRoot\system32\drivers\msahci.sys
0x82B01000 \SystemRoot\system32\drivers\fltmgr.sys
0x82B33000 \SystemRoot\system32\drivers\fileinfo.sys
0x82B43000 \SystemRoot\system32\drivers\N360\0308000.029\SYMEFA.SYS
0x82B92000 \SystemRoot\system32\DRIVERS\lullaby.sys
0x88205000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88276000 \SystemRoot\system32\drivers\ndis.sys
0x88381000 \SystemRoot\system32\drivers\msrpc.sys
0x883AC000 \SystemRoot\system32\drivers\NETIO.SYS
0x88405000 \SystemRoot\System32\drivers\tcpip.sys
0x884EF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88602000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88712000 \SystemRoot\system32\drivers\volsnap.sys
0x8874B000 \SystemRoot\System32\Drivers\spldr.sys
0x88753000 \SystemRoot\System32\Drivers\mup.sys
0x88762000 \SystemRoot\System32\drivers\ecache.sys
0x88789000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x887AD000 \SystemRoot\system32\drivers\disk.sys
0x887BE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x887DF000 \SystemRoot\system32\drivers\crcdisk.sys
0x887F5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x885E3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x885EC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8D003000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8DA81000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8DA83000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8DB24000 \SystemRoot\System32\drivers\watchdog.sys
0x8DB30000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8DB3B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8DB79000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C607000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C694000 \SystemRoot\system32\DRIVERS\l160x86.sys
0x8DC0A000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8E269000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8E279000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8E287000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8E2A1000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8E2B0000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8E2C4000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8E315000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E328000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x8E32A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E335000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8E360000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E362000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E36D000 \SystemRoot\System32\Drivers\ElbyDelay.sys
0x8E36F000 \SystemRoot\System32\Drivers\AnyDVD.sys
0x8E374000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E38C000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E392000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E396000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0x8E39E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C6A3000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E3CD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E3D8000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0x8E3E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C6E4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C6EF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C712000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C721000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C735000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8DC00000 \SystemRoot\system32\DRIVERS\taphss.sys
0x8C74A000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8C7D3000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DC07000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8DB88000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C7E3000 \SystemRoot\system32\drivers\WmBEnum.sys
0x8C7E7000 \SystemRoot\system32\drivers\WmXlCore.sys
0x8C7F2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8DBB2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8DBBF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x883E7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E40B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x82B9A000 \SystemRoot\system32\drivers\portcls.sys
0x82BC7000 \SystemRoot\system32\drivers\drmk.sys
0x8E60E000 \SystemRoot\system32\DRIVERS\smserial.sys
0x8E705000 \SystemRoot\system32\drivers\modem.sys
0x8EA07000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x8EBB8000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8EBC5000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x8E712000 \SystemRoot\System32\Drivers\Ltn_hyd7700pc.sys
0x8EBCC000 \SystemRoot\System32\Drivers\BdaSup.SYS
0x8EBCF000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
0x8EBF2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EA00000 \SystemRoot\System32\Drivers\Null.SYS
0x8E76E000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E77E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8E785000 \SystemRoot\System32\drivers\vga.sys
0x8E791000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E7B2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E7BA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E7C2000 \SystemRoot\system32\DRIVERS\1UnHooker.sys
0x8E7CB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E7D6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E7E4000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E5E6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8079B000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMTDI.SYS
0x807CF000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8E7ED000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDISV.SYS
0x805B7000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS
0x82BEC000 \SystemRoot\system32\DRIVERS\smb.sys
0x805CC000 \SystemRoot\System32\DRIVERS\netbt.sys
0x92C0C000 \SystemRoot\system32\drivers\afd.sys
0x92C54000 \SystemRoot\system32\DRIVERS\pacer.sys
0x92C6A000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x92C73000 \SystemRoot\system32\DRIVERS\netbios.sys
0x92C81000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92C94000 \SystemRoot\system32\drivers\N360\0308000.029\SRTSPX.SYS
0x92C9E000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x92CAC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92CE8000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92CF2000 \SystemRoot\System32\Drivers\ItSDisk.sys
0x92D4E000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x92D53000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x92DB1000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x93205000 \SystemRoot\system32\drivers\csc.sys
0x93260000 \SystemRoot\System32\Drivers\dfsc.sys
0x93277000 \SystemRoot\System32\Drivers\N360\0308000.029\ccHPx86.sys
0x932F2000 \SystemRoot\System32\Drivers\N360\0308000.029\BHDrvx86.sys
0x93334000 \SystemRoot\System32\Drivers\ASPI32.SYS
0x93338000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8850A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x93345000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x98A70000 \SystemRoot\System32\win32k.sys
0x93356000 \SystemRoot\System32\drivers\Dxapi.sys
0x93360000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98C90000 \SystemRoot\System32\TSDDD.dll
0x98CB0000 \SystemRoot\System32\cdd.dll
0x9336F000 \SystemRoot\system32\drivers\luafv.sys
0x81E00000 \SystemRoot\system32\drivers\spsys.sys
0x81EB0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81EC0000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x81EEA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x81EF4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81F07000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
0x81F0E000 \SystemRoot\system32\drivers\HTTP.sys
0x81F7B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x81F98000 \SystemRoot\system32\DRIVERS\bowser.sys
0x81FB1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x81FC6000 \SystemRoot\system32\drivers\mrxdav.sys
0x9338A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x933A9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x81FE7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x92DCE000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA4A01000 \SystemRoot\System32\DRIVERS\srv.sys
0xA4A4F000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0xA4A52000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA4A7A000 \SystemRoot\system32\drivers\peauth.sys
0xA4B58000 \??\C:\Windows\system32\Drivers\SBKUPNT.SYS
0xA4B5C000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA4B66000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA4B72000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA4B88000 \SystemRoot\System32\Drivers\N360\0308000.029\SRTSP.SYS
0xA9B68000 \SystemRoot\system32\drivers\MSPQM.sys
0xA9B6E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101005.004\IDSvix86.sys
0xA9BCE000 \SystemRoot\System32\drivers\pxkbf.sys
0xA9BD3000 \SystemRoot\System32\drivers\pxscan.sys
0xA9BD9000 \SystemRoot\System32\drivers\pxrts.sys
0xA9B62000 \SystemRoot\system32\drivers\MSPCLOCK.sys
0xA4BDB000 \??\C:\Users\ASUS\AppData\Local\Temp\kwldrpoc.sys
0xA9A00000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101006.032\NAVEX15.SYS
0xA9B4E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101006.032\NAVENG.SYS
0xA9BC6000 \??\C:\Windows\system32\drivers\mbamswissarmy.sys
0x77540000 \Windows\System32\ntdll.dll

Processes (total 88):
0 System Idle Process
4 System
644 C:\Windows\System32\smss.exe
776 csrss.exe
828 C:\Windows\System32\wininit.exe
840 csrss.exe
872 C:\Windows\System32\services.exe
888 C:\Windows\System32\lsass.exe
900 C:\Windows\System32\lsm.exe
1068 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\nvvsvc.exe
1172 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\winlogon.exe
1328 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\svchost.exe
1452 C:\Windows\System32\audiodg.exe
1472 C:\Windows\System32\svchost.exe
1548 C:\Windows\System32\SLsvc.exe
1608 C:\Windows\System32\svchost.exe
1652 C:\Windows\System32\nvvsvc.exe
1768 C:\Windows\System32\svchost.exe
1952 C:\Program Files\ATK Hotkey\ASLDRSrv.exe
1964 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2000 C:\Windows\System32\wlanext.exe
404 C:\Windows\System32\spoolsv.exe
400 C:\Windows\System32\taskeng.exe
488 C:\Windows\System32\svchost.exe
2056 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2072 C:\Program Files\Bonjour\mDNSResponder.exe
2084 C:\Windows\System32\svchost.exe
2256 D:\Program Files\Hotspot Shield\bin\openvpnas.exe
2336 D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
2360 D:\Program Files\Hotspot Shield\bin\hsswd.exe
2376 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
2400 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
2460 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
2496 C:\Windows\System32\svchost.exe
2524 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
2564 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2580 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2608 C:\Windows\System32\svchost.exe
2644 C:\Windows\System32\svchost.exe
2976 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
3584 WmiPrvSE.exe
3664 unsecapp.exe
3452 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
3804 C:\Windows\System32\taskeng.exe
2312 C:\Windows\System32\taskeng.exe
1812 C:\Windows\System32\dwm.exe
3912 C:\Program Files\ATK Hotkey\HControl.exe
3268 C:\Program Files\ATKOSD2\ATKOSD2.exe
3152 C:\Program Files\Wireless Console 2\wcourier.exe
3928 C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
1244 C:\Program Files\P4G\BatteryLife.exe
2804 C:\Program Files\ASUS\Splendid\ACMON.exe
3284 ACEngSvr.exe
2508 C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
4288 C:\Program Files\ATK Hotkey\ATKOSD.exe
4332 C:\Program Files\ATK Hotkey\KBFiltr.exe
4376 C:\Windows\RtHDVCpl.exe
4384 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
5280 C:\Windows\ehome\ehsched.exe
5292 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
5340 C:\Program Files\ASUS\ATK Media\DMedia.exe
5416 C:\Windows\ASScrPro.exe
5548 C:\Program Files\iTunes\iTunesHelper.exe
5588 C:\Windows\ehome\ehtray.exe
6076 C:\Program Files\Windows Media Player\wmpnetwk.exe
4424 C:\Program Files\iPod\bin\iPodService.exe
5688 C:\Program Files\Windows Media Player\wmpnscfg.exe
2344 C:\Windows\explorer.exe
6376 C:\Windows\System32\wbem\unsecapp.exe
4996 C:\Windows\System32\SearchIndexer.exe
3492 C:\Windows\ehome\ehrecvr.exe
7056 C:\Windows\System32\wuauclt.exe
7200 C:\Program Files\ASUS\SmartLogon\smartlogon.exe
5700 C:\Program Files\Internet Explorer\iexplore.exe
4500 C:\Program Files\Internet Explorer\iexplore.exe
6008 C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
7756 C:\Program Files\Internet Explorer\iexplore.exe
5796 C:\Program Files\Internet Explorer\iexplore.exe
7320 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
5176 C:\Windows\System32\notepad.exe
5596 C:\Program Files\Internet Explorer\iexplore.exe
6548 C:\Windows\System32\notepad.exe
5080 C:\Users\ASUS\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`38900000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`54f00000 (NTFS)

PhysicalDrive0 Model Number: ST9250320AS, Rev: 0303

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

THANKS AGAIN

broni · 2010/10/07

Upload GMER log here: http://www.filedropper.com/
Post download link (copy URL: link):

VirusVictim1 · 2010/10/07

Here's the GMER log,

http://www.filedropper.com/gmer

Thanks

broni · 2010/10/07

Well, it was a small file....

