Solved Google redirect issue. r3.google.com/*

gmaatt · 2010/10/21

[Resolved] Google redirect issue. r3.google.com/*

Hi,

I use windows ultimate and the firefox browser. dds logs are below.
I have experienced the following problems, all of a sudden.
When using google to search for items, on clicking the links in the results, either;

the link will not open (only by rightclicking and open in new tab)
i get redirected to advertisement pages
advertisment pages open in new firefox dialog windows
pages when loading will hang despite activity indicated in the bottom left corner
i am having to use iexplorer now to access this forum.

at the bottom right corner i see r3.google.com/((the intended destination site url and goobledegook))

epoclick is a common unintended destination as is immediatesearch, as is josearch monster and ebay!

generally if i click back i end up on the intended page

i have also ended up on a bank page with a button dialog at the top left corner which states "no document" (if i remember correctly)

I have reinstalled the operating system to no avail and have run, s&d, malwarebytes, lavasoft adaware and ms security essentials which have identified stuff, i think cookies but have not repaired the problem.

I would be ever so grateful for your direction in removing this affliction.

(btw, it was by way of windowsbbs that I was able to identify the issue as google redirect)

DDS logs are included in the next post(s)

gmaatt · 2010/10/21

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 20/10/2010 11:10:39
System Uptime: 21/10/2010 07:48:57 (2 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA770-DS3
Processor: AMD Phenom(tm) 9750 Quad-Core Processor | Socket M2 | 2400/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 98 GiB total, 70.129 GiB free.
D: is FIXED (NTFS) - 200 GiB total, 35.867 GiB free.
E: is FIXED (NTFS) - 75 GiB total, 17.414 GiB free.
F: is FIXED (NTFS) - 98 GiB total, 49.451 GiB free.
G: is FIXED (NTFS) - 195 GiB total, 45.783 GiB free.
H: is FIXED (NTFS) - 303 GiB total, 54.554 GiB free.
I: is CDROM (UDF)
J: is Removable
K: is Removable
L: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP11: 20/10/2010 18:03:54 - Installed Paint Shop Pro 7 ESD
RP12: 20/10/2010 18:07:09 - Installed Pinnacle Studio 14.
RP13: 20/10/2010 18:13:08 - Installed Pinnacle Video Driver.
RP14: 20/10/2010 18:22:32 - Windows Update
RP15: 20/10/2010 22:58:58 - Installed ZoomCam M1598
RP16: 21/10/2010 08:06:15 - Removed TMPGEnc 4.0 XPress

==== Installed Programs ======================

Ad-Aware
Adobe Acrobat 9 Pro Extended - English, FranÃ§ais, Deutsch
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
BBC iPlayer Desktop
Connect
DivX Setup
DolbyFiles
EPSON Stylus SX200 Series Printer Uninstall
Google Calendar Sync
GrabIt 1.7.2 Beta 4 (build 997)
Image Resizer Powertoy Clone for Windows
ImagXpress
Knoll Light Factory EZ Studio
kuler
Menu Templates - Starter Kit
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Forefront UAG endpoint components v4.0.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Movie Templates - Starter Kit
Mozilla Firefox (3.6.10)
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero Disc Copy Gadget
Nero Installer
NeroBurningROM
Norton Internet Security
NVIDIA Display Control Panel
NVIDIA Drivers
Paint Shop Pro 7 ESD
PDF Settings CS4
Photoshop Camera Raw
Pinnacle Studio 14
Pinnacle Studio Ultimate Collection Plugins
Pinnacle Video Driver
PVSonyDll
Red Giant ToonIt Studio
Spybot - Search & Destroy
Suite Shared Configuration CS4
SUPERAntiSpyware
Trapcode 3DStroke Studio
Trapcode Particular Studio
Trapcode Shine Studio
VC80CRTRedist - 8.0.50727.4053
VirtualCloneDrive
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WinRAR archiver
Yahoo! Messenger
ZoomCam M1598

==== Event Viewer Messages From Past Week ========

21/10/2010 09:05:01, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
21/10/2010 07:47:17, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
20/10/2010 17:18:19, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
20/10/2010 11:59:12, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

==== End Of File ===========================

DDS (Ver_10-10-10.03) - NTFSx86
Run by daddy at 9:29:41.24 on 21/10/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3326.1828 [GMT 1:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\daddy\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = https://portal.newham.gov.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GR469A~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe "
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe "
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
StartupFolder: c:\users\daddy\appdata\roaming\micros~1\windows\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\progra~1\mid171~1\endpoi~1\318fb7~1.0\WhlLSP.dll
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://portal.newham.gov.uk/InternalSite/WhlCompMgr.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GRA32A~1.DLL
AppInit_DLLs: c:\windows\system32\acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GR469A~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\daddy\appdata\roaming\mozilla\firefox\profiles\edqlrn0v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\ipsffplgn\components\IPSFFPl.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1108000.005\symds.sys [2010-10-20 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1108000.005\symefa.sys [2010-10-20 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-10-2 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys [2010-10-20 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20101020.001\IDSvix86.sys [2010-10-19 353840]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1108000.005\ironx86.sys [2010-10-20 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1108000.005\symtdiv.sys [2010-10-20 339504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1355928]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-10-20 126392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-20 1153368]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\microsoft forefront uag\endpoint components\3.1.0\uagqecsvc.exe [2010-10-20 149904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-20 102448]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\downlo~1\DMService.exe [2010-10-20 468368]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15008]