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-10-07 12:36:31
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\ASUS\AppData\Local\Temp\kwldrpoc.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 pxkbf.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 pxkbf.sys

---- EOF - GMER 1.0.15 ----

==============================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

VirusVictim1 · 2010/10/07

Combo fix scan

ComboFix 10-10-07.01 - ASUS 08/10/2010 12:58:15.1.2 - x86
Microsoft® Windows Vistaâ„¢ Ultimate 6.0.6002.2.1252.61.1033.18.2046.1078 [GMT 11:00]
Running from: c:\users\ASUS\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 72 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpe4CBA.dll
c:\programdata\hpeE9B9.dll
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\ASUS\AppData\Local\Windows Server
c:\users\ASUS\AppData\Local\Windows Server\admin.txt
c:\users\ASUS\AppData\Local\Windows Server\flags.ini
c:\users\ASUS\AppData\Local\Windows Server\server.dat
c:\users\ASUS\AppData\Local\Windows Server\uses32.dat
c:\users\ASUS\AppData\Roaming\inst.exe
c:\windows\System32\APSHook.dll
c:\windows\system32\KBDVNTTC.DLL
c:\windows\System32\msvcr70.dll
c:\windows\system32\systeminfo3.dll

----- BITS: Possible infected sites -----

hxxp://austereo.castmetrix.net
.
((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))))
.

2010-10-08 02:21 . 2010-10-08 03:01 -------- d-----w- c:\users\ASUS\AppData\Local\temp
2010-10-08 02:21 . 2010-10-08 02:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-05 03:56 . 2010-10-05 03:56 -------- d-----w- c:\windows\system32\1040
2010-09-29 02:38 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-27 16:14 . 2007-04-12 04:19 129024 ----a-w- c:\windows\system32\AVERM.dll
2010-09-27 16:14 . 2006-09-26 03:57 28672 ----a-w- c:\windows\system32\AVEQT.dll
2010-09-20 14:35 . 2010-09-20 14:37 -------- d-----w- C:\Hotspot Shield
2010-09-19 06:26 . 2010-06-01 18:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-09-19 06:26 . 2010-06-01 18:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-09-19 06:26 . 2010-06-01 18:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-09-19 06:26 . 2010-05-26 01:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-09-19 06:26 . 2010-05-26 01:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-09-19 06:26 . 2010-05-26 01:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-09-19 06:26 . 2010-05-26 01:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-09-19 06:26 . 2010-05-26 01:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-09-15 06:36 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 06:35 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 06:35 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 06:35 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 14:10 . 2010-09-14 14:10 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-09-14 14:09 . 2010-09-14 14:12 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-14 14:05 . 2010-07-09 22:37 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-09-14 14:05 . 2010-07-09 22:37 5107816 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-09-14 14:05 . 2010-07-09 22:37 11008040 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-09-14 14:05 . 2010-07-09 22:37 14092904 ----a-w- c:\windows\system32\nvoglv32.dll
2010-09-14 14:05 . 2010-07-09 22:37 4553832 ----a-w- c:\windows\system32\nvcuda.dll
2010-09-14 14:05 . 2010-07-09 22:37 2892904 ----a-w- c:\windows\system32\nvcuvid.dll
2010-09-14 14:05 . 2010-07-09 22:37 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-09-14 14:05 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod1922.dll
2010-09-14 14:05 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-09-14 14:05 . 2010-07-09 22:37 10267240 ----a-w- c:\windows\system32\nvcompiler.dll
2010-09-14 12:20 . 2010-09-14 12:20 -------- d-----w- c:\program files\Cisco
2010-09-14 12:20 . 2010-09-14 12:20 -------- d-----w- c:\program files\Common Files\Intel
2010-09-14 12:14 . 2010-09-14 12:14 -------- d-----w- c:\program files\SystemRequirementsLab
2010-09-13 11:52 . 2010-09-13 11:52 -------- d-----w- c:\program files\Innovative Solutions
2010-09-11 18:34 . 2010-09-11 18:34 -------- d-----w- c:\users\ASUS\.dvdcss
2010-09-11 17:44 . 2010-09-11 17:59 -------- d-----w- c:\programdata\PopCap Games
2010-09-08 07:39 . 2010-09-08 07:39 -------- d-----w- c:\program files\Windows Portable Devices

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 03:01 . 2009-09-11 09:48 55637 ----a-w- c:\programdata\nvModes.dat
2010-10-08 03:01 . 2009-05-21 19:27 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-10-08 02:56 . 2009-05-21 18:20 12 ----a-w- c:\windows\bthservsdp.dat
2010-10-07 16:02 . 2009-08-28 10:24 -------- d-----w- c:\users\ASUS\AppData\Roaming\BitTorrent
2010-10-01 16:45 . 2009-10-24 10:09 680 ----a-w- c:\users\ASUS\AppData\Local\d3d9caps.dat
2010-09-28 16:00 . 2009-10-06 12:20 8456 --sha-w- c:\programdata\KGyGaAvL.sys
2010-09-28 16:00 . 2009-10-06 12:20 8456 --sha-w- c:\programdata\KGyGaAvL.sys
2010-09-24 10:29 . 2009-06-12 10:39 -------- d-----w- c:\users\ASUS\AppData\Roaming\Vso
2010-09-24 10:29 . 2009-06-12 10:39 47360 ----a-w- c:\users\ASUS\AppData\Roaming\pcouffin.sys
2010-09-24 10:29 . 2009-06-12 10:39 47360 ----a-w- c:\users\ASUS\AppData\Roaming\pcouffin.sys
2010-09-20 14:37 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infpub.dat
2010-09-20 14:36 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-09-20 14:36 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstor.dat
2010-09-15 17:03 . 2009-05-22 03:48 -------- d-----w- c:\programdata\Microsoft Help
2010-09-15 17:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-14 14:22 . 2009-05-21 19:27 -------- d-----w- c:\programdata\NVIDIA
2010-09-14 12:20 . 2009-05-21 18:26 -------- d-----w- c:\program files\Intel
2010-09-13 11:52 . 2010-09-02 08:50 -------- d-----w- c:\programdata\Innovative Solutions
2010-09-12 06:46 . 2009-05-21 18:28 -------- d-----w- c:\program files\ASUS
2010-09-11 18:08 . 2010-09-04 08:47 81920 ----a-w- c:\users\ASUS\AppData\Roaming\ezpinst.exe
2010-09-11 18:08 . 2010-09-04 08:47 81920 ----a-w- c:\users\ASUS\AppData\Roaming\ezpinst.exe
2010-09-11 17:59 . 2010-08-14 06:23 -------- d-----w- c:\program files\PopCap Games
2010-09-11 17:46 . 2010-08-14 06:23 29 ----a-w- c:\windows\popcinfo.dat
2010-09-08 07:39 . 2006-11-02 10:25 665600 ----a-w- c:\windows\Inf\drvindex.dat
2010-09-08 07:38 . 2010-09-08 07:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-09-08 07:37 . 2010-09-08 07:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-09-06 18:22 . 2010-08-20 15:53 2 --shatr- c:\windows\winstart.bat
2010-09-06 17:07 . 2010-09-06 17:07 -------- d-----w- c:\programdata\Sony Corporation
2010-09-06 16:45 . 2010-01-09 12:27 -------- d-----w- c:\program files\Sony
2010-09-06 16:45 . 2009-05-21 18:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-06 16:03 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-09-06 16:03 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-09-06 16:03 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2010-09-06 16:03 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-09-06 16:03 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-09-06 16:03 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-09-06 09:14 . 2010-09-06 09:14 -------- d-----w- c:\program files\Common Files\Java
2010-09-06 09:13 . 2009-05-20 12:05 -------- d-----w- c:\program files\Java
2010-09-03 22:24 . 2010-09-03 22:24 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2010-09-03 22:24 . 2010-09-03 22:24 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-09-03 14:31 . 2010-04-01 11:53 -------- d-----w- c:\programdata\Avanquest Bluetooth SDK
2010-09-03 14:25 . 2010-09-03 14:25 -------- d-----w- c:\programdata\AvqBtEnum
2010-09-02 08:50 . 2010-09-02 08:50 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2010-09-01 17:16 . 2010-09-01 17:16 -------- d-----w- c:\users\ASUS\AppData\Roaming\Mael
2010-09-01 17:15 . 2010-08-03 10:36 -------- d-----w- c:\programdata\avg9
2010-08-23 04:03 . 2010-08-23 04:03 10134 ----a-r- c:\users\ASUS\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-08-23 04:03 . 2010-08-23 04:03 -------- d-----w- c:\program files\Microsoft WSE
2010-08-20 16:33 . 2009-05-20 14:08 -------- d-----w- c:\users\ASUS\AppData\Roaming\Apple Computer
2010-08-20 11:45 . 2009-05-20 03:37 77552 ----a-w- c:\users\ASUS\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-18 15:01 . 2010-08-18 15:00 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-18 15:01 . 2010-08-18 15:00 -------- d-----w- c:\program files\iTunes
2010-08-18 15:00 . 2010-08-18 15:00 -------- d-----w- c:\program files\iPod
2010-08-18 15:00 . 2009-05-20 14:04 -------- d-----w- c:\program files\Common Files\Apple
2010-08-18 14:55 . 2010-08-18 09:50 -------- d-----w- c:\program files\QuickTime Alternative
2010-08-18 14:54 . 2010-08-18 14:54 -------- d-----w- c:\program files\Apple Software Update
2010-08-18 14:48 . 2010-08-18 14:48 -------- d-----w- c:\program files\Bonjour
2010-08-18 11:20 . 2010-03-21 00:51 -------- d-----w- c:\program files\SoundSpectrum
2010-08-18 11:17 . 2010-04-30 23:49 -------- d-----w- c:\users\ASUS\AppData\Roaming\Lionhead Studios
2010-08-18 09:51 . 2010-08-18 09:51 -------- d-----w- c:\users\ASUS\AppData\Roaming\MPEG Streamclip
2010-08-18 09:50 . 2009-05-20 14:06 -------- d-----w- c:\programdata\Apple Computer
2010-08-18 09:50 . 2010-08-18 09:50 -------- d-----w- c:\program files\Media Player Classic
2010-08-18 09:12 . 2010-08-18 09:09 -------- d-----w- c:\program files\AoA DVD Ripper
2010-08-18 09:09 . 2010-08-18 08:58 -------- d-----w- c:\program files\Xvid
2010-08-18 08:27 . 2010-08-18 08:27 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-08-12 11:42 . 2009-07-19 06:18 -------- d-----w- c:\users\ASUS\AppData\Roaming\dvdcss
2010-08-04 02:40 . 2010-08-04 02:40 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-08-04 02:40 . 2010-08-04 02:40 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-08-04 02:40 . 2010-08-04 02:40 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-08-04 02:40 . 2010-08-04 02:40 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-07-21 06:30 . 2010-07-21 06:30 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-16 19:00 . 2010-09-06 09:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-08-27 4702208]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-02 857648]
"ATKMEDIA "= "c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUS Camera ScreenSaver "= "c:\windows\ASScrProlog.exe" [2009-05-20 37232]
"ASUS Screen Saver Protector "= "c:\windows\ASScrPro.exe" [2009-05-21 33136]
"CognizanceTS "= "c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task "= "c:\program files\QuickTime Alternative\QTTask.exe" [2010-03-18 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@= "FSFilter Activity Monitor "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^Users^ASUS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration .LNK]
path=c:\users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
backup=c:\windows\pss\Registration .LNK.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-10 17:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2009-07-14 06:50 454144 ----a-w- d:\dvd's\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DS3 Tool]
2009-10-08 15:28 67584 ----a-w- c:\program files\MotioninJoy\ds3\DS3_Tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KONICA MINOLTA magicolor 2400W STD]
2005-06-22 06:38 184320 ----a-w- c:\windows\System32\MSTMON_S.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 05:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2007-07-19 19:18 778240 ----a-w- c:\program files\P4P\P4P.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-19 23:17 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2009-01-21 04:19 92168 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-05-21 12800]
R3 hidkmdf;MotioninJoy Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\DRIVERS\hidkmdf.sys [2009-05-27 4608]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\CA21.tmp [x]
R3 MijBThid;MotioninJoy BT HID DEVICE;c:\windows\system32\DRIVERS\MijBThid.sys [x]
R3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\DRIVERS\MijUfilt.sys [2009-10-03 17408]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2007-09-26 15416]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
S1 1UnHooker;1UnHooker;c:\windows\system32\DRIVERS\1UnHooker.sys [2010-03-02 22016]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101005.005\IDSvix86.sys [2010-09-15 353840]
S1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 23232]
S2 HssWd;Hotspot Shield Monitoring Service;d:\program files\Hotspot Shield\bin\hsswd.exe [2010-09-08 325168]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2007-10-31 46592]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 Ltn_hyd7700pc;TV tuner device ;c:\windows\system32\Drivers\Ltn_hyd7700pc.sys [2007-05-18 374144]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-05-31 6638080]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-08-22 48688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-07 c:\windows\Tasks\At1.job
- c:\windows\system32\WerFaultSSecure.exe [2010-09-06 13:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://optusnet.com.au/
uInternet Settings,ProxyOverride = *.scotchmel.vic.edu.au;<local>;*.local
uInternet Settings,ProxyServer = proxy.scotchmel.vic.edu.au:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CloneCDTray - c:\program files\SlySoft\CloneCD\CloneCDTray.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath "= "\ "c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \ "N360\" /m \ "c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1 "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath "= "\??\c:\windows\system32\CA21.tmp "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2935061242-1754714829-2266503767-1000\S*: &*]
@Allowed: (Read) (RestrictedCode)
DUMPHIVE0.003 (REGF)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1016)
c:\program files\Norton 360\Engine\3.8.0.41\buShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
d:\program files\Hotspot Shield\bin\openvpnas.exe
d:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-10-08 14:06:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-08 03:06

Pre-Run: 23,870,992,384 bytes free
Post-Run: 23,613,022,208 bytes free

- - End Of File - - BAC746FF96620A6D2AE5CAFA896919D9

broni · 2010/10/07

How is redirection?

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\acovcnt.exe


Folder::
c:\programdata\avg9

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring "=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
 "DisableMonitoring "=-
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

VirusVictim1 · 2010/10/08

Once Again Thankyou for your time

ComboFix 10-10-07.01 - ASUS 08/10/2010 15:20:07.2.2 - x86
Microsoft® Windows Vistaâ„¢ Ultimate 6.0.6002.2.1252.61.1033.18.2046.973 [GMT 11:00]
Running from: c:\users\ASUS\Desktop\ComboFix.exe
Command switches used :: c:\users\ASUS\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\acovcnt.exe "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\avg9
c:\programdata\avg9\Cfg\changecfgreg.cfg
c:\programdata\avg9\Cfg\krnl.cfg
c:\programdata\avg9\Cfg\mail.cfg
c:\programdata\avg9\Cfg\malrep.cfg
c:\programdata\avg9\Cfg\scan.cfg
c:\programdata\avg9\Cfg\sched.cfg
c:\programdata\avg9\Cfg\update.cfg
c:\programdata\avg9\Cfg\user.cfg
c:\programdata\avg9\CfgAll\falsealarm.cfg
c:\programdata\avg9\CfgAll\krnlall.cfg
c:\programdata\avg9\CfgAll\srmall.cfg
c:\programdata\avg9\CfgAll\updateall.cfg
c:\programdata\avg9\CfgAll\userall.cfg
c:\programdata\avg9\emc\Log\emc.log
c:\programdata\avg9\Log\avgcfg.log
c:\programdata\avg9\Log\avgcfg.log.lock
c:\programdata\avg9\Log\avgchjw.log
c:\programdata\avg9\Log\avgchjw.log.1
c:\programdata\avg9\Log\avgchjw.log.10
c:\programdata\avg9\Log\avgchjw.log.2
c:\programdata\avg9\Log\avgchjw.log.3
c:\programdata\avg9\Log\avgchjw.log.4
c:\programdata\avg9\Log\avgchjw.log.5
c:\programdata\avg9\Log\avgchjw.log.6
c:\programdata\avg9\Log\avgchjw.log.7
c:\programdata\avg9\Log\avgchjw.log.8
c:\programdata\avg9\Log\avgchjw.log.9
c:\programdata\avg9\Log\avgchjw.log.lock
c:\programdata\avg9\Log\avgchjwsrv.log
c:\programdata\avg9\Log\avgchjwsrv.log.1
c:\programdata\avg9\Log\avgchjwsrv.log.lock
c:\programdata\avg9\Log\avgcore.log
c:\programdata\avg9\Log\avgcore.log.1
c:\programdata\avg9\Log\avgcore.log.2
c:\programdata\avg9\Log\avgcore.log.lock
c:\programdata\avg9\Log\avgfrw.log
c:\programdata\avg9\Log\avgfrw.log.lock
c:\programdata\avg9\Log\avgldr.log
c:\programdata\avg9\Log\avgldr.log.lock
c:\programdata\avg9\Log\avglng.log
c:\programdata\avg9\Log\avglng.log.lock
c:\programdata\avg9\Log\avgns.log
c:\programdata\avg9\Log\avgns.log.lock
c:\programdata\avg9\Log\avgrs.log
c:\programdata\avg9\Log\avgrs.log.1
c:\programdata\avg9\Log\avgrs.log.10
c:\programdata\avg9\Log\avgrs.log.2
c:\programdata\avg9\Log\avgrs.log.3
c:\programdata\avg9\Log\avgrs.log.4
c:\programdata\avg9\Log\avgrs.log.5
c:\programdata\avg9\Log\avgrs.log.6
c:\programdata\avg9\Log\avgrs.log.7
c:\programdata\avg9\Log\avgrs.log.8
c:\programdata\avg9\Log\avgrs.log.9
c:\programdata\avg9\Log\avgrs.log.lock
c:\programdata\avg9\Log\avgscan.log
c:\programdata\avg9\Log\avgscan.log.lock
c:\programdata\avg9\Log\avgsched.log
c:\programdata\avg9\Log\avgsched.log.1
c:\programdata\avg9\Log\avgsched.log.10
c:\programdata\avg9\Log\avgsched.log.2
c:\programdata\avg9\Log\avgsched.log.3
c:\programdata\avg9\Log\avgsched.log.4
c:\programdata\avg9\Log\avgsched.log.5
c:\programdata\avg9\Log\avgsched.log.6
c:\programdata\avg9\Log\avgsched.log.7
c:\programdata\avg9\Log\avgsched.log.8
c:\programdata\avg9\Log\avgsched.log.9
c:\programdata\avg9\Log\avgsched.log.lock
c:\programdata\avg9\Log\avgsrm.log
c:\programdata\avg9\Log\avgsrm.log.lock
c:\programdata\avg9\Log\avgsrmacstat.log
c:\programdata\avg9\Log\avgsrmacstat.log.1
c:\programdata\avg9\Log\avgsrmacstat.log.lock
c:\programdata\avg9\Log\avgtdi.log
c:\programdata\avg9\Log\avgtdi.log.lock
c:\programdata\avg9\Log\avgui.log
c:\programdata\avg9\Log\avgui.log.1
c:\programdata\avg9\Log\avgui.log.lock
c:\programdata\avg9\Log\avgupd.log
c:\programdata\avg9\Log\avgupd.log.lock
c:\programdata\avg9\Log\avgwd.log
c:\programdata\avg9\Log\avgwd.log.1
c:\programdata\avg9\Log\avgwd.log.2
c:\programdata\avg9\Log\avgwd.log.3
c:\programdata\avg9\Log\avgwd.log.lock
c:\programdata\avg9\Log\avgwdsvc.log
c:\programdata\avg9\Log\avgwdsvc.log.lock
c:\programdata\avg9\Log\commonpriv.log
c:\programdata\avg9\Log\commonpriv.log.lock
c:\programdata\avg9\Log\fixcfg.log
c:\programdata\avg9\Log\fixcfg.log.lock
c:\programdata\avg9\Log\history.xml
c:\programdata\avg9\Log\vault.log
c:\programdata\avg9\Log\vault.log.lock
c:\programdata\avg9\scanlogs\I_00000001.log
c:\programdata\avg9\scanlogs\I_00000003.log
c:\programdata\avg9\scanlogs\I_00000005.log
c:\programdata\avg9\scanlogs\I_00000006.log
c:\programdata\avg9\scanlogs\I_00000007.log
c:\programdata\avg9\scanlogs\I_00000008.log
c:\programdata\avg9\scanlogs\I_00000009.log
c:\programdata\avg9\scanlogs\I_00000010.log
c:\programdata\avg9\scanlogs\I_00000011.log
c:\programdata\avg9\scanlogs\I_00000012.log
c:\programdata\avg9\scanlogs\I_00000013.log
c:\programdata\avg9\scanlogs\I_00000014.log
c:\programdata\avg9\scanlogs\I_00000015.log
c:\programdata\avg9\scanlogs\I_00000016.log
c:\programdata\avg9\scanlogs\I_00000017.log
c:\programdata\avg9\scanlogs\I_00000018.log
c:\programdata\avg9\scanlogs\srm.idx
c:\programdata\avg9\Temp\0ac34819-3c00-45e2-88e3-dff258398c1e-2ec-oopp.tmp
c:\programdata\avg9\Temp\13d67b73-c64c-4c63-abb7-5ad238ca3639-21cc-oopp.tmp
c:\programdata\avg9\Temp\18beed65-9e04-46c1-888d-a1708c8cc6d8-7cc-oopp.tmp
c:\programdata\avg9\Temp\1c157ad2-e644-4cfc-8553-dbd8d10c1921-2ec-oopp.tmp
c:\programdata\avg9\Temp\1d316955-0602-443a-a8f0-cfbf7538efb8-2f0-oopp.tmp
c:\programdata\avg9\Temp\2fe33b4a-858e-4722-9f9e-70fa0eae65e6-2f0-oopp.tmp
c:\programdata\avg9\Temp\3061c523-19f8-49f7-bdee-fe50845ea4c1-2ac-oopp.tmp
c:\programdata\avg9\Temp\37241f9c-cc72-4a12-baf2-2b90234f8d3d-2ec-oopp.tmp
c:\programdata\avg9\Temp\3965984d-f2a5-46d5-96c6-520b74673642-2b4-oopp.tmp
c:\programdata\avg9\Temp\6a45a137-2926-400f-a000-53f5f436e003-2b0-oopp.tmp
c:\programdata\avg9\Temp\71e71ede-e4b7-4e96-b709-a8fcdb5a729d-2f0-oopp.tmp
c:\programdata\avg9\Temp\72d4bd44-99d1-40ec-9e86-ca38efb4d39f-2ec-oopp.tmp
c:\programdata\avg9\Temp\7b7bdd86-500f-4db1-bb49-52107abe1988-2ec-oopp.tmp
c:\programdata\avg9\Temp\92949fb3-88c9-4bf6-bcf6-1aea72dec404-2ec-oopp.tmp
c:\programdata\avg9\Temp\993a0aae-f632-4633-9028-476314a6f331-2ec-oopp.tmp
c:\programdata\avg9\Temp\9ee94e40-3b45-45be-b14e-466138ae0baa-2f0-oopp.tmp
c:\programdata\avg9\Temp\a9e547ce-639b-4bf0-8367-d37700759996-2f4-oopp.tmp
c:\programdata\avg9\Temp\b572201a-0dbf-43ac-b668-8e5c265b74af-2ac-oopp.tmp
c:\programdata\avg9\Temp\c7f3a2f1-22a7-40ac-b0f7-5cec2f007647-2e0-oopp.tmp
c:\programdata\avg9\Temp\d32f5428-167e-4d66-8ad3-8d940e63cd3f-2ec-oopp.tmp
c:\programdata\avg9\Temp\dfd728b8-f03e-4e13-abf1-64ea28af452c-2ec-oopp.tmp
c:\programdata\avg9\Temp\e6ebae20-0846-48aa-8c10-3a0d103ffa1f-2f0-oopp.tmp
c:\programdata\avg9\Temp\fc35bb85-4908-4b9f-8b51-caae49129a49-2ac-oopp.tmp
c:\programdata\avg9\Temp\file9514.tmp
c:\programdata\avg9\update\backup\avg9us.lng
c:\programdata\avg9\update\backup\avgcorex.dll
c:\programdata\avg9\update\backup\avgemc.exe
c:\programdata\avg9\update\backup\avgfree_us.mht
c:\programdata\avg9\update\backup\avgssie.dll
c:\programdata\avg9\update\backup\avgxpl.dll
c:\programdata\avg9\update\backup\box_bottom_red.gif
c:\programdata\avg9\update\backup\box_top_red.gif
c:\programdata\avg9\update\backup\cf.dat
c:\programdata\avg9\update\backup\incavi.avm
c:\programdata\avg9\update\backup\sb.dat
c:\programdata\avg9\update\backup\sb.dat.xcd
c:\programdata\avg9\update\backup\sb2.dat
c:\programdata\avg9\update\backup\sc.dat
c:\programdata\avg9\update\backup\sc.dat.xcd
c:\programdata\avg9\update\prepare\temp\cty.cty
c:\windows\system32\acovcnt.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))))
.