=============== Created Last 30 ================

2010-10-21 08:05:52 -------- d-sh--w- C:\$RECYCLE.BIN
2010-10-21 07:58:26 77312 ----a-w- c:\windows\MBR.exe
2010-10-21 07:58:26 256512 ----a-w- c:\windows\PEV.exe
2010-10-21 07:58:26 161792 ----a-w- c:\windows\SWREG.exe
2010-10-21 07:58:25 98816 ----a-w- c:\windows\sed.exe
2010-10-21 07:06:53 -------- d-----w- c:\windows\system32\appmgmt
2010-10-21 07:01:36 -------- d-----w- c:\users\daddy\appdata\roaming\NVIDIA
2010-10-20 21:59:14 -------- d-----w- c:\windows\ovtcam
2010-10-20 21:53:50 -------- d-----w- c:\users\daddy\appdata\local\Yahoo
2010-10-20 21:45:25 -------- d-----w- c:\program files\Yahoo!
2010-10-20 21:24:52 -------- d-----w- c:\users\daddy\Library
2010-10-20 21:24:52 -------- d-----w- c:\users\daddy\appdata\roaming\com.adobe.ExMan
2010-10-20 21:16:15 55699 ----a-w- c:\windows\system32\WhlLSPBackup_1.reg
2010-10-20 21:16:15 3103 ----a-w- c:\windows\system32\WhlNSPBackup_1.reg
2010-10-20 21:15:56 -------- d-----w- c:\program files\Microsoft Forefront UAG
2010-10-20 19:22:10 501888 ----a-w- c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys
2010-10-20 19:22:10 43696 ----a-w- c:\windows\system32\drivers\nis\1108000.005\srtspx.sys
2010-10-20 19:22:10 339504 ----a-w- c:\windows\system32\drivers\nis\1108000.005\symtdiv.sys
2010-10-20 19:22:10 328752 ----a-r- c:\windows\system32\drivers\nis\1108000.005\symds.sys
2010-10-20 19:22:10 325680 ----a-w- c:\windows\system32\drivers\nis\1108000.005\srtsp.sys
2010-10-20 19:22:10 173104 ----a-w- c:\windows\system32\drivers\nis\1108000.005\symefa.sys
2010-10-20 19:22:10 116784 ----a-w- c:\windows\system32\drivers\nis\1108000.005\ironx86.sys
2010-10-20 19:21:51 -------- d-----w- c:\windows\system32\drivers\nis\1108000.005
2010-10-20 17:44:27 -------- d-----w- c:\users\daddy\appdata\roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2010-10-20 17:44:24 -------- d-----w- c:\program files\BBC iPlayer Desktop
2010-10-20 17:33:49 -------- d-----w- c:\progra~2\NVIDIA Corporation
2010-10-20 17:33:43 -------- d-----w- c:\program files\NVIDIA Corporation
2010-10-20 17:24:18 90112 ----a-w- c:\windows\unvise32.exe
2010-10-20 17:23:17 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-10-20 17:23:03 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-20 17:13:23 -------- d-----w- c:\program files\common files\Pinnacle
2010-10-20 17:13:07 -------- d-----w- c:\users\daddy\appdata\local\Downloaded Installations
2010-10-20 17:12:45 -------- d-----w- c:\users\daddy\appdata\local\Pinnacle
2010-10-20 17:12:28 -------- d-----w- c:\progra~2\Pinnacle Studio Ultimate Collection
2010-10-20 17:04:10 -------- d-----w- c:\program files\Jasc Software Inc
2010-10-20 17:03:40 98304 ------w- c:\program files\common files\installshield\engine\6\intel 32\knlwrap.exe
2010-10-20 17:03:40 36864 ------w- c:\program files\common files\installshield\engine\6\intel 32\msihook.dll
2010-10-20 17:03:40 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2010-10-20 17:03:40 217088 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2010-10-20 17:03:39 217088 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2010-10-20 17:03:38 598016 ------w- c:\program files\common files\installshield\engine\6\intel 32\ikernel.exe
2010-10-20 17:03:38 102400 ------w- c:\program files\common files\installshield\engine\6\intel 32\scpthdlr.dll
2010-10-20 17:03:02 -------- d-----w- c:\users\daddy\appdata\roaming\LEAPS
2010-10-20 16:56:06 -------- d-----w- c:\users\daddy\appdata\roaming\Pegasys Inc
2010-10-20 16:54:34 -------- d-----w- c:\program files\Pegasys Inc
2010-10-20 16:53:19 -------- d-----w- c:\program files\common files\Macrovision Shared
2010-10-20 16:53:17 -------- d-----w- c:\users\daddy\appdata\local\Adobe
2010-10-20 16:53:01 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-10-20 16:26:59 -------- d-----w- c:\program files\common files\DivX Shared
2010-10-20 16:26:36 -------- d-----w- c:\program files\DivX
2010-10-20 16:25:49 -------- d-----w- c:\progra~2\DivX
2010-10-20 16:21:13 -------- d-----w- c:\users\daddy\appdata\local\Google
2010-10-20 16:17:17 -------- d-----w- c:\program files\GrabIt
2010-10-20 16:17:11 -------- d-----w- c:\program files\Nero
2010-10-20 16:16:50 -------- d-----w- c:\progra~2\Nero
2010-10-20 15:54:50 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2010-10-20 15:54:50 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-10-20 15:52:10 -------- d-----w- c:\windows\PCHEALTH
2010-10-20 15:50:24 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-10-20 15:49:36 -------- d-----w- c:\users\daddy\appdata\local\Microsoft Help
2010-10-20 15:48:45 -------- d-----w- c:\program files\Image Resizer
2010-10-20 15:47:44 -------- d-----w- c:\program files\Elaborate Bytes
2010-10-20 15:10:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-20 14:32:27 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2010-10-20 14:32:25 86528 ----a-w- c:\windows\system32\E_FLBEFE.DLL
2010-10-20 14:32:23 78848 ----a-w- c:\windows\system32\E_FD4BEFE.DLL
2010-10-20 14:01:57 -------- d-----w- c:\users\daddy\appdata\local\ElevatedDiagnostics
2010-10-20 13:58:48 -------- d-----w- c:\progra~2\EPSON
2010-10-20 11:25:12 6146896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{3d83febb-3cff-4c89-b189-8073b5bda7fb}\mpengine.dll
2010-10-20 11:21:24 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-10-20 10:59:19 -------- d-----w- c:\users\daddy\appdata\local\Sunbelt Software
2010-10-20 10:59:04 -------- dc-h--w- c:\progra~2\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-20 10:58:50 -------- d-----w- c:\program files\Lavasoft
2010-10-20 10:58:17 -------- d-sh--w- c:\windows\Installer
2010-10-20 10:53:37 -------- d-----w- c:\users\daddy\appdata\roaming\SUPERAntiSpyware.com
2010-10-20 10:53:37 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-10-20 10:53:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-20 10:47:37 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-20 10:47:37 -------- d-----w- c:\program files\Symantec
2010-10-20 10:47:37 -------- d-----w- c:\program files\common files\Symantec Shared
2010-10-20 10:47:21 -------- d-----w- c:\windows\system32\drivers\NIS
2010-10-20 10:47:19 -------- d-----w- c:\program files\Norton Internet Security
2010-10-20 10:47:18 -------- d-----w- c:\progra~2\Norton
2010-10-20 10:45:23 -------- d-----w- c:\program files\NortonInstaller
2010-10-20 10:45:23 -------- d-----w- c:\progra~2\NortonInstaller
2010-10-20 10:43:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-20 10:43:54 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-10-20 10:30:04 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{0b082666-3e43-457b-a54e-dc4e58b85664}\mpengine.dll
2010-10-20 10:29:29 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-20 10:29:29 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-20 10:29:29 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-20 10:29:29 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-20 10:29:29 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-20 10:27:07 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-10-20 10:25:54 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-10-20 10:23:27 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-10-20 10:23:27 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-10-20 10:23:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 10:23:27 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-10-20 10:23:27 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-10-20 10:23:27 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-10-20 10:13:33 -------- d-----w- C:\Recovery
2010-10-20 10:13:32 -------- d-sh--we C:\Documents and Settings

==================== Find3M ====================

2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-08-21 05:36:33 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll

============= FINISH: 9:30:11.20 ===============

broni · 2010/10/21

Welcome aboard

You're running two AV programs, Norton and MSE.
One of them has to go.
If Norton, make sure, you use Norton Removal Tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

When done...

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

gmaatt · 2010/10/22

Hi Broni,

Thanks for your response. I have removed Nortons AV. The MBAM program was unable to update reporting the following error
"An error has occurred. Please report this error code to our support team.

MBAM_ERROR_UPDATING(12007,0,WinHttpSendRequest) "

Here follows the required logs

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22/10/2010 09:27:44
mbam-log-2010-10-22 (09-27-44).txt

Scan type: Quick scan
Objects scanned: 129555
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit quick scan 2010-10-22 09:46:42
Windows 6.1.7600
Running: 793uhdyb.exe; Driver: C:\Users\daddy\AppData\Local\Temp\kxldipow.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-MA770-DS3P
Logical Drives Mask: 0x00000ffd

Kernel Drivers (total 164):
0x82A02000 \SystemRoot\system32\ntkrnlpa.exe
0x82E12000 \SystemRoot\system32\halmacpi.dll
0x80BB4000 \SystemRoot\system32\kdcom.dll
0x8B403000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8B40E000 \SystemRoot\system32\PSHED.dll
0x8B41F000 \SystemRoot\system32\BOOTVID.dll
0x8B427000 \SystemRoot\system32\CLFS.SYS
0x8B469000 \SystemRoot\system32\CI.dll
0x8B514000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B585000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B593000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B5DB000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8B5E4000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B634000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B65E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B669000 \SystemRoot\System32\drivers\partmgr.sys
0x8B67A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B682000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B68D000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B69D000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B6E8000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8B6EF000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8B6FD000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B713000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8B71C000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8B73F000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8B748000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B77C000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B803000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B932000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B95D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B970000 \SystemRoot\System32\Drivers\cng.sys
0x8B9CD000 \SystemRoot\System32\drivers\pcw.sys
0x8B9DB000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8BA3A000 \SystemRoot\system32\drivers\ndis.sys
0x8BAF1000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BB2F000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8BC2D000 \SystemRoot\System32\drivers\tcpip.sys
0x8BD76000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BDA7000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8BDB0000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8BDEF000 \SystemRoot\System32\Drivers\spldr.sys
0x8BC00000 \SystemRoot\System32\drivers\rdyboost.sys
0x8BB54000 \SystemRoot\System32\Drivers\mup.sys
0x8BDF7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8BB64000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8BB96000 \SystemRoot\system32\DRIVERS\disk.sys
0x8BBA7000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8BA00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B78D000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8BA1F000 \SystemRoot\System32\Drivers\Null.SYS
0x8BA26000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BA2D000 \SystemRoot\System32\drivers\vga.sys
0x8B7B0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B9E4000 \SystemRoot\System32\drivers\watchdog.sys
0x8B9F1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B7D1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B7D9000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8B7E1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B7EC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B600000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B617000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90E17000 \SystemRoot\system32\drivers\afd.sys
0x90E71000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90EA3000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x90EAC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90EB3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90ED2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90EE0000 \SystemRoot\system32\DRIVERS\serial.sys
0x90EFA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90F0D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90F1D000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x90F3F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x90F45000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90F86000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90F90000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90F9A000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x90F9F000 \SystemRoot\System32\drivers\discache.sys
0x91211000 \SystemRoot\system32\drivers\csc.sys
0x91275000 \SystemRoot\System32\Drivers\dfsc.sys
0x9128D000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x9129B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x912BC000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x912CD000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x91C13000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x92691000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x92693000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9274A000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92783000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x927A8000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x927B2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91C00000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x912D6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x912F5000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x91321000 \SystemRoot\system32\DRIVERS\fdc.sys
0x9132C000 \SystemRoot\system32\DRIVERS\serenum.sys
0x91336000 \SystemRoot\system32\DRIVERS\parport.sys
0x9134E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x91366000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x91373000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91380000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91392000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x913AA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x913B5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x913D7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90FAB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90FC2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x913EF000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x91200000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90FD9000 \SystemRoot\system32\DRIVERS\VClone.sys
0x90407000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x9042D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9042F000 \SystemRoot\system32\DRIVERS\ks.sys
0x90463000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
0x90491000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9049F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x904E3000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x904ED000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x904FE000 \SystemRoot\system32\drivers\HdAudio.sys
0x9054E000 \SystemRoot\system32\drivers\portcls.sys
0x9057D000 \SystemRoot\system32\drivers\drmk.sys
0x90596000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x905A1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x905B4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x905BB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x905BD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x905C8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x905DF000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x905ED000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x90FE4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x90E00000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8BBCC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x90E0D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8BBD7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9DA80000 \SystemRoot\System32\win32k.sys
0x8BBE8000 \SystemRoot\System32\drivers\Dxapi.sys
0x8BBF2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9DCE0000 \SystemRoot\System32\TSDDD.dll
0x9DD10000 \SystemRoot\System32\cdd.dll
0x95232000 \SystemRoot\system32\drivers\luafv.sys
0x9524D000 \SystemRoot\system32\drivers\WudfPf.sys
0x95267000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x95277000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9528A000 \SystemRoot\system32\drivers\HTTP.sys
0x9530F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x95328000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9533A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9535D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x95398000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x953B3000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x953BA000 \SystemRoot\System32\Drivers\adfs.SYS
0xA001B000 \SystemRoot\system32\drivers\peauth.sys
0xA00B2000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA00BC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA00DD000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA00EA000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0139000 \SystemRoot\System32\DRIVERS\srv.sys
0xA01F4000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x9DD30000 \SystemRoot\System32\ATMFD.DLL
0x953CB000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA018A000 \??\C:\Users\daddy\AppData\Local\Temp\kxldipow.sys
0x76DE0000 \Windows\System32\ntdll.dll
0x48100000 \Windows\System32\smss.exe
0x77020000 \Windows\System32\apisetschema.dll

Processes (total 59):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
492 csrss.exe
560 C:\Windows\System32\wininit.exe
572 csrss.exe
620 C:\Windows\System32\services.exe
652 C:\Windows\System32\winlogon.exe
684 C:\Windows\System32\lsass.exe
696 C:\Windows\System32\lsm.exe
800 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\nvvsvc.exe
904 C:\Windows\System32\svchost.exe
1020 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1088 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\svchost.exe
1464 C:\Windows\System32\svchost.exe
1544 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1692 C:\Windows\System32\spoolsv.exe
1728 C:\Windows\System32\svchost.exe
1768 C:\Windows\System32\nvvsvc.exe
1888 C:\Windows\System32\svchost.exe
312 C:\Windows\System32\svchost.exe
476 C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
1152 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2148 unsecapp.exe
2284 C:\Windows\System32\taskhost.exe
2408 C:\Windows\System32\dwm.exe
2456 C:\Windows\explorer.exe
2740 WmiPrvSE.exe
2988 C:\Windows\System32\svchost.exe
3268 C:\Program Files\Microsoft Security Essentials\msseces.exe
3280 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
3304 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3356 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3432 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3456 C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
3480 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3488 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3512 C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
3520 C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
4060 C:\Windows\System32\SearchIndexer.exe
3048 C:\Program Files\Windows Media Player\wmpnetwk.exe
4020 C:\Windows\System32\svchost.exe
4452 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
5052 C:\Program Files\Internet Explorer\iexplore.exe
5112 C:\Program Files\Internet Explorer\iexplore.exe
5340 C:\Windows\DOWNLO~1\DMService.exe
5544 C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlCach3.exe
1932 C:\Windows\System32\wuauclt.exe
3116 C:\Program Files\Internet Explorer\iexplore.exe
5932 C:\Windows\System32\SearchFilterHost.exe
2252 C:\Windows\System32\audiodg.exe
3152 C:\Windows\System32\SearchProtocolHost.exe
1368 C:\Users\daddy\Desktop\MBRCheck.exe
5996 C:\Windows\System32\conhost.exe
4896 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`065f9a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000018`69e59800 (NTFS)
\\.\E: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000018`69e59800 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x00000049`3db0c800 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400AAKS-00H2B0, Rev: 07.04C07

broni · 2010/10/22

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/

After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

===========================================================

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

gmaatt · 2010/10/23

Hi Broni,

follows are Bootkit remover and TDSSKiller logs are required.

Thanks.

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`065f9a00
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