2010-10-08 04:44 . 2010-10-08 04:44 -------- d-----w- c:\users\ASUS\AppData\Local\temp
2010-10-08 04:44 . 2010-10-08 04:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-08 04:44 . 2010-10-08 04:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-05 03:56 . 2010-10-05 03:56 -------- d-----w- c:\windows\system32\1040
2010-09-29 02:38 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-27 16:14 . 2007-04-12 04:19 129024 ----a-w- c:\windows\system32\AVERM.dll
2010-09-27 16:14 . 2006-09-26 03:57 28672 ----a-w- c:\windows\system32\AVEQT.dll
2010-09-20 14:35 . 2010-09-20 14:37 -------- d-----w- C:\Hotspot Shield
2010-09-19 06:26 . 2010-06-01 18:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-09-19 06:26 . 2010-06-01 18:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-09-19 06:26 . 2010-06-01 18:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-09-19 06:26 . 2010-05-26 01:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-09-19 06:26 . 2010-05-26 01:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-09-19 06:26 . 2010-05-26 01:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-09-19 06:26 . 2010-05-26 01:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-09-19 06:26 . 2010-05-26 01:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-09-15 06:36 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 06:35 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 06:35 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 06:35 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 14:10 . 2010-09-14 14:10 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-09-14 14:09 . 2010-09-14 14:12 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-14 14:05 . 2010-07-09 22:37 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-09-14 14:05 . 2010-07-09 22:37 5107816 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-09-14 14:05 . 2010-07-09 22:37 11008040 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-09-14 14:05 . 2010-07-09 22:37 14092904 ----a-w- c:\windows\system32\nvoglv32.dll
2010-09-14 14:05 . 2010-07-09 22:37 4553832 ----a-w- c:\windows\system32\nvcuda.dll
2010-09-14 14:05 . 2010-07-09 22:37 2892904 ----a-w- c:\windows\system32\nvcuvid.dll
2010-09-14 14:05 . 2010-07-09 22:37 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-09-14 14:05 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod1922.dll
2010-09-14 14:05 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-09-14 14:05 . 2010-07-09 22:37 10267240 ----a-w- c:\windows\system32\nvcompiler.dll
2010-09-14 12:20 . 2010-09-14 12:20 -------- d-----w- c:\program files\Cisco
2010-09-14 12:20 . 2010-09-14 12:20 -------- d-----w- c:\program files\Common Files\Intel
2010-09-14 12:14 . 2010-09-14 12:14 -------- d-----w- c:\program files\SystemRequirementsLab
2010-09-13 11:52 . 2010-09-13 11:52 -------- d-----w- c:\program files\Innovative Solutions
2010-09-11 18:34 . 2010-09-11 18:34 -------- d-----w- c:\users\ASUS\.dvdcss
2010-09-11 17:44 . 2010-09-11 17:59 -------- d-----w- c:\programdata\PopCap Games
2010-09-08 07:39 . 2010-09-08 07:39 -------- d-----w- c:\program files\Windows Portable Devices

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 03:01 . 2009-09-11 09:48 55637 ----a-w- c:\programdata\nvModes.dat
2010-10-08 02:56 . 2009-05-21 18:20 12 ----a-w- c:\windows\bthservsdp.dat
2010-10-07 16:02 . 2009-08-28 10:24 -------- d-----w- c:\users\ASUS\AppData\Roaming\BitTorrent
2010-10-01 16:45 . 2009-10-24 10:09 680 ----a-w- c:\users\ASUS\AppData\Local\d3d9caps.dat
2010-09-28 16:00 . 2009-10-06 12:20 8456 --sha-w- c:\programdata\KGyGaAvL.sys
2010-09-28 16:00 . 2009-10-06 12:20 8456 --sha-w- c:\programdata\KGyGaAvL.sys
2010-09-24 10:29 . 2009-06-12 10:39 -------- d-----w- c:\users\ASUS\AppData\Roaming\Vso
2010-09-24 10:29 . 2009-06-12 10:39 47360 ----a-w- c:\users\ASUS\AppData\Roaming\pcouffin.sys
2010-09-24 10:29 . 2009-06-12 10:39 47360 ----a-w- c:\users\ASUS\AppData\Roaming\pcouffin.sys
2010-09-20 14:37 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infpub.dat
2010-09-20 14:36 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-09-20 14:36 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstor.dat
2010-09-15 17:03 . 2009-05-22 03:48 -------- d-----w- c:\programdata\Microsoft Help
2010-09-15 17:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-14 14:22 . 2009-05-21 19:27 -------- d-----w- c:\programdata\NVIDIA
2010-09-14 12:20 . 2009-05-21 18:26 -------- d-----w- c:\program files\Intel
2010-09-13 11:52 . 2010-09-02 08:50 -------- d-----w- c:\programdata\Innovative Solutions
2010-09-12 06:46 . 2009-05-21 18:28 -------- d-----w- c:\program files\ASUS
2010-09-11 18:08 . 2010-09-04 08:47 81920 ----a-w- c:\users\ASUS\AppData\Roaming\ezpinst.exe
2010-09-11 18:08 . 2010-09-04 08:47 81920 ----a-w- c:\users\ASUS\AppData\Roaming\ezpinst.exe
2010-09-11 17:59 . 2010-08-14 06:23 -------- d-----w- c:\program files\PopCap Games
2010-09-11 17:46 . 2010-08-14 06:23 29 ----a-w- c:\windows\popcinfo.dat
2010-09-08 07:39 . 2006-11-02 10:25 665600 ----a-w- c:\windows\Inf\drvindex.dat
2010-09-08 07:38 . 2010-09-08 07:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-09-08 07:37 . 2010-09-08 07:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-09-06 18:22 . 2010-08-20 15:53 2 --shatr- c:\windows\winstart.bat
2010-09-06 17:07 . 2010-09-06 17:07 -------- d-----w- c:\programdata\Sony Corporation
2010-09-06 16:45 . 2010-01-09 12:27 -------- d-----w- c:\program files\Sony
2010-09-06 16:45 . 2009-05-21 18:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-06 16:03 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-09-06 16:03 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-09-06 16:03 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2010-09-06 16:03 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-09-06 16:03 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-09-06 16:03 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-09-06 09:14 . 2010-09-06 09:14 -------- d-----w- c:\program files\Common Files\Java
2010-09-06 09:13 . 2009-05-20 12:05 -------- d-----w- c:\program files\Java
2010-09-03 22:24 . 2010-09-03 22:24 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2010-09-03 22:24 . 2010-09-03 22:24 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-09-03 14:31 . 2010-04-01 11:53 -------- d-----w- c:\programdata\Avanquest Bluetooth SDK
2010-09-03 14:25 . 2010-09-03 14:25 -------- d-----w- c:\programdata\AvqBtEnum
2010-09-02 08:50 . 2010-09-02 08:50 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2010-09-01 17:16 . 2010-09-01 17:16 -------- d-----w- c:\users\ASUS\AppData\Roaming\Mael
2010-08-23 04:03 . 2010-08-23 04:03 10134 ----a-r- c:\users\ASUS\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-08-23 04:03 . 2010-08-23 04:03 -------- d-----w- c:\program files\Microsoft WSE
2010-08-20 16:33 . 2009-05-20 14:08 -------- d-----w- c:\users\ASUS\AppData\Roaming\Apple Computer
2010-08-20 11:45 . 2009-05-20 03:37 77552 ----a-w- c:\users\ASUS\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-18 15:01 . 2010-08-18 15:00 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-18 15:01 . 2010-08-18 15:00 -------- d-----w- c:\program files\iTunes
2010-08-18 15:00 . 2010-08-18 15:00 -------- d-----w- c:\program files\iPod
2010-08-18 15:00 . 2009-05-20 14:04 -------- d-----w- c:\program files\Common Files\Apple
2010-08-18 14:55 . 2010-08-18 09:50 -------- d-----w- c:\program files\QuickTime Alternative
2010-08-18 14:54 . 2010-08-18 14:54 -------- d-----w- c:\program files\Apple Software Update
2010-08-18 14:48 . 2010-08-18 14:48 -------- d-----w- c:\program files\Bonjour
2010-08-18 11:20 . 2010-03-21 00:51 -------- d-----w- c:\program files\SoundSpectrum
2010-08-18 11:17 . 2010-04-30 23:49 -------- d-----w- c:\users\ASUS\AppData\Roaming\Lionhead Studios
2010-08-18 09:51 . 2010-08-18 09:51 -------- d-----w- c:\users\ASUS\AppData\Roaming\MPEG Streamclip
2010-08-18 09:50 . 2009-05-20 14:06 -------- d-----w- c:\programdata\Apple Computer
2010-08-18 09:50 . 2010-08-18 09:50 -------- d-----w- c:\program files\Media Player Classic
2010-08-18 09:12 . 2010-08-18 09:09 -------- d-----w- c:\program files\AoA DVD Ripper
2010-08-18 09:09 . 2010-08-18 08:58 -------- d-----w- c:\program files\Xvid
2010-08-18 08:27 . 2010-08-18 08:27 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-08-12 11:42 . 2009-07-19 06:18 -------- d-----w- c:\users\ASUS\AppData\Roaming\dvdcss
2010-07-21 06:30 . 2010-07-21 06:30 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-16 19:00 . 2010-09-06 09:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-08-27 4702208]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-02 857648]
"ATKMEDIA "= "c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUS Camera ScreenSaver "= "c:\windows\ASScrProlog.exe" [2009-05-20 37232]
"ASUS Screen Saver Protector "= "c:\windows\ASScrPro.exe" [2009-05-21 33136]
"CognizanceTS "= "c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task "= "c:\program files\QuickTime Alternative\QTTask.exe" [2010-03-18 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@= "FSFilter Activity Monitor "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^Users^ASUS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration .LNK]
path=c:\users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
backup=c:\windows\pss\Registration .LNK.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-10 17:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2009-07-14 06:50 454144 ----a-w- d:\dvd's\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DS3 Tool]
2009-10-08 15:28 67584 ----a-w- c:\program files\MotioninJoy\ds3\DS3_Tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KONICA MINOLTA magicolor 2400W STD]
2005-06-22 06:38 184320 ----a-w- c:\windows\System32\MSTMON_S.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 05:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2007-07-19 19:18 778240 ----a-w- c:\program files\P4P\P4P.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-19 23:17 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2009-01-21 04:19 92168 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-05-21 12800]
R3 hidkmdf;MotioninJoy Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\DRIVERS\hidkmdf.sys [2009-05-27 4608]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\CA21.tmp [x]
R3 MijBThid;MotioninJoy BT HID DEVICE;c:\windows\system32\DRIVERS\MijBThid.sys [x]
R3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\DRIVERS\MijUfilt.sys [2009-10-03 17408]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2007-09-26 15416]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
S1 1UnHooker;1UnHooker;c:\windows\system32\DRIVERS\1UnHooker.sys [2010-03-02 22016]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101005.005\IDSvix86.sys [2010-09-15 353840]
S1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 23232]
S2 HssWd;Hotspot Shield Monitoring Service;d:\program files\Hotspot Shield\bin\hsswd.exe [2010-09-08 325168]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2007-10-31 46592]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 Ltn_hyd7700pc;TV tuner device ;c:\windows\system32\Drivers\Ltn_hyd7700pc.sys [2007-05-18 374144]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-05-31 6638080]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-08-22 48688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-07 c:\windows\Tasks\At1.job
- c:\windows\system32\WerFaultSSecure.exe [2010-09-06 13:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://optusnet.com.au/
uInternet Settings,ProxyOverride = *.scotchmel.vic.edu.au;<local>;*.local
uInternet Settings,ProxyServer = proxy.scotchmel.vic.edu.au:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath "= "\ "c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \ "N360\" /m \ "c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1 "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath "= "\??\c:\windows\system32\CA21.tmp "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2935061242-1754714829-2266503767-1000\S*: &*]
@Allowed: (Read) (RestrictedCode)
DUMPHIVE0.003 (REGF)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2010-10-08 15:46:03
ComboFix-quarantined-files.txt 2010-10-08 04:46
ComboFix2.txt 2010-10-08 03:06

Pre-Run: 28,099,661,824 bytes free
Post-Run: 28,066,922,496 bytes free

- - End Of File - - 6F15676871E6842B79AC68A39A3F8E2E

broni · 2010/10/08

How is redirection?
Click to expand...

.....

VirusVictim1 · 2010/10/08

Redirection now appears to be completly fixed thanyou so very much.

As an aside It now says "msvcr70.dll" mising repeatedly, is it just a metter or downloading the .dll & registering in comand prompt?

broni · 2010/10/08

Please, answer my question about redirection.

It now says "msvcr70.dll" mising repeatedly
Click to expand...

Says when?

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
Double-click SystemLook.exe to run it.

Vista users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box into the main textfield:
Code:
:filefind
msvcr70.dll
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

VirusVictim1 · 2010/10/08

Redirection now appears to be completly fixed thanyou so very much.

VirusVictim1 · 2010/10/08

SystemLook 04.09.10 by jpshortstuff
Log created at 16:32 on 08/10/2010 by ASUS
Administrator - Elevation successful

========== filefind ==========

Searching for "msvcr70.dll "
No files found.

-= EOF =-

broni · 2010/10/08

Attached is zipped file from my Vista.
Unzip it and put msvcr70.dll file into C:\Windows\System32 folder.

=========================================================

Good news regarding redirection

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

broni · 2010/10/14

Are you still out there?

VirusVictim1 · 2010/10/16

Sorry for late reply

OTL part 1
OTL logfile created on: 16/10/2010 4:21:37 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\ASUS\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 23.92 Gb Free Space | 20.55% Space Free | Partition Type: NTFS
Drive D: | 111.56 Gb Total Space | 47.98 Gb Free Space | 43.01% Space Free | Partition Type: NTFS
Drive E: | 7.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/16 16:18:18 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe
PRC - [2010/09/06 17:46:54 | 000,239,928 | ---- | M] (Systweak Inc., (www.systweak.com)) -- D:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
PRC - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/05 11:01:46 | 000,862,480 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/03/05 10:43:50 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/08/22 19:26:07 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/05/22 06:23:26 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/01 05:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/11/27 05:30:30 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2007/10/24 13:02:15 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
PRC - [2007/10/24 13:02:13 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
PRC - [2007/09/27 05:24:12 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
PRC - [2007/09/01 11:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007/08/27 16:10:19 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/08/08 18:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/04 06:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/04/20 05:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007/04/18 07:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007/02/07 04:29:59 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
PRC - [2007/02/06 12:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007/01/18 14:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007/01/18 13:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006/12/21 17:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006/12/19 11:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006/11/03 02:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2005/07/07 09:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe

========== Modules (SafeList) ==========

MOD - [2010/10/16 16:18:18 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe
MOD - [2009/04/11 00:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 13:22:45 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/09/06 17:46:54 | 000,239,928 | ---- | M] (Systweak Inc., (www.systweak.com)) [Auto | Running] -- D:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe -- (ASO3DiskOptimizer)
SRV - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/05 11:01:46 | 000,862,480 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010/03/05 10:43:50 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/09/25 12:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/22 19:26:07 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008/01/21 13:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/24 13:02:15 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE -- (IAANTMON) Intel(R)
SRV - [2007/08/08 18:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/04 06:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/02/07 04:29:59 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/02/06 12:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006/06/21 21:13:59 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\MijBThid.sys -- (MijBThid)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CA21.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ASUS\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/09/28 19:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101010.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/28 19:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101010.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/16 05:02:21 | 000,353,840 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101008.002\IDSvix86.sys -- (IDSVix86)
DRV - [2010/09/04 09:24:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/07/30 18:35:50 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Program Files\Advanced System Optimizer 3\adasprot32.sys -- (ADASPROT)
DRV - [2010/07/27 13:27:58 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/27 13:27:58 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/10 09:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/31 12:58:34 | 006,638,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2010/03/02 23:15:52 | 000,022,016 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\1UnHooker.sys -- (1UnHooker)
DRV - [2009/11/09 14:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/10/03 17:05:40 | 000,017,408 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijUfilt.sys -- (MotioninJoyUSBFilter)
DRV - [2009/08/22 19:26:08 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/08/22 19:26:08 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 19:26:08 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 19:26:08 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 19:26:08 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 19:26:08 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 19:26:08 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/22 19:26:08 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/19 21:03:36 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/19 06:20:55 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/05/27 21:40:34 | 000,004,608 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2009/05/22 05:54:53 | 000,012,800 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009/02/18 04:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/02/09 09:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 09:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 09:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 09:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/01/13 20:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/01/13 20:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/01/13 20:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/01/13 20:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008/01/21 13:21:35 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 13:21:35 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 13:21:35 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 13:21:34 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 13:21:34 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 13:21:34 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 13:21:33 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 13:21:33 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 13:21:33 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 13:21:33 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 13:21:32 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 13:21:32 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 13:21:32 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 13:21:31 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 13:21:31 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 13:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 13:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 13:21:30 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 13:21:29 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 13:21:29 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 13:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 13:21:28 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 13:21:09 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 13:21:09 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 13:21:09 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/06 18:12:48 | 000,196,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/10/31 22:55:59 | 000,046,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2007/10/01 17:59:45 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/09/30 02:03:11 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/09/27 09:03:42 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby)
DRV - [2007/08/28 19:46:37 | 001,951,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/03 15:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007/07/25 05:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007/06/21 07:51:27 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/06/17 15:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/05/19 08:50:21 | 000,374,144 | ---- | M] (Liteon) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ltn_hyd7700pc.sys -- (Ltn_hyd7700pc)
DRV - [2007/03/22 16:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/25 08:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 11:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2007/01/24 21:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007/01/24 10:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/14 18:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/02 20:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 20:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 20:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 20:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 20:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 20:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 20:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 20:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 20:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 20:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 20:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 19:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 19:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 19:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 19:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 19:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 19:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 18:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 18:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 18:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/05/17 04:13:59 | 000,023,232 | R--- | M] (Cognizance Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\itsdisk.sys -- (ItSDisk)
DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\Aspi32.sys -- (ASPI32)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SBKUPNT.SYS -- (SBKUPNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://optusnet.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.scotchmel.vic.edu.au;<local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.scotchmel.vic.edu.au:8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/22 14:33:04 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/10/08 15:44:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab (SysInfo Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-au.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative32) - C:\Windows\System32\sasnative32.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/10/16 16:18:00 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe
[2010/10/11 03:50:47 | 000,016,184 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\ROBoot.exe
[2010/10/11 03:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2010/10/11 03:36:56 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Systweak
[2010/10/11 03:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\hsswpr
[2010/10/09 12:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/10/09 12:37:12 | 000,196,608 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynCtrl.dll
[2010/10/09 12:37:12 | 000,163,840 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynCOM.dll
[2010/10/09 12:37:12 | 000,147,456 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynTPAPI.dll
[2010/10/09 12:37:12 | 000,110,592 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynTPCo4.dll
[2010/10/09 12:37:11 | 000,196,400 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys
[2010/10/08 15:53:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/08 15:46:05 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\temp
[2010/10/08 15:10:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/08 12:48:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/08 12:48:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/08 12:48:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/08 12:48:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/08 12:48:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/05 14:56:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\1040
[2010/09/21 01:35:05 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2010/09/19 17:23:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2010/09/15 01:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/09/15 01:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/09/15 01:05:27 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/09/14 23:20:29 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2010/09/14 23:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2010/09/14 23:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/09/13 22:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2010/09/12 05:34:07 | 000,000,000 | ---D | C] -- C:\Users\ASUS\.dvdcss
[2010/09/12 04:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2010/09/08 18:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/09/07 15:30:49 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\TVersity
[2010/09/07 04:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2010/09/07 03:02:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/09/07 03:02:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/09/07 03:02:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/09/07 02:53:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2010/09/07 01:44:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/09/06 20:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/09/06 20:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/04 09:24:40 | 000,032,768 | ---- | C] (AnchorFree Inc) -- C:\Windows\System32\drivers\taphss.sys
[2010/09/04 01:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AvqBtEnum
[2010/09/02 19:50:34 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Innovative Solutions
[2010/09/02 19:50:34 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal
[2010/09/02 19:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Innovative Solutions
[2010/09/02 19:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2010/09/02 04:16:58 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Mael
[2010/08/31 01:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/08/25 15:31:18 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\Electronic Arts
[2010/08/23 15:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010/08/21 03:18:52 | 000,000,000 | ---D | C] -- C:\Windows\RestoreSafeDeleted
[2010/08/21 02:47:32 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\RegRun2
[2010/08/20 01:27:39 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\VirtualDJ
[2010/08/19 02:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/19 02:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/19 02:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/19 01:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/19 01:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/18 20:51:49 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\MPEG Streamclip
[2010/08/18 20:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic
[2010/08/18 20:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2010/08/18 20:09:23 | 000,045,056 | ---- | C] (Adaptec) -- C:\Windows\System32\Wnaspi32.dll
[2010/08/18 20:09:23 | 000,016,877 | ---- | C] (Adaptec) -- C:\Windows\System32\drivers\Aspi32.sys
[2010/08/18 20:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\AoA DVD Ripper
[2010/08/18 19:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/08/18 19:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2010/08/16 01:07:28 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Windows
[2010/08/14 17:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2010/08/11 19:14:32 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/07 14:21:19 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\PeerNetworking
[2010/08/07 01:41:13 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\OJOsoft Corporation
[2010/08/07 01:40:46 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2010/08/07 01:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Common Share
[2010/08/07 01:40:45 | 000,351,744 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2010/08/03 21:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/07/28 05:00:21 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\SH4
[2009/06/12 21:39:22 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\ASUS\AppData\Roaming\pcouffin.sys
[2007/01/24 21:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[5 C:\Users\ASUS\Documents\*.tmp files -> C:\Users\ASUS\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/16 16:18:18 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe
[2010/10/16 15:46:35 | 000,055,637 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/10/16 15:46:35 | 000,055,637 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/10/16 15:46:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/16 15:46:19 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/16 15:46:19 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/14 22:48:15 | 000,850,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/14 22:48:15 | 000,233,308 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/14 22:39:58 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/14 22:38:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/10/12 01:09:37 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010/10/11 11:08:39 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\ASO-OneClickCare.job
[2010/10/11 11:07:48 | 000,001,828 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin
[2010/10/11 03:31:15 | 000,000,841 | ---- | M] () -- C:\Users\Public\Desktop\Smart PC Care.lnk
[2010/10/11 03:31:14 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Optimizer.lnk
[2010/10/11 01:55:46 | 000,155,790 | ---- | M] () -- C:\Users\ASUS\Desktop\msvcr70.zip
[2010/10/09 12:36:47 | 012,065,572 | ---- | M] () -- C:\Users\ASUS\Desktop\Touchpad_VT_080115.zip
[2010/10/08 16:30:20 | 000,075,264 | ---- | M] () -- C:\Users\ASUS\Desktop\SystemLook.exe
[2010/10/08 15:44:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/08 12:44:36 | 003,875,331 | R--- | M] () -- C:\Users\ASUS\Desktop\ComboFix.exe
[2010/10/07 17:32:20 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/10/07 13:48:28 | 000,293,376 | ---- | M] () -- C:\Users\ASUS\Desktop\rd8e2fdg.exe
[2010/10/07 12:36:54 | 000,080,384 | ---- | M] () -- C:\Users\ASUS\Desktop\MBRCheck.exe
[2010/10/07 00:08:12 | 000,525,824 | ---- | M] () -- C:\Users\ASUS\Desktop\dds.scr
[2010/10/05 02:06:48 | 733,722,100 | ---- | M] () -- C:\Users\ASUS\Desktop\Top Gear; Bolivia.avi
[2010/10/05 02:06:39 | 3693,416,606 | ---- | M] () -- C:\Users\ASUS\Desktop\Top Gear Vietnam.avi
[2010/10/03 02:09:29 | 000,348,049 | ---- | M] () -- C:\Users\ASUS\Documents\Douglas Hutchinson C.V.docx
[2010/10/02 21:02:13 | 000,136,885 | ---- | M] () -- C:\Users\ASUS\Documents\Douglas Hutchinson Resume.docx
[2010/10/02 21:00:02 | 000,000,162 | -H-- | M] () -- C:\Users\ASUS\Documents\~$uglas Hutchinson Resume.docx
[2010/10/02 20:22:45 | 000,140,286 | ---- | M] () -- C:\Users\ASUS\Documents\D Hutchinson Resume.docx
[2010/10/02 20:10:57 | 000,016,506 | ---- | M] () -- C:\Users\ASUS\Documents\shell.docx
[2010/10/02 19:48:14 | 000,014,547 | ---- | M] () -- C:\Users\ASUS\Documents\Douglas Hutchinson Cover.docx
[2010/10/02 03:45:43 | 000,000,680 | ---- | M] () -- C:\Users\ASUS\AppData\Local\d3d9caps.dat
[2010/09/29 03:00:58 | 000,008,456 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/09/24 21:43:42 | 000,000,172 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/09/24 21:29:39 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\ASUS\AppData\Roaming\pcouffin.sys
[2010/09/24 21:29:39 | 000,007,887 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\pcouffin.cat
[2010/09/24 21:29:39 | 000,001,144 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\pcouffin.inf
[2010/09/23 00:45:36 | 000,078,582 | ---- | M] () -- C:\Users\ASUS\Desktop\wales sign.jpg
[2010/09/22 17:43:16 | 000,375,032 | ---- | M] () -- C:\Users\ASUS\Desktop\wheel.jpg
[2010/09/22 13:30:14 | 000,000,634 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/09/21 21:35:38 | 000,650,060 | ---- | M] () -- C:\Users\ASUS\Desktop\grandad.jpg
[2010/09/21 20:40:30 | 001,532,199 | ---- | M] () -- C:\Users\ASUS\Desktop\P1000777.JPG
[2010/09/21 19:16:24 | 000,986,477 | ---- | M] () -- C:\Users\ASUS\Desktop\P1000776.JPG
[2010/09/19 17:16:01 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010/09/13 02:50:41 | 000,010,524 | ---- | M] () -- C:\Users\ASUS\Documents\black book.xlsx
[2010/09/12 05:08:09 | 000,081,920 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\ezpinst.exe
[2010/09/12 05:04:43 | 000,018,432 | ---- | M] () -- C:\Users\ASUS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/12 04:46:53 | 000,000,029 | ---- | M] () -- C:\Windows\popcinfo.dat
[2010/09/12 04:00:52 | 004,608,992 | ---- | M] () -- C:\Users\ASUS\Desktop\stuntin.mp3
[2010/09/08 18:38:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/09/08 18:37:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/09/07 16:30:54 | 000,000,653 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2010/09/07 05:22:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/09/07 05:22:48 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2010/09/07 05:22:48 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2010/09/07 03:07:42 | 000,303,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/06 17:47:32 | 000,016,184 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\ROBoot.exe
[2010/09/05 23:32:43 | 000,000,363 | ---- | M] () -- C:\Users\ASUS\Desktop\Downloads.lnk
[2010/09/04 09:24:40 | 000,032,768 | ---- | M] (AnchorFree Inc) -- C:\Windows\System32\drivers\taphss.sys
[2010/08/25 20:44:44 | 000,000,630 | ---- | M] () -- C:\Users\ASUS\Application Data\Microsoft\Internet Explorer\Quick Launch\TS3.exe.lnk
[2010/08/19 02:02:36 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/07 14:21:19 | 000,027,044 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\UserTile.png
[2010/07/30 18:35:50 | 000,017,136 | ---- | M] () -- C:\Windows\System32\sasnative32.exe
[5 C:\Users\ASUS\Documents\*.tmp files -> C:\Users\ASUS\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/11 03:55:59 | 000,000,404 | ---- | C] () -- C:\Windows\tasks\ASO-OneClickCare.job
[2010/10/11 03:50:47 | 000,001,828 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2010/10/11 03:31:19 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2010/10/11 03:31:15 | 000,000,841 | ---- | C] () -- C:\Users\Public\Desktop\Smart PC Care.lnk
[2010/10/11 03:31:14 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Optimizer.lnk
[2010/10/11 01:55:43 | 000,155,790 | ---- | C] () -- C:\Users\ASUS\Desktop\msvcr70.zip
[2010/10/09 12:37:12 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2010/10/09 12:36:47 | 012,065,572 | ---- | C] () -- C:\Users\ASUS\Desktop\Touchpad_VT_080115.zip
[2010/10/09 12:06:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2010/10/08 16:30:18 | 000,075,264 | ---- | C] () -- C:\Users\ASUS\Desktop\SystemLook.exe
[2010/10/08 12:48:24 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/08 12:48:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/08 12:48:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/08 12:48:24 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/08 12:48:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/08 12:44:35 | 003,875,331 | R--- | C] () -- C:\Users\ASUS\Desktop\ComboFix.exe
[2010/10/07 13:48:23 | 000,293,376 | ---- | C] () -- C:\Users\ASUS\Desktop\rd8e2fdg.exe
[2010/10/07 12:36:51 | 000,080,384 | ---- | C] () -- C:\Users\ASUS\Desktop\MBRCheck.exe
[2010/10/07 00:08:02 | 000,525,824 | ---- | C] () -- C:\Users\ASUS\Desktop\dds.scr
[2010/10/06 16:26:18 | 000,097,280 | ---- | C] () -- C:\Users\ASUS\Desktop\f-lgate.exe
[2010/10/05 14:56:08 | 000,000,364 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/10/02 21:00:02 | 000,000,162 | -H-- | C] () -- C:\Users\ASUS\Documents\~$uglas Hutchinson Resume.docx
[2010/10/02 20:21:13 | 000,140,286 | ---- | C] () -- C:\Users\ASUS\Documents\D Hutchinson Resume.docx
[2010/10/02 20:10:56 | 000,016,506 | ---- | C] () -- C:\Users\ASUS\Documents\shell.docx
[2010/10/02 19:50:14 | 000,136,885 | ---- | C] () -- C:\Users\ASUS\Documents\Douglas Hutchinson Resume.docx
[2010/10/02 19:48:12 | 000,014,547 | ---- | C] () -- C:\Users\ASUS\Documents\Douglas Hutchinson Cover.docx
[2010/09/28 03:14:18 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2010/09/28 03:14:18 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2010/09/23 00:55:07 | 000,078,582 | ---- | C] () -- C:\Users\ASUS\Desktop\wales sign.jpg
[2010/09/22 18:43:13 | 001,513,324 | ---- | C] () -- C:\Users\ASUS\Desktop\P1000637.JPG
[2010/09/22 17:43:15 | 000,375,032 | ---- | C] () -- C:\Users\ASUS\Desktop\wheel.jpg
[2010/09/22 13:30:14 | 000,000,634 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/09/21 19:27:22 | 000,650,060 | ---- | C] () -- C:\Users\ASUS\Desktop\grandad.jpg
[2010/09/21 19:12:03 | 000,986,477 | ---- | C] () -- C:\Users\ASUS\Desktop\P1000776.JPG
[2010/09/21 19:11:59 | 001,532,199 | ---- | C] () -- C:\Users\ASUS\Desktop\P1000777.JPG
[2010/09/19 17:16:01 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010/09/15 01:05:27 | 000,009,596 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010/09/13 22:52:28 | 000,047,984 | ---- | C] () -- C:\Windows\System32\AdvUninstCPL.cpl
[2010/09/12 21:42:29 | 000,010,524 | ---- | C] () -- C:\Users\ASUS\Documents\black book.xlsx
[2010/09/12 04:10:56 | 004,608,992 | ---- | C] () -- C:\Users\ASUS\Desktop\stuntin.mp3
[2010/09/08 18:38:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/09/08 18:37:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/09/07 16:30:54 | 000,000,653 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2010/09/07 02:39:04 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2010/09/07 02:39:00 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010/09/07 02:39:00 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2010/09/07 02:38:59 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/09/07 02:38:49 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2010/09/07 02:38:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/09/07 02:38:40 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2010/09/07 02:36:43 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/09/07 02:36:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\WerFaultSSecure.exe
[2010/09/07 02:36:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/09/07 02:35:54 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2010/09/07 02:35:54 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2010/09/07 02:35:51 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010/09/05 23:32:12 | 000,000,363 | ---- | C] () -- C:\Users\ASUS\Desktop\Downloads.lnk
[2010/09/04 19:47:13 | 000,081,920 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\ezpinst.exe
[2010/08/25 20:44:13 | 000,000,630 | ---- | C] () -- C:\Users\ASUS\Application Data\Microsoft\Internet Explorer\Quick Launch\TS3.exe.lnk
[2010/08/21 02:53:55 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2010/08/19 02:02:36 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/18 20:09:23 | 000,004,455 | ---- | C] () -- C:\Windows\System\Winaspi.dll
[2010/08/18 20:09:23 | 000,003,535 | ---- | C] () -- C:\Windows\System\Wowpost.exe
[2010/08/18 19:58:42 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/08/14 17:23:42 | 000,000,029 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/08/07 14:21:19 | 000,027,044 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\UserTile.png
[2010/03/02 23:15:52 | 000,022,016 | ---- | C] () -- C:\Windows\System32\drivers\1UnHooker.sys
[2010/02/28 23:36:33 | 000,126,464 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/02/20 01:35:17 | 000,009,826 | -HS- | C] () -- C:\Users\ASUS\AppData\Local\NLF6AMiFd8F
[2009/11/09 15:50:28 | 001,945,088 | ---- | C] () -- C:\Windows\System32\avcodec.dll
[2009/11/09 15:50:28 | 000,219,136 | ---- | C] () -- C:\Windows\System32\avformat.dll
[2009/11/09 15:50:28 | 000,022,528 | ---- | C] () -- C:\Windows\System32\avutil.dll
[2009/11/09 15:50:05 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/10/24 21:09:33 | 000,000,680 | ---- | C] () -- C:\Users\ASUS\AppData\Local\d3d9caps.dat
[2009/10/10 11:05:22 | 000,014,976 | ---- | C] () -- C:\Windows\System32\drivers\SBKUPNT.SYS
[2009/10/10 11:04:46 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2009/10/06 23:20:29 | 000,008,456 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/10/06 23:20:29 | 000,000,168 | RHS- | C] () -- C:\ProgramData\F14B019083.sys
[2009/09/11 20:48:04 | 000,055,637 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/09/11 20:48:04 | 000,055,637 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/17 11:39:16 | 000,000,551 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\AutoGK.ini
[2009/06/12 23:49:01 | 000,019,639 | ---- | C] () -- C:\Windows\MSTMON_S.INI
[2009/06/12 23:49:01 | 000,019,479 | ---- | C] () -- C:\Windows\MSUMLT_S.INI
[2009/06/12 23:16:00 | 000,018,432 | ---- | C] () -- C:\Users\ASUS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/12 21:42:50 | 000,000,172 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/06/12 21:40:05 | 000,000,033 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\pcouffin.log
[2009/06/12 21:39:22 | 000,007,887 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\pcouffin.cat
[2009/06/12 21:39:22 | 000,001,144 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\pcouffin.inf
[2009/05/22 05:51:48 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009/05/21 15:45:43 | 000,054,932 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\nvModes.001
[2009/05/21 14:52:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfmonnt.dll
[2009/05/21 14:43:13 | 000,054,932 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\nvModes.dat
[2009/05/20 23:01:27 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008/04/24 03:48:58 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008/01/21 13:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/10/01 17:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/05/09 18:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2006/11/02 23:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/04/03 10:29:59 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[1998/05/06 15:09:59 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