2010/10/23 09:39:17.0308 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/23 09:39:17.0308 ================================================================================
2010/10/23 09:39:17.0308 SystemInfo:
2010/10/23 09:39:17.0308
2010/10/23 09:39:17.0308 OS Version: 6.1.7600 ServicePack: 0.0
2010/10/23 09:39:17.0308 Product type: Workstation
2010/10/23 09:39:17.0309 ComputerName: H0ME-PC
2010/10/23 09:39:17.0310 UserName: daddy
2010/10/23 09:39:17.0310 Windows directory: C:\Windows
2010/10/23 09:39:17.0310 System windows directory: C:\Windows
2010/10/23 09:39:17.0310 Processor architecture: Intel x86
2010/10/23 09:39:17.0310 Number of processors: 4
2010/10/23 09:39:17.0310 Page size: 0x1000
2010/10/23 09:39:17.0310 Boot type: Normal boot
2010/10/23 09:39:17.0310 ================================================================================
2010/10/23 09:39:17.0895 Initialize success
2010/10/23 09:39:24.0830 ================================================================================
2010/10/23 09:39:24.0830 Scan started
2010/10/23 09:39:24.0830 Mode: Manual;
2010/10/23 09:39:24.0830 ================================================================================
2010/10/23 09:39:26.0417 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/10/23 09:39:26.0466 61883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
2010/10/23 09:39:26.0498 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/10/23 09:39:26.0525 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/10/23 09:39:26.0601 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2010/10/23 09:39:26.0711 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/10/23 09:39:26.0750 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/10/23 09:39:26.0783 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/10/23 09:39:26.0824 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/10/23 09:39:26.0848 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/10/23 09:39:26.0875 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/10/23 09:39:26.0909 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/10/23 09:39:26.0925 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/10/23 09:39:26.0948 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/10/23 09:39:26.0963 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/10/23 09:39:27.0003 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/10/23 09:39:27.0017 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/10/23 09:39:27.0041 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/10/23 09:39:27.0065 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/10/23 09:39:27.0083 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/10/23 09:39:27.0113 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/10/23 09:39:27.0134 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/10/23 09:39:27.0161 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/23 09:39:27.0195 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/10/23 09:39:27.0250 Avc (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
2010/10/23 09:39:27.0302 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/10/23 09:39:27.0335 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/10/23 09:39:27.0377 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/10/23 09:39:27.0411 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/10/23 09:39:27.0426 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/23 09:39:27.0445 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/10/23 09:39:27.0462 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/10/23 09:39:27.0489 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/10/23 09:39:27.0506 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/10/23 09:39:27.0529 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/10/23 09:39:27.0547 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/10/23 09:39:27.0565 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/10/23 09:39:27.0648 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/23 09:39:27.0698 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/23 09:39:27.0758 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/10/23 09:39:27.0787 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/10/23 09:39:27.0829 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/23 09:39:27.0847 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/10/23 09:39:27.0865 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/10/23 09:39:27.0901 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/23 09:39:27.0931 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/10/23 09:39:27.0951 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/10/23 09:39:27.0991 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/10/23 09:39:28.0039 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/10/23 09:39:28.0060 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/10/23 09:39:28.0088 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/10/23 09:39:28.0142 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/10/23 09:39:28.0173 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/23 09:39:28.0201 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/10/23 09:39:28.0285 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/10/23 09:39:28.0398 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/10/23 09:39:28.0424 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/10/23 09:39:28.0460 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/10/23 09:39:28.0490 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/10/23 09:39:28.0507 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/10/23 09:39:28.0539 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/23 09:39:28.0639 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/10/23 09:39:28.0684 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/10/23 09:39:28.0707 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/23 09:39:28.0725 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/10/23 09:39:28.0750 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/10/23 09:39:28.0772 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/23 09:39:28.0804 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/10/23 09:39:28.0826 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/10/23 09:39:28.0856 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/10/23 09:39:28.0893 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/10/23 09:39:28.0929 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/23 09:39:28.0950 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/10/23 09:39:28.0966 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/10/23 09:39:28.0993 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/10/23 09:39:29.0023 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/23 09:39:29.0058 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/10/23 09:39:29.0097 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/10/23 09:39:29.0136 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/10/23 09:39:29.0150 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/23 09:39:29.0171 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/10/23 09:39:29.0194 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/10/23 09:39:29.0236 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/10/23 09:39:29.0259 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/23 09:39:29.0281 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/23 09:39:29.0310 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/10/23 09:39:29.0326 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/10/23 09:39:29.0352 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/10/23 09:39:29.0369 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/10/23 09:39:29.0392 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/23 09:39:29.0409 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/23 09:39:29.0434 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/23 09:39:29.0461 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/23 09:39:29.0487 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/10/23 09:39:29.0540 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/10/23 09:39:29.0593 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/23 09:39:29.0654 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/10/23 09:39:29.0701 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/10/23 09:39:29.0718 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/10/23 09:39:29.0760 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/10/23 09:39:30.0190 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/10/23 09:39:30.0305 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\Windows\system32\DRIVERS\MarvinBus.sys
2010/10/23 09:39:30.0425 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/10/23 09:39:30.0518 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/10/23 09:39:30.0571 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/10/23 09:39:30.0598 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/23 09:39:30.0617 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/23 09:39:30.0677 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/23 09:39:30.0698 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/10/23 09:39:30.0743 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/10/23 09:39:30.0784 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/10/23 09:39:30.0895 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/10/23 09:39:30.0943 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/23 09:39:30.0994 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/10/23 09:39:31.0029 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/23 09:39:31.0051 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/23 09:39:31.0093 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/23 09:39:31.0126 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/10/23 09:39:31.0164 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/10/23 09:39:31.0306 MSDV (114b67c324d64c8195fd3bf93b4df02a) C:\Windows\system32\DRIVERS\msdv.sys
2010/10/23 09:39:31.0385 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/10/23 09:39:31.0430 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/10/23 09:39:31.0454 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/10/23 09:39:31.0489 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/23 09:39:31.0518 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/23 09:39:31.0544 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/10/23 09:39:31.0566 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/10/23 09:39:31.0605 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/23 09:39:31.0631 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/10/23 09:39:31.0646 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/10/23 09:39:31.0658 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/10/23 09:39:31.0702 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/23 09:39:31.0805 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/10/23 09:39:31.0868 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/10/23 09:39:31.0952 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/23 09:39:32.0014 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/23 09:39:32.0060 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/23 09:39:32.0087 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/10/23 09:39:32.0156 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/23 09:39:32.0201 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/23 09:39:32.0278 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/10/23 09:39:32.0331 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/10/23 09:39:32.0364 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/23 09:39:32.0421 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/10/23 09:39:32.0465 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/10/23 09:39:32.0893 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/10/23 09:39:33.0064 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/10/23 09:39:33.0090 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/10/23 09:39:33.0207 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/10/23 09:39:33.0242 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/23 09:39:33.0333 OM518P (cb32e984d0bdfc3c3617ac6784c9ae8b) C:\Windows\system32\Drivers\om518vid.sys
2010/10/23 09:39:33.0441 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/10/23 09:39:33.0466 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/10/23 09:39:33.0483 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/10/23 09:39:33.0518 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/10/23 09:39:33.0543 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/10/23 09:39:33.0578 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/10/23 09:39:33.0609 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/10/23 09:39:33.0689 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/10/23 09:39:33.0908 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/23 09:39:34.0011 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/10/23 09:39:34.0149 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/23 09:39:34.0241 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/10/23 09:39:34.0312 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/10/23 09:39:34.0396 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/23 09:39:34.0444 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/23 09:39:34.0490 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/10/23 09:39:34.0517 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/23 09:39:34.0571 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/23 09:39:34.0610 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/23 09:39:34.0650 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/23 09:39:34.0688 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/10/23 09:39:34.0713 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/23 09:39:34.0749 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/10/23 09:39:34.0801 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/23 09:39:34.0835 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/10/23 09:39:34.0882 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/10/23 09:39:34.0924 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/10/23 09:39:34.0990 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/23 09:39:35.0060 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
2010/10/23 09:39:35.0104 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/10/23 09:39:35.0203 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/10/23 09:39:35.0241 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/10/23 09:39:35.0284 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/10/23 09:39:35.0324 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/10/23 09:39:35.0396 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/23 09:39:35.0449 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/10/23 09:39:35.0479 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/10/23 09:39:35.0547 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/10/23 09:39:35.0623 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/10/23 09:39:35.0645 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/10/23 09:39:35.0696 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/10/23 09:39:35.0720 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/10/23 09:39:35.0761 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/10/23 09:39:35.0801 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/10/23 09:39:35.0822 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/10/23 09:39:35.0848 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/10/23 09:39:35.0892 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/10/23 09:39:35.0951 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/10/23 09:39:35.0981 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/23 09:39:36.0008 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/23 09:39:36.0046 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/10/23 09:39:36.0070 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/10/23 09:39:36.0093 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/10/23 09:39:36.0113 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/23 09:39:36.0236 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/10/23 09:39:36.0306 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/23 09:39:36.0352 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/23 09:39:36.0391 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/10/23 09:39:36.0413 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/10/23 09:39:36.0445 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/23 09:39:36.0476 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/23 09:39:36.0538 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/23 09:39:36.0571 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/23 09:39:36.0587 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/10/23 09:39:36.0664 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/23 09:39:36.0706 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/10/23 09:39:36.0741 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/23 09:39:36.0762 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/10/23 09:39:36.0812 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2010/10/23 09:39:36.0853 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/23 09:39:36.0887 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/10/23 09:39:36.0904 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/23 09:39:36.0943 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/23 09:39:36.0964 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/10/23 09:39:36.0991 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/23 09:39:37.0022 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/23 09:39:37.0056 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/23 09:39:37.0101 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/23 09:39:37.0157 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
2010/10/23 09:39:37.0179 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/10/23 09:39:37.0206 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/23 09:39:37.0228 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/10/23 09:39:37.0262 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/10/23 09:39:37.0293 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/10/23 09:39:37.0314 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/10/23 09:39:37.0335 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/10/23 09:39:37.0365 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/10/23 09:39:37.0451 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/10/23 09:39:37.0482 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/10/23 09:39:37.0502 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/10/23 09:39:37.0531 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/10/23 09:39:37.0625 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/10/23 09:39:37.0687 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/10/23 09:39:37.0761 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/10/23 09:39:37.0819 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/23 09:39:37.0838 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/23 09:39:37.0900 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/10/23 09:39:37.0966 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/23 09:39:38.0073 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/10/23 09:39:38.0094 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/10/23 09:39:38.0311 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/23 09:39:38.0531 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/23 09:39:38.0589 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/10/23 09:39:38.0964 ================================================================================
2010/10/23 09:39:38.0965 Scan finished
2010/10/23 09:39:38.0965 ================================================================================

broni · 2010/10/23

Those look good

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

gmaatt · 2010/10/23

Thanks Broni,

Combofix log as required.

ComboFix 10-10-22.05 - daddy 23/10/2010 17:38:06.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3326.1949 [GMT 1:00]
Running from: c:\users\daddy\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))
.