VirusVictim1 · 2010/10/16

OTL part 2

========== LOP Check ==========

[2010/05/20 20:05:37 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Atari
[2010/10/14 23:30:33 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\BitTorrent
[2009/09/11 20:14:24 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Blitware
[2009/09/07 23:21:44 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\CasualForge
[2010/05/16 15:47:09 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\DivoGames
[2010/10/11 03:42:34 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\EndNote
[2009/06/19 11:51:07 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\GetRightToGo
[2009/10/29 08:53:03 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Leadertech
[2010/08/18 22:17:58 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Lionhead Studios
[2010/09/02 04:16:58 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Mael
[2009/12/07 00:25:33 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\MotioninJoy
[2009/08/29 00:30:06 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Mp3 Audio Editor
[2010/08/18 20:51:49 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\MPEG Streamclip
[2009/09/14 11:38:11 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\NCH Swift Sound
[2009/08/19 21:26:27 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Nokia
[2009/08/19 21:26:49 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\PC Suite
[2010/08/07 14:21:19 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\PeerNetworking
[2009/08/28 21:43:57 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\SlySoft
[2010/01/09 23:28:48 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Sony
[2010/01/09 23:26:21 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Sony Setup
[2010/03/21 11:56:32 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\SoundSpectrum
[2010/10/11 03:36:56 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Systweak
[2010/02/06 14:14:38 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Tropico 3
[2010/05/31 16:08:17 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Ulead Systems
[2010/10/11 03:42:34 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\uTorrent
[2010/09/24 21:29:40 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Vso
[2010/01/09 23:45:48 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Xilisoft Corporation
[2009/07/13 13:00:09 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Youdagames
[2010/10/11 11:08:39 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\ASO-OneClickCare.job
[2010/10/07 17:32:20 | 000,000,364 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/10/14 22:38:48 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/19 08:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 00:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/04/23 20:19:29 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/05/20 14:28:29 | 000,411,914 | ---- | M] () -- C:\ciam_uninstall.log
[2009/05/20 14:28:17 | 000,016,254 | ---- | M] () -- C:\ciam_uninstall_0520-1328.log
[2010/10/08 15:46:03 | 000,026,089 | ---- | M] () -- C:\ComboFix.txt
[2006/09/19 08:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/05/20 23:01:28 | 000,019,344 | ---- | M] () -- C:\devlist.txt
[2009/05/20 23:01:28 | 000,000,009 | ---- | M] () -- C:\Finish.log
[2007/06/23 00:46:10 | 000,000,018 | ---- | M] () -- C:\GC21.txt
[2010/10/14 22:39:58 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/14 23:37:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/12/24 15:38:07 | 001,048,576 | ---- | M] () -- C:\M51SnAS.BIN
[2008/01/02 14:17:53 | 000,000,014 | ---- | M] () -- C:\M51Sn_Vista.20
[2009/07/14 23:37:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/14 22:39:58 | 2460,463,104 | -HS- | M] () -- C:\pagefile.sys
[2009/05/21 17:09:08 | 000,000,105 | ---- | M] () -- C:\Pass.txt
[2007/10/15 20:25:26 | 000,000,012 | ---- | M] () -- C:\RECOVERY.DAT
[2009/05/20 23:01:28 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2009/08/21 13:28:14 | 000,000,454 | ---- | M] () -- C:\Scanner.ECF
[2009/05/20 23:01:28 | 000,000,086 | ---- | M] () -- C:\setup.log
[2006/05/16 11:22:24 | 000,000,005 | ---- | M] () -- C:\store.log
[2009/05/20 23:01:28 | 000,000,166 | ---- | M] () -- C:\SumHidd.txt
[2009/05/20 23:01:28 | 000,000,098 | ---- | M] () -- C:\SumOS.txt
[2007/12/07 07:22:16 | 000,000,023 | ---- | M] () -- C:\V54.TXT

< %systemroot%\Fonts\*.com >
[2006/11/02 23:35:26 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 23:35:26 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 23:35:26 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/09/07 02:50:48 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/19 08:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/21 13:21:22 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 23:34:09 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2005/03/08 15:47:30 | 000,010,752 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\MIMFPR_S.DLL
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2005/11/09 15:09:40 | 000,019,479 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\MSUMLT_S.INI

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/05/20 23:01:27 | 000,503,808 | ---- | M] (ScreenTime Media) -- C:\Windows\Asus_Camera_ScreenSaver.scr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 13:41:56 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 14:16:46 | 017,956,864 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/10/15 16:34:53 | 000,000,221 | -HS- | M] () -- C:\Users\ASUS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/09/15 01:04:27 | 118,868,296 | ---- | M] (NVIDIA Corporation) -- C:\Users\ASUS\Desktop\258.96_notebook_winvista_win7_32bit_international_whql.exe
[2010/10/08 12:44:36 | 003,875,331 | R--- | M] () -- C:\Users\ASUS\Desktop\ComboFix.exe
[2010/09/19 17:23:41 | 000,288,088 | ---- | M] (Microsoft Corporation) -- C:\Users\ASUS\Desktop\dxwebsetup.exe
[2010/09/02 03:29:00 | 027,248,328 | ---- | M] (Sony Corporation) -- C:\Users\ASUS\Desktop\EP0000220888.exe
[2003/05/16 17:08:04 | 000,097,280 | ---- | M] () -- C:\Users\ASUS\Desktop\f-lgate.exe
[2010/09/14 23:16:24 | 031,821,016 | ---- | M] (Intel(R) Corporation) -- C:\Users\ASUS\Desktop\ICS_v32.exe
[2010/10/07 12:36:54 | 000,080,384 | ---- | M] () -- C:\Users\ASUS\Desktop\MBRCheck.exe
[2010/10/16 16:18:18 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe
[2010/10/07 13:48:28 | 000,293,376 | ---- | M] () -- C:\Users\ASUS\Desktop\rd8e2fdg.exe
[2010/10/08 16:30:20 | 000,075,264 | ---- | M] () -- C:\Users\ASUS\Desktop\SystemLook.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2007/10/10 19:53:06 | 000,000,750 | R--- | M] () -- C:\Windows\AppPatch\Custom\{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2006/11/02 23:33:56 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/05/20 14:37:29 | 000,000,402 | -HS- | M] () -- C:\Users\ASUS\Favorites\desktop.ini
[2010/10/12 01:59:43 | 000,000,479 | ---- | M] () -- C:\Users\ASUS\Favorites\Free Games Download!.lnk
[2010/10/12 01:59:43 | 000,000,468 | ---- | M] () -- C:\Users\ASUS\Favorites\NCH Audio and Telephony Software.lnk
[2010/10/12 01:59:43 | 000,000,473 | ---- | M] () -- C:\Users\ASUS\Favorites\Play Games Online!.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/09/24 21:43:42 | 000,000,172 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/05/31 16:28:25 | 000,000,168 | RHS- | M] () -- C:\ProgramData\F14B019083.sys
[2010/09/29 03:00:58 | 000,008,456 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/10/16 15:46:35 | 000,055,637 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
ASUS Camera ScreenSaver Uninstaller.exe
ASUS Camera ScreenSaver.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[2002/07/17 17:22:34 | 000,003,535 | ---- | M] () -- C:\Windows\system\Wowpost.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\ASUS\Desktop\Top Gear; Bolivia.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\ASUS\Desktop\Top Gear Vietnam.avi:TOC.WMV
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:A26AFC00
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:3694B46B
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:96EE29A3
@Alternate Data Stream - 152 bytes -> C:\Users\ASUS\Desktop\ref.JPG:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:A9662AE0
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:30FD0CBD
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9DC8DCB
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:1740DC47