2010-10-23 16:42 . 2010-10-23 16:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-23 12:19 . 2010-10-23 12:19 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-23 08:47 . 2010-10-07 15:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{934DA8C5-EA20-4482-8A77-10EB517CAD81}\mpengine.dll
2010-10-22 15:29 . 2010-10-22 15:29 -------- d-----w- c:\program files\VideoLAN
2010-10-22 15:16 . 2010-10-22 15:16 -------- d-----w- c:\users\alice
2010-10-22 08:20 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-22 08:20 . 2010-10-22 08:20 -------- d-----w- c:\programdata\Malwarebytes
2010-10-22 08:20 . 2010-10-22 08:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-22 08:20 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-21 19:07 . 2010-10-21 19:07 -------- d-----w- c:\program files\QuickPar
2010-10-21 13:46 . 2010-10-07 15:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-20 21:59 . 2010-10-20 21:59 -------- d-----w- c:\windows\ovtcam
2010-10-20 21:47 . 2010-10-20 21:47 -------- d-----w- c:\programdata\Yahoo!
2010-10-20 21:45 . 2010-10-20 21:47 -------- d-----w- c:\program files\Yahoo!
2010-10-20 21:16 . 2010-10-20 21:16 55699 ----a-w- c:\windows\system32\WhlLSPBackup_1.reg
2010-10-20 21:16 . 2010-10-20 21:16 3103 ----a-w- c:\windows\system32\WhlNSPBackup_1.reg
2010-10-20 21:15 . 2010-10-20 21:15 -------- d-----w- c:\program files\Microsoft Forefront UAG
2010-10-20 21:15 . 2010-10-20 21:15 -------- d-----w- c:\programdata\FLEXnet
2010-10-20 20:57 . 2010-10-20 20:57 -------- d-----w- c:\program files\Adobe Media Player
2010-10-20 17:47 . 2010-10-20 17:47 -------- d-----w- c:\programdata\NVIDIA
2010-10-20 17:44 . 2010-10-20 17:44 -------- d-----w- c:\program files\BBC iPlayer Desktop
2010-10-20 17:44 . 2010-10-20 17:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-10-20 17:37 . 2010-10-20 17:37 -------- d-----w- c:\users\mummy
2010-10-20 17:33 . 2010-10-20 17:33 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-10-20 17:33 . 2010-10-20 17:34 -------- d-----w- c:\program files\NVIDIA Corporation
2010-10-20 17:24 . 2004-03-29 16:23 90112 ----a-w- c:\windows\unvise32.exe
2010-10-20 17:23 . 2010-10-20 17:23 -------- d-----w- c:\windows\system32\Macromed
2010-10-20 17:23 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-10-20 17:23 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-20 17:13 . 2010-10-20 17:13 -------- d-----w- c:\program files\Common Files\Pinnacle
2010-10-20 17:12 . 2010-10-20 17:12 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate Collection
2010-10-20 17:04 . 2010-10-20 17:11 -------- d-----w- c:\programdata\Pinnacle
2010-10-20 17:04 . 2010-10-20 17:04 -------- d-----w- c:\program files\Jasc Software Inc
2010-10-20 17:03 . 2010-10-20 17:03 -------- d-----w- c:\program files\Common Files\InstallShield
2010-10-20 16:54 . 2010-10-20 16:54 -------- d-----w- c:\program files\Pegasys Inc
2010-10-20 16:53 . 2010-10-20 16:53 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-10-20 16:53 . 2008-04-07 04:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-10-20 16:49 . 2010-10-20 20:59 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-20 16:26 . 2010-10-20 16:27 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-10-20 16:26 . 2010-10-20 16:27 -------- d-----w- c:\program files\DivX
2010-10-20 16:25 . 2010-10-20 16:27 -------- d-----w- c:\programdata\DivX
2010-10-20 16:21 . 2010-10-20 16:21 -------- d-----w- c:\program files\Google
2010-10-20 16:17 . 2010-10-20 16:17 -------- d-----w- c:\program files\GrabIt
2010-10-20 16:17 . 2010-10-20 16:19 -------- d-----w- c:\program files\Nero
2010-10-20 16:16 . 2010-10-20 16:17 -------- d-----w- c:\programdata\Nero
2010-10-20 16:16 . 2010-10-20 16:23 -------- d-----w- c:\program files\Common Files\Nero
2010-10-20 15:54 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-10-20 15:54 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-10-20 15:53 . 2010-10-20 15:53 -------- d-----w- c:\program files\Microsoft Works
2010-10-20 15:52 . 2010-10-20 15:52 -------- d-----w- c:\windows\PCHEALTH
2010-10-20 15:52 . 2010-10-20 17:30 -------- d-----w- c:\program files\Microsoft.NET
2010-10-20 15:50 . 2010-10-20 15:50 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-10-20 15:49 . 2010-10-20 15:55 -------- d-----w- c:\programdata\Microsoft Help
2010-10-20 15:49 . 2010-10-20 15:49 -------- d-----r- C:\MSOCache
2010-10-20 15:48 . 2010-10-20 15:48 -------- d-----w- c:\program files\Image Resizer
2010-10-20 15:47 . 2010-10-20 15:47 -------- d-----w- c:\program files\Elaborate Bytes
2010-10-20 15:10 . 2010-09-23 07:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-10-20 14:32 . 2007-04-10 00:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2010-10-20 14:32 . 2007-12-07 01:08 86528 ----a-w- c:\windows\system32\E_FLBEFE.DLL
2010-10-20 14:32 . 2007-12-07 01:01 78848 ----a-w- c:\windows\system32\E_FD4BEFE.DLL
2010-10-20 13:58 . 2010-10-20 14:34 -------- d-----w- c:\programdata\EPSON
2010-10-20 11:21 . 2010-10-20 11:21 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-10-20 10:59 . 2010-10-20 10:59 -------- dc-h--w- c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-20 10:58 . 2010-10-20 11:04 -------- d-----w- c:\programdata\Lavasoft
2010-10-20 10:58 . 2010-10-20 10:58 -------- d-----w- c:\program files\Lavasoft
2010-10-20 10:58 . 2010-10-21 09:29 -------- d-sh--w- c:\windows\Installer
2010-10-20 10:53 . 2010-10-20 10:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-20 10:53 . 2010-10-20 10:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-20 10:47 . 2010-10-21 06:49 -------- d-----w- c:\windows\system32\drivers\NIS
2010-10-20 10:47 . 2010-10-20 10:47 -------- d-----w- c:\programdata\Norton
2010-10-20 10:43 . 2010-10-20 11:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-10-20 10:43 . 2010-10-20 10:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-20 10:30 . 2010-10-18 08:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0B082666-3E43-457B-A54E-DC4E58B85664}\mpengine.dll
2010-10-20 10:29 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-20 10:29 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-20 10:29 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-20 10:29 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-20 10:29 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-20 10:27 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-10-20 10:25 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-10-20 10:23 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 10:23 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-10-20 10:23 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-10-20 10:23 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-10-20 10:23 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-10-20 10:23 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-10-20 10:16 . 2010-10-20 21:24 -------- d-----w- c:\users\daddy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2009-10-14 09:58 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"VirtualCloneDrive "= "c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"Adobe Acrobat Speed Launcher "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"USBToolTip "= "c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

c:\users\daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-10-20 142336]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2010-7-26 546360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-10-23 1357464]
R3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [2010-10-20 468368]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2009-12-14 149904]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

--- Other Services/Drivers In Memory ---

*Deregistered* - klmd25
*Deregistered* - Lavasoft Kernexplorer
.
.
------- Supplementary Scan -------
.
uStart Page = https://portal.newham.gov.uk/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\progra~1\MID171~1\ENDPOI~1\318FB7~1.0\WhlLSP.dll
FF - ProfilePath - c:\users\daddy\AppData\Roaming\Mozilla\Firefox\Profiles\edqlrn0v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-23 17:43:34
ComboFix-quarantined-files.txt 2010-10-23 16:43
ComboFix2.txt 2010-10-21 08:06

Pre-Run: 49,833,267,200 bytes free
Post-Run: 49,855,131,648 bytes free

- - End Of File - - DEB860DBB3A71DEDB08312B924170E99

broni · 2010/10/23

Are you still being redirected?

gmaatt · 2010/10/23

hi Broni,

as I clicked on thr url for this page in outlook, a firefox dialog window opened in the background and is stuck on looking up drvtrf.com, whilst in the status bar of the window in which i am typing this reponse, we have, "looking up
betwritters.com, then brontass.com, then blokem.com, then confired.com, onesearchmarket.com, then roomppc.com and many others that I missed.

I rebooted the computer; the abovementioned problem was not repeated. When googling for jvc battery there was no redirection, however when i googled "jvc battery pack bn-vf707u ", i clicked result link

hxxp://www.google.co.uk/url?sa=t&source=web&cd=5&ved=0CDkQFjAE&url=http%3A%2F%2Fwww.jvc.co.uk%2Fproduct-list.php%3Fid%3D100016&rct=j&q=jvc%20battery%20pack%20bn-vf707u&ei=rTXDTITtBoeglAfgt_QI&usg=AFQjCNGSbtmNXH4307hMxo0SeI7ZMnQoJw&cad=rjt

and ended up at

hxxp://www.google.co.uk/rdr?sa=t&source=web&cd=5&ved=0CDkQFjAE&url=http%3A%2F%2Fwww.jvc.co.uk%2Fproduct-list.php%3Fid%3D100016&rct=j&q=jvc%20battery%20pack%20bn-vf707u&ei=rTXDTITtBoeglAfgt_QI&usg=AFQjCNGSbtmNXH4307hMxo0SeI7ZMnQoJw&cad=rjt

which was a blank page with a Continue (grey) dialog button top left corner

whilst the majority of the results links took me to the intended page, an amazon search link brought me to a same blank page with a continue dialog as did a www.attbatt.co.uk/* link

I have not yet clicked continue.

Despite the above, the problems experienced prior to your directions have certainly been eradicated. Need I worry about the Continue dialog button?

I will leave the window open (with continue dialog button), I have not yet clicked it; if you would like me to experiment and click it, do confirm.

Thanks again very much for your directions.

Maatt

gmaatt · 2010/10/23

when surfing, i also had a under pop up firefox dialog with the url

hxxp://8073.2702.primosearch.com/jump2/?affiliate=8073&subid=2702&terms=web%20hosting%20services

which was a blank page

broni · 2010/10/23

Can you check, if same problem exist in IE?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

gmaatt · 2010/10/23

Hi Broni,

With iexplorer I googled jvc battery (& some battery type) and first twelve result links opended the intended pages - it seems there is no issue with iexplorer.

I repeated the same with firefox and experienced the original google redirect issue

when clicking google search result link
http://www.google.co.uk/url?sa=t&so...sg=AFQjCNFxGlT9eIcdyhbdVMU_zYJP_HlSUA&cad=rja

I ended up on

http://clicks.bestquickfind.com/xtr...=JoEGuSa5JokG40aBj5GPuYaJZoGPiUbB5sHmmQaxRuMm

then

http://freesearchquick.com/search.p...&sid=116190172&p=1&s=50795&qt=1287873115&mk=1

this was the one issue out of about twelve search links opened in succession.

I will execute the otl file now.

Thanks again for your time.

gmaatt · 2010/10/23

a firefox window with the following url opened
http://www.epoclick.com/?ad=1287873792

as i returned to this page to post the otl logs

OTL logfile created on: 23/10/2010 23:39:58 - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\daddy\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.56 Gb Total Space | 38.63 Gb Free Space | 39.60% Space Free | Partition Type: NTFS
Drive D: | 200.43 Gb Total Space | 35.87 Gb Free Space | 17.89% Space Free | Partition Type: NTFS
Drive E: | 74.53 Gb Total Space | 12.62 Gb Free Space | 16.93% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 49.45 Gb Free Space | 50.64% Space Free | Partition Type: NTFS
Drive G: | 195.31 Gb Total Space | 45.78 Gb Free Space | 23.44% Space Free | Partition Type: NTFS
Drive H: | 303.21 Gb Total Space | 54.55 Gb Free Space | 17.99% Space Free | Partition Type: NTFS

Computer Name: H0ME-PC | User Name: daddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/23 23:30:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\daddy\Desktop\OTL.exe
PRC - [2010/10/23 21:59:56 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/10/23 13:19:10 | 001,357,464 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/10/23 13:19:10 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/10/20 22:15:45 | 000,468,368 | ---- | M] (Microsoft Ã‚® Corporation) -- C:\Windows\Downloaded Program Files\DMService.exe
PRC - [2010/10/20 18:44:20 | 000,142,336 | ---- | M] () -- C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2010/09/28 15:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/07/26 20:52:06 | 000,546,360 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2010/06/01 10:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/04/12 23:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/12/14 22:03:43 | 000,300,944 | ---- | M] (Microsoft Ã‚® Corporation) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlCach3.exe
PRC - [2009/12/14 22:03:41 | 000,149,904 | ---- | M] (Microsoft Ã‚® Corporation) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/17 12:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/04/14 00:43:10 | 000,974,848 | ---- | M] () -- C:\Program Files\GrabIt\GrabIt.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/02/20 11:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

========== Modules (SafeList) ==========

MOD - [2010/10/23 23:30:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\daddy\Desktop\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/10/23 13:19:10 | 001,357,464 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/20 22:15:45 | 000,468,368 | ---- | M] (Microsoft Ã‚® Corporation) [On_Demand | Running] -- C:\Windows\Downloaded Program Files\DMService.exe -- (DMService)
SRV - [2010/10/20 21:49:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/14 22:03:41 | 000,149,904 | ---- | M] (Microsoft Ã‚® Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe -- (uagqecsvc)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\daddy\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/17 23:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/08/09 22:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:27 | 000,046,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2009/07/14 00:51:27 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2009/07/14 00:51:25 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2009/07/14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:02:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/03/01 23:05:32 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2001/01/18 23:37:50 | 000,182,154 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\om518vid.sys -- (OM518P)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://portal.newham.gov.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B AB E3 47 9B 70 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ "
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/23 19:07:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 17:52:35 | 000,000,000 | ---D | M]

[2010/10/20 11:34:18 | 000,000,000 | ---D | M] -- C:\Users\daddy\AppData\Roaming\Mozilla\Extensions
[2010/10/23 12:09:00 | 000,000,000 | ---D | M] -- C:\Users\daddy\AppData\Roaming\Mozilla\Firefox\Profiles\edqlrn0v.default\extensions
[2010/10/20 12:03:02 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\daddy\AppData\Roaming\Mozilla\Firefox\Profiles\edqlrn0v.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/10/20 12:02:30 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\daddy\AppData\Roaming\Mozilla\Firefox\Profiles\edqlrn0v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/20 11:34:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/14 22:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 22:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/14 22:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/14 22:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlNSP.dll (Microsoft Ã‚® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlLSP.dll (Microsoft Ã‚® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlLSP.dll (Microsoft Ã‚® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlLSP.dll (Microsoft Ã‚® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlLSP.dll (Microsoft Ã‚® Corporation)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://portal.newham.gov.uk/InternalSite/WhlCompMgr.cab (Forefront UAG endpoint components)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.67.72 213.109.77.23
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/23 23:38:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\daddy\Desktop\OTL.exe
[2010/10/23 21:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/10/23 21:59:21 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\uTorrent
[2010/10/23 17:43:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/23 17:43:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/23 17:36:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/23 13:19:15 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/10/23 08:05:15 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\daddy\Desktop\TDSSKiller.exe
[2010/10/23 08:04:29 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\daddy\Desktop\bootkit_remover.exe
[2010/10/22 16:29:37 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\vlc
[2010/10/22 16:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/10/22 16:22:51 | 000,000,000 | ---D | C] -- C:\Users\daddy\Desktop\vid
[2010/10/22 16:22:43 | 000,000,000 | ---D | C] -- C:\Users\daddy\Desktop\send
[2010/10/22 16:18:15 | 000,000,000 | ---D | C] -- C:\Users\daddy\Desktop\100CANON
[2010/10/22 09:24:14 | 000,000,000 | ---D | C] -- C:\Users\daddy\Desktop\22-10-2010
[2010/10/22 09:20:44 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\Malwarebytes
[2010/10/22 09:20:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/22 09:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/22 09:20:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/22 09:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/22 09:18:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/10/21 20:08:18 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\QuickPar
[2010/10/21 20:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickPar
[2010/10/21 12:12:35 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\GrabIt
[2010/10/21 08:58:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/21 08:58:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/21 08:58:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/21 08:58:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/21 08:57:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/21 08:06:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/10/21 08:01:36 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\NVIDIA
[2010/10/21 07:56:32 | 000,000,000 | ---D | C] -- C:\Users\daddy\Documents\Pinnacle Studio
[2010/10/20 22:59:14 | 000,000,000 | ---D | C] -- C:\Windows\ovtcam
[2010/10/20 22:53:50 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\Yahoo
[2010/10/20 22:53:42 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\Yahoo!
[2010/10/20 22:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/10/20 22:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/10/20 22:24:52 | 000,000,000 | ---D | C] -- C:\Users\daddy\Library
[2010/10/20 22:24:52 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\com.adobe.ExMan
[2010/10/20 22:19:35 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\WinRAR
[2010/10/20 22:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/10/20 22:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Forefront UAG
[2010/10/20 22:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/10/20 21:57:17 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/10/20 20:21:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1108000.005
[2010/10/20 18:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/10/20 18:44:27 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/10/20 18:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2010/10/20 18:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/10/20 18:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/10/20 18:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/10/20 18:26:48 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\Nero
[2010/10/20 18:24:18 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/10/20 18:24:14 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\Macromedia
[2010/10/20 18:23:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/10/20 18:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pinnacle
[2010/10/20 18:13:07 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\Downloaded Installations
[2010/10/20 18:12:45 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\Pinnacle
[2010/10/20 18:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Ultimate Collection
[2010/10/20 18:10:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Projects
[2010/10/20 18:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pegasus Imaging
[2010/10/20 18:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Yahoo!
[2010/10/20 18:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Studio 14
[2010/10/20 18:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Plus
[2010/10/20 18:08:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2010/10/20 18:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Pinnacle
[2010/10/20 18:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2010/10/20 18:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Jasc Software Inc
[2010/10/20 18:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/10/20 18:03:08 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\DivX
[2010/10/20 18:03:02 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\LEAPS
[2010/10/20 18:02:58 | 000,000,000 | ---D | C] -- C:\Users\daddy\Documents\TMPGEnc
[2010/10/20 17:56:06 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\Pegasys Inc
[2010/10/20 17:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Pegasys Inc
[2010/10/20 17:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/10/20 17:53:18 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\Adobe
[2010/10/20 17:53:17 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\Adobe
[2010/10/20 17:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/10/20 17:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/20 17:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/10/20 17:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/10/20 17:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/10/20 17:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/10/20 17:21:13 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\Google
[2010/10/20 17:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/10/20 17:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\GrabIt
[2010/10/20 17:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/10/20 17:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/10/20 17:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/10/20 16:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/10/20 16:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/10/20 16:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/10/20 16:52:10 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/10/20 16:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/10/20 16:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/10/20 16:49:36 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\Microsoft Help
[2010/10/20 16:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/10/20 16:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/10/20 16:49:02 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/10/20 16:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\Image Resizer
[2010/10/20 16:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/10/20 15:01:57 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\ElevatedDiagnostics
[2010/10/20 14:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2010/10/20 12:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/10/20 11:59:19 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\Sunbelt Software
[2010/10/20 11:59:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/10/20 11:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/10/20 11:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/10/20 11:58:17 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/10/20 11:53:37 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/20 11:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/20 11:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/20 11:47:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2010/10/20 11:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/10/20 11:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/10/20 11:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/20 11:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/20 11:34:13 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\Mozilla
[2010/10/20 11:34:13 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\Mozilla
[2010/10/20 11:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/10/20 11:17:06 | 000,000,000 | R--D | C] -- C:\Users\daddy\Searches
[2010/10/20 11:17:06 | 000,000,000 | -H-D | C] -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/10/20 11:16:59 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\Identities
[2010/10/20 11:16:58 | 000,000,000 | R--D | C] -- C:\Users\daddy\Contacts
[2010/10/20 11:16:53 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\VirtualStore
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\AppData\Local\Temporary Internet Files
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\Templates
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\Start Menu
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\SendTo
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\Recent
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\PrintHood
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\NetHood
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\Documents\My Videos
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\Documents\My Pictures
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\Documents\My Music
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\My Documents
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\Local Settings
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\AppData\Local\History
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\Cookies
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\Application Data
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\AppData\Local\Application Data
[2010/10/20 11:16:47 | 000,000,000 | --SD | C] -- C:\Users\daddy\AppData\Roaming\Microsoft
[2010/10/20 11:16:47 | 000,000,000 | R--D | C] -- C:\Users\daddy\Videos
[2010/10/20 11:16:47 | 000,000,000 | R--D | C] -- C:\Users\daddy\Saved Games
[2010/10/20 11:16:47 | 000,000,000 | R--D | C] -- C:\Users\daddy\Pictures
[2010/10/20 11:16:47 | 000,000,000 | R--D | C] -- C:\Users\daddy\Music
[2010/10/20 11:16:47 | 000,000,000 | R--D | C] -- C:\Users\daddy\Links
[2010/10/20 11:16:47 | 000,000,000 | R--D | C] -- C:\Users\daddy\Favorites
[2010/10/20 11:16:47 | 000,000,000 | R--D | C] -- C:\Users\daddy\Downloads
[2010/10/20 11:16:47 | 000,000,000 | R--D | C] -- C:\Users\daddy\My Documents
[2010/10/20 11:16:47 | 000,000,000 | R--D | C] -- C:\Users\daddy\Desktop
[2010/10/20 11:16:47 | 000,000,000 | -H-D | C] -- C:\Users\daddy\AppData
[2010/10/20 11:16:47 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\Temp
[2010/10/20 11:16:47 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\Microsoft
[2010/10/20 11:16:47 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\Media Center Programs
[2010/10/20 11:14:53 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/10/20 11:13:33 | 000,000,000 | ---D | C] -- C:\Recovery
[2010/10/20 11:13:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2010/10/20 11:13:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2010/10/20 11:13:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2010/10/20 11:13:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2010/10/20 11:13:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2010/10/20 11:13:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2010/10/20 11:13:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2010/10/20 11:13:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2010/10/20 11:13:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2010/10/20 11:13:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2010/10/20 11:08:32 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/10/20 11:08:30 | 000,000,000 | ---D | C] -- C:\Windows\CSC