< End of report >

VirusVictim1 · 2010/10/16

Extras

OTL Extras logfile created on: 16/10/2010 4:21:37 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\ASUS\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 23.92 Gb Free Space | 20.55% Space Free | Partition Type: NTFS
Drive D: | 111.56 Gb Total Space | 47.98 Gb Free Space | 43.01% Space Free | Partition Type: NTFS
Drive E: | 7.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\BitTorrent\bittorrent.exe" = D:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0446FA6B-750D-4886-85EF-7F9AA00CC084}" = rport=138 | protocol=17 | dir=out | app=system |
"{08DBE49D-0ED0-4FD9-A90F-134DB4213C74}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0FD5AC01-272C-457F-8AD3-32AE8268E5B4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{131A6448-7A61-4400-B775-93A8C2E82471}" = lport=138 | protocol=17 | dir=in | app=system |
"{179DBDE3-CF46-4021-8D44-D37F6D0B5923}" = rport=445 | protocol=6 | dir=out | app=system |
"{18B6F8FC-422A-4614-9A31-CEA7264FBA97}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1EA53B14-4A3F-4BA5-AE91-C0506AA2154E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{474E55C0-0565-4764-A430-22C180B9E525}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4777F794-81AC-4197-AC5D-392C854AA9E6}" = lport=445 | protocol=6 | dir=in | app=system |
"{81607461-7B95-4A0C-91E5-8A98BA81407E}" = rport=139 | protocol=6 | dir=out | app=system |
"{99EC5490-5D52-4D4B-9802-28241D258822}" = lport=139 | protocol=6 | dir=in | app=system |
"{9A6AB3FF-E037-494F-909A-3AD1D3874D23}" = rport=137 | protocol=17 | dir=out | app=system |
"{A44068BB-4081-48D8-8A2E-32936BF0218D}" = lport=137 | protocol=17 | dir=in | app=system |
"{BAE538E5-EDDA-46EE-B34A-B448E4760B3C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C78A521C-84C8-4149-99AA-1117A4057CE5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D9E232AA-0BED-4081-8D19-23F38742042B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E5075959-099A-4262-9851-81A2B4DF15B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA55D4E2-EDA0-43AB-B40F-52EF062094D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040B457E-711F-4328-A5EC-6FEEC136877B}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{273432A0-FF74-4EAB-80B2-5979214E1A5F}" = protocol=6 | dir=in | app=d:\music\itunes\itunes.exe |
"{307A507C-D637-4A25-A43B-64532E9B27D5}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{54FDA7C1-553E-43E8-8572-63561F9B4DE4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5944F3FF-A344-4DBB-BFD1-AFC70E8C0D9E}" = protocol=17 | dir=in | app=d:\music\itunes\itunes.exe |
"{5BD596E2-566C-494E-815E-24F6B6A33058}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{623FD501-4233-474E-976B-4586D0B67B9B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{65580BDC-EFD5-426B-8839-9E231ACD7512}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{71093BF7-F3B5-48B2-ABAB-E122FF563C8D}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{86E7FE1F-3337-4C3B-8539-7D0EBB40CB2B}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{910DFDE0-D1BA-4A93-810E-66B4A8F556F7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{92868C6D-B486-404F-A858-FF7FD48B61C6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9F59DB08-3ED7-4B8B-A2FC-4E5BB9AEE8E6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A2C67956-8B35-4818-B1E9-20A7CFFC42C0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AC311A0B-EE6A-4411-AFD3-42D8E89082E9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B5217C86-A7CF-4FFA-B390-2EE5ABA0B35F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BBDA8424-5589-40D8-9010-A87B9BC08187}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C766EC74-7EB0-4F95-9AD8-C01FE7A6B651}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CA3E9B34-28C9-4AD3-9B77-A2802C81D80D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CF923158-15A1-4160-A8B7-2AAC29E2591F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F37FCB57-A171-43FF-8F0C-D783F8ECAC4A}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe |
"TCP Query User{5E361E04-EE04-4846-A740-55ACA959CC21}D:\empire earth\empire earth.exe" = protocol=6 | dir=in | app=d:\empire earth\empire earth.exe |
"UDP Query User{BA0FBF8A-2E0B-4129-857D-AC535ACFACDC}D:\empire earth\empire earth.exe" = protocol=17 | dir=in | app=d:\empire earth\empire earth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play with PlayStation®3
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter Wolves of the Pacific
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2396F815-84E0-4353-83D7-8B190556DA42}" = ASUS CopyProtect
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{29CB3A0C-8980-45B6-95A0-B1118B776C5A}" = Fly The Airbus A380 v2 for FSX
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{699F8C4C-B519-40E7-BBF4-82AEA146C5C8}" = Remote Play with PlayStation 3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CB8279B-F11B-437C-AC58-C91AA3482F8D}" = Intel(R) PROSet/Wireless WiFi Software
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A1E21995-127E-4B7F-8C4D-CB04AA8A58EF}_is1" = Advanced System Optimizer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B39B9FA0-E911-4813-B722-82E9EB8466DC}" = VOB2MPG v3
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Simsâ„¢ 3
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}" = VistaFeaturePack
"{D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}" = ASUS Security Protect Manager
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1Click DVD Converter_is1" = 1Click DVD Converter 1.2.1.0
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"AU10_is1" = Advanced Uninstaller PRO - Version 10
"CloneDVD2" = CloneDVD2
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DivX Setup.divx.com" = DivX Setup
"DoremiSoft AVI to MP4 Converter" = DoremiSoft AVI to MP4 Converter 1.0
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"FLV Player" = FLV Player 2.0 (build 25)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImTOO DVD Ripper Platinum 5" = ImTOO DVD Ripper Platinum 5
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}" = VistaFeaturePack
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"KONICA MINOLTA magicolor 2400W" = KONICA MINOLTA magicolor 2400W
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"N360" = Norton 360
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OJOsoft Audio Converter_is1" = OJOsoft Audio Converter
"PowerISO" = PowerISO
"ProInst" = Intel PROSet Wireless
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ultra Video Joiner_is1" = Ultra Video Joiner 5.2.0108
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WavePad" = WavePad Sound Editor
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver
"Worms Reloaded_is1" = Worms Reloaded
"Xilisoft AVI to DVD Converter" = Xilisoft AVI to DVD Converter
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/10/2010 12:46:19 AM | Computer Name = ASUS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 50714896

Error - 16/10/2010 12:46:20 AM | Computer Name = ASUS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 16/10/2010 12:46:20 AM | Computer Name = ASUS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 50715910

Error - 16/10/2010 12:46:20 AM | Computer Name = ASUS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 50715910

Error - 16/10/2010 12:46:22 AM | Computer Name = ASUS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 16/10/2010 12:46:22 AM | Computer Name = ASUS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 50717829

Error - 16/10/2010 12:46:22 AM | Computer Name = ASUS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 50717829

Error - 16/10/2010 12:46:24 AM | Computer Name = ASUS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 16/10/2010 12:46:24 AM | Computer Name = ASUS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 50719576

Error - 16/10/2010 12:46:24 AM | Computer Name = ASUS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 50719576

[ ASUS Security Protect Manager Events ]
Error - 14/04/2010 9:01:56 PM | Computer Name = ASUS-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: ASUS@ASUS-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 20/05/2010 4:30:34 AM | Computer Name = ASUS-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: ASUS@ASUS-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 20/05/2010 4:30:38 AM | Computer Name = ASUS-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: ASUS@ASUS-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 25/07/2010 10:22:49 AM | Computer Name = ASUS-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: ASUS@ASUS-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 28/07/2010 5:19:07 PM | Computer Name = ASUS-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: ASUS@ASUS-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 30/07/2010 6:57:56 PM | Computer Name = ASUS-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: ASUS@ASUS-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 30/08/2010 3:52:04 AM | Computer Name = ASUS-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: ASUS@ASUS-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 12/10/2010 9:26:35 AM | Computer Name = ASUS-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: ASUS@ASUS-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 12/10/2010 9:26:47 AM | Computer Name = ASUS-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: ASUS@ASUS-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 14/10/2010 7:40:17 AM | Computer Name = ASUS-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: ASUS@ASUS-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

[ OSession Events ]
Error - 3/06/2009 6:09:13 PM | Computer Name = ASUS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 128075
seconds with 6420 seconds of active time. This session ended with a crash.

Error - 3/08/2009 9:54:36 PM | Computer Name = ASUS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 1083
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28/10/2009 10:18:22 PM | Computer Name = ASUS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 19082
seconds with 3660 seconds of active time. This session ended with a crash.

Error - 12/08/2010 1:11:06 AM | Computer Name = ASUS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3462
seconds with 60 seconds of active time. This session ended with a crash.

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Log in or Sign up

Solved Google Redirect Virus Vista

VirusVictim1 Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

VirusVictim1 Inactive Thread Starter

broni Moderator Malware Analyst

VirusVictim1 Inactive Thread Starter

broni Moderator Malware Analyst

VirusVictim1 Inactive Thread Starter

broni Moderator Malware Analyst

VirusVictim1 Inactive Thread Starter

broni Moderator Malware Analyst

VirusVictim1 Inactive Thread Starter

broni Moderator Malware Analyst

VirusVictim1 Inactive Thread Starter

VirusVictim1 Inactive Thread Starter

broni Moderator Malware Analyst

Attached Files:

msvcr70.zip

broni Moderator Malware Analyst

VirusVictim1 Inactive Thread Starter

VirusVictim1 Inactive Thread Starter

VirusVictim1 Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Google Redirect Virus Vista

VirusVictim1 Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

VirusVictim1 Inactive Thread Starter

broni Moderator Malware Analyst

VirusVictim1 Inactive Thread Starter

broni Moderator Malware Analyst

VirusVictim1 Inactive Thread Starter

broni Moderator Malware Analyst

VirusVictim1 Inactive Thread Starter

broni Moderator Malware Analyst

VirusVictim1 Inactive Thread Starter

broni Moderator Malware Analyst

VirusVictim1 Inactive Thread Starter

VirusVictim1 Inactive Thread Starter

broni Moderator Malware Analyst

Attached Files:

msvcr70.zip

broni Moderator Malware Analyst

VirusVictim1 Inactive Thread Starter

VirusVictim1 Inactive Thread Starter

VirusVictim1 Inactive Thread Starter

Share This Page

Useful Searches