gmaatt · 2010/10/23

========== Files - Modified Within 30 Days ==========

[2010/10/23 23:30:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\daddy\Desktop\OTL.exe
[2010/10/23 21:59:56 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/10/23 21:00:42 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/23 21:00:42 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/23 21:00:04 | 000,630,928 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/23 21:00:04 | 000,111,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/23 20:55:53 | 000,001,063 | ---- | M] () -- C:\Users\daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/10/23 20:55:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/23 20:55:28 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/23 20:54:21 | 000,055,176 | ---- | M] () -- C:\Users\daddy\Desktop\grab.gba
[2010/10/23 19:07:52 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/10/23 17:33:39 | 003,884,040 | R--- | M] () -- C:\Users\daddy\Desktop\ComboFix.exe
[2010/10/23 13:19:15 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/10/22 16:34:35 | 032,851,776 | ---- | M] () -- C:\Users\daddy\Documents\MVI_0009.avi
[2010/10/22 16:32:15 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010/10/22 09:48:06 | 000,080,384 | ---- | M] () -- C:\Users\daddy\Desktop\MBRCheck.exe
[2010/10/22 09:18:39 | 268,001,548 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/21 20:07:55 | 000,000,969 | ---- | M] () -- C:\Users\daddy\Desktop\QuickPar.lnk
[2010/10/21 18:01:08 | 000,959,570 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1108000.005\Cat.DB
[2010/10/21 12:42:11 | 000,037,843 | ---- | M] () -- C:\Users\daddy\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/10/21 12:39:05 | 000,118,500 | ---- | M] () -- C:\Users\daddy\Desktop\rainbows21-10-2010.pdf
[2010/10/21 07:49:28 | 002,409,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/20 22:47:03 | 000,001,135 | ---- | M] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/10/20 22:22:14 | 000,002,032 | -H-- | M] () -- C:\Users\daddy\Documents\Default.rdp
[2010/10/20 22:16:15 | 000,055,699 | ---- | M] () -- C:\Windows\System32\WhlLSPBackup_1.reg
[2010/10/20 22:16:15 | 000,003,103 | ---- | M] () -- C:\Windows\System32\WhlNSPBackup_1.reg
[2010/10/20 18:11:03 | 000,001,176 | ---- | M] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Pinnacle Studio 14.lnk
[2010/10/20 17:23:14 | 000,002,160 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
[2010/10/20 17:18:58 | 000,001,107 | ---- | M] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/10/20 17:17:25 | 000,000,917 | ---- | M] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\GrabIt.lnk
[2010/10/20 11:59:03 | 000,001,124 | ---- | M] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/20 11:43:57 | 000,001,244 | ---- | M] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/20 11:34:11 | 000,001,913 | ---- | M] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/20 11:33:22 | 000,001,411 | ---- | M] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/20 11:10:37 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/10/20 11:09:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/05 18:55:41 | 006,632,631 | ---- | M] () -- C:\Users\daddy\Desktop\attachments(2).zip
[2010/10/05 18:54:49 | 004,065,016 | ---- | M] () -- C:\Users\daddy\Desktop\attachments.zip
[2010/10/04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\daddy\Desktop\TDSSKiller.exe

========== Files Created - No Company Name ==========

[2010/10/23 21:59:56 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/10/23 19:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/23 17:33:26 | 003,884,040 | R--- | C] () -- C:\Users\daddy\Desktop\ComboFix.exe
[2010/10/22 16:33:28 | 032,851,776 | ---- | C] () -- C:\Users\daddy\Documents\MVI_0009.avi
[2010/10/22 09:48:39 | 000,080,384 | ---- | C] () -- C:\Users\daddy\Desktop\MBRCheck.exe
[2010/10/22 09:18:39 | 268,001,548 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/21 20:38:54 | 000,055,176 | ---- | C] () -- C:\Users\daddy\Desktop\grab.gba
[2010/10/21 20:07:55 | 000,000,969 | ---- | C] () -- C:\Users\daddy\Desktop\QuickPar.lnk
[2010/10/21 12:42:11 | 000,037,843 | ---- | C] () -- C:\Users\daddy\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/10/21 12:39:05 | 000,118,500 | ---- | C] () -- C:\Users\daddy\Desktop\rainbows21-10-2010.pdf
[2010/10/21 08:58:26 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/21 08:58:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/21 08:58:26 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/21 08:58:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/21 08:58:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/21 07:49:07 | 000,959,570 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\Cat.DB
[2010/10/20 22:47:03 | 000,001,135 | ---- | C] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/10/20 22:17:18 | 000,002,032 | -H-- | C] () -- C:\Users\daddy\Documents\Default.rdp
[2010/10/20 22:16:15 | 000,055,699 | ---- | C] () -- C:\Windows\System32\WhlLSPBackup_1.reg
[2010/10/20 22:16:15 | 000,003,103 | ---- | C] () -- C:\Windows\System32\WhlNSPBackup_1.reg
[2010/10/20 18:44:28 | 000,001,063 | ---- | C] () -- C:\Users\daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/10/20 18:11:03 | 000,001,176 | ---- | C] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Pinnacle Studio 14.lnk
[2010/10/20 18:06:31 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010/10/20 17:23:13 | 000,002,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
[2010/10/20 17:18:58 | 000,001,107 | ---- | C] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/10/20 17:17:25 | 000,000,917 | ---- | C] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\GrabIt.lnk
[2010/10/20 16:10:15 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/10/20 11:59:03 | 000,001,124 | ---- | C] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/20 11:43:57 | 000,001,244 | ---- | C] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/20 11:34:11 | 000,001,913 | ---- | C] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/20 11:33:22 | 000,001,411 | ---- | C] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/20 11:16:47 | 000,000,290 | ---- | C] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/10/20 11:16:47 | 000,000,272 | ---- | C] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/10/20 11:09:10 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/20 11:08:08 | 2616,057,856 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/05 18:55:30 | 006,632,631 | ---- | C] () -- C:\Users\daddy\Desktop\attachments(2).zip
[2010/10/05 18:54:39 | 004,065,016 | ---- | C] () -- C:\Users\daddy\Desktop\attachments.zip
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010/10/20 18:44:27 | 000,000,000 | ---D | M] -- C:\Users\daddy\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/10/20 22:24:52 | 000,000,000 | ---D | M] -- C:\Users\daddy\AppData\Roaming\com.adobe.ExMan
[2010/10/23 23:24:11 | 000,000,000 | ---D | M] -- C:\Users\daddy\AppData\Roaming\GrabIt
[2010/10/20 18:03:02 | 000,000,000 | ---D | M] -- C:\Users\daddy\AppData\Roaming\LEAPS
[2010/10/20 17:56:06 | 000,000,000 | ---D | M] -- C:\Users\daddy\AppData\Roaming\Pegasys Inc
[2010/10/23 23:40:57 | 000,000,000 | ---D | M] -- C:\Users\daddy\AppData\Roaming\uTorrent
[2009/07/14 05:53:46 | 000,006,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/10/23 20:55:27 | 000,001,948 | ---- | M] () -- C:\aaw7boot.log
[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/10/23 17:43:34 | 000,013,638 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/10/23 20:55:28 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/23 20:55:28 | 3488,079,872 | -HS- | M] () -- C:\pagefile.sys
[2010/10/22 02:04:41 | 000,066,754 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_22.10.2010_01.59.12_log.txt
[2010/10/23 08:30:32 | 000,001,780 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_23.10.2010_08.30.32_log.txt
[2010/10/23 09:24:13 | 000,001,874 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_23.10.2010_09.24.10_log.txt
[2010/10/23 09:24:17 | 000,001,874 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_23.10.2010_09.24.15_log.txt
[2010/10/23 09:29:37 | 000,001,874 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_23.10.2010_09.29.36_log.txt
[2010/10/23 12:16:11 | 000,062,238 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_23.10.2010_09.39.17_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/14 02:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/10/20 11:33:22 | 000,000,221 | -HS- | M] () -- C:\Users\daddy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/09/01 15:33:49 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Users\daddy\Desktop\bootkit_remover.exe
[2010/10/23 17:33:39 | 003,884,040 | R--- | M] () -- C:\Users\daddy\Desktop\ComboFix.exe
[2010/10/22 09:48:06 | 000,080,384 | ---- | M] () -- C:\Users\daddy\Desktop\MBRCheck.exe
[2010/10/23 23:30:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\daddy\Desktop\OTL.exe
[2010/10/04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\daddy\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/10/20 11:33:07 | 000,000,402 | -HS- | M] () -- C:\Users\daddy\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

OTL Extras logfile created on: 23/10/2010 23:39:58 - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\daddy\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.56 Gb Total Space | 38.63 Gb Free Space | 39.60% Space Free | Partition Type: NTFS
Drive D: | 200.43 Gb Total Space | 35.87 Gb Free Space | 17.89% Space Free | Partition Type: NTFS
Drive E: | 74.53 Gb Total Space | 12.62 Gb Free Space | 16.93% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 49.45 Gb Free Space | 50.64% Space Free | Partition Type: NTFS
Drive G: | 195.31 Gb Total Space | 45.78 Gb Free Space | 23.44% Space Free | Partition Type: NTFS
Drive H: | 303.21 Gb Total Space | 54.55 Gb Free Space | 17.99% Space Free | Partition Type: NTFS

Computer Name: H0ME-PC | User Name: daddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}" = Image Resizer Powertoy Clone for Windows
"{2cb7257d-0ddf-4d96-b470-337091f5276c}" = Nero 9
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C349576-B3B4-6708-F73C-DC2932065357}" = BBC iPlayer Desktop
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{841D4524-7950-4A4F-A4E6-931A1A2E201C}" = TMPGEnc 4.0 XPress
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9E88FCF0-8413-4451-870A-621762E2B1CD}" = ZoomCam M1598
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, FranÃ§ais, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, FranÃ§ais, Deutsch
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 ESD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
"Google Calendar Sync" = Google Calendar Sync
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Forefront UAG endpoint components 3.1.0" = Microsoft Forefront UAG endpoint components v4.0.0
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"QuickPar" = QuickPar 0.9
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.4
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/10/2010 06:59:12 | Computer Name = h0me-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 20/10/2010 07:05:26 | Computer Name = h0me-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 20/10/2010 07:05:41 | Computer Name = h0me-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 20/10/2010 11:41:45 | Computer Name = h0me-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll ".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language "
in element "assemblyIdentity" is invalid.

Error - 20/10/2010 11:54:50 | Computer Name = h0me-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL ".
Dependent
Assembly Microsoft.VC80.ATL,processorArchitecture= "x86 ",publicKeyToken= "1fc8b3b9a1e18e3b ",type= "win32 ",version= "8.0.50608.0 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 20/10/2010 12:54:18 | Computer Name = h0me-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 20/10/2010 13:29:48 | Computer Name = h0me-PC | Source = Application Hang | ID = 1002
Description = The program SetupX.exe version 4.0.9.203 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c44 Start
Time: 01cb707144ad5919 Termination Time: 9 Application Path: C:\Users\daddy\AppData\Local\Temp\nro.tmp\SetupX.exe

Report
Id: a1c5410d-dc6f-11df-8345-001fd0b54863

Error - 20/10/2010 19:33:45 | Computer Name = h0me-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll ".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language "
in element "assemblyIdentity" is invalid.

Error - 20/10/2010 19:34:30 | Computer Name = h0me-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "h:\install\adobe photoshop
cs4 extendedâ„¢ incl. keymaker (is-118)\adobe photoshop cs4 extended\Payloads\adobeamp-mul\adobe
air\Versions\1.0\Adobe AIR.dll ".Error in manifest or policy file "h:\install\adobe
photoshop cs4 extendedâ„¢ incl. keymaker (is-118)\adobe photoshop cs4 extended\Payloads\adobeamp-mul\adobe
air\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR "
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 21/10/2010 02:48:09 | Computer Name = h0me-PC | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 20/10/2010 06:59:12 | Computer Name = h0me-PC | Source = Service Control Manager | ID = 7030
Description = The Lavasoft Ad-Aware Service service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.

Error - 20/10/2010 08:27:45 | Computer Name = h0me-PC | Source = DCOM | ID = 10010
Description =

Error - 20/10/2010 12:18:19 | Computer Name = h0me-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 20/10/2010 12:18:19 | Computer Name = h0me-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

< End of report >

thanks

broni · 2010/10/23

OK, we have a DNS hijacker here:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.67.72 213.109.77.23

================================================================

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client "
net start "dns client "

Turn the computer off.

On your router, you'll find a pinhole marked "Reset ".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE

Re-run OTL "Quick scan" and post fresh log.

gmaatt · 2010/10/23

hi,

I did as directed, the cmd commands executed as expected, I turned off the computer and reset the router (netgear dg384g). Restarted the comp, I expected to have to re-enter user/pass for the dsl into the router but this was not necessary, but I noted the lights change at time of reset, indicsting to me that it had reset.

I googled jvc battery (&battery model number), first three links I clicked came up with the blank page with a Continue dialog button.

these pages
http://www.google.co.uk/rdr?sa=t&so...sg=AFQjCNFxGlT9eIcdyhbdVMU_zYJP_HlSUA&cad=rja

http://www.google.co.uk/rdr?sa=t&so...sg=AFQjCNGSbtmNXH4307hMxo0SeI7ZMnQoJw&cad=rja

gmaatt · 2010/10/23

OTL logfile created on: 24/10/2010 00:33:48 - Run 2
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\daddy\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.56 Gb Total Space | 38.63 Gb Free Space | 39.59% Space Free | Partition Type: NTFS
Drive D: | 200.43 Gb Total Space | 35.87 Gb Free Space | 17.89% Space Free | Partition Type: NTFS
Drive E: | 74.53 Gb Total Space | 12.62 Gb Free Space | 16.93% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 49.45 Gb Free Space | 50.64% Space Free | Partition Type: NTFS
Drive G: | 195.31 Gb Total Space | 45.78 Gb Free Space | 23.44% Space Free | Partition Type: NTFS
Drive H: | 303.21 Gb Total Space | 54.55 Gb Free Space | 17.99% Space Free | Partition Type: NTFS

Computer Name: H0ME-PC | User Name: daddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/23 23:30:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\daddy\Desktop\OTL.exe
PRC - [2010/10/23 13:19:10 | 001,357,464 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/10/23 13:19:10 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/10/20 18:44:20 | 000,142,336 | ---- | M] () -- C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2010/09/28 15:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/09/15 00:02:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/15 00:02:44 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/26 20:52:06 | 000,546,360 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2010/04/12 23:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/12/14 22:03:41 | 000,149,904 | ---- | M] (Microsoft Ã‚® Corporation) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 02:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009/06/17 12:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/06/12 02:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/02/20 11:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

========== Modules (SafeList) ==========

MOD - [2010/10/23 23:30:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\daddy\Desktop\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/10/23 13:19:10 | 001,357,464 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/20 22:15:45 | 000,468,368 | ---- | M] (Microsoft Ã‚® Corporation) [On_Demand | Stopped] -- C:\Windows\Downloaded Program Files\DMService.exe -- (DMService)
SRV - [2010/10/20 21:49:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/14 22:03:41 | 000,149,904 | ---- | M] (Microsoft Ã‚® Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe -- (uagqecsvc)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\daddy\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/17 23:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/08/09 22:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:27 | 000,046,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2009/07/14 00:51:27 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2009/07/14 00:51:25 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2009/07/14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:02:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/03/01 23:05:32 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2001/01/18 23:37:50 | 000,182,154 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\om518vid.sys -- (OM518P)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://portal.newham.gov.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B AB E3 47 9B 70 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ "
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/23 19:07:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 17:52:35 | 000,000,000 | ---D | M]

[2010/10/20 11:34:18 | 000,000,000 | ---D | M] -- C:\Users\daddy\AppData\Roaming\Mozilla\Extensions
[2010/10/23 12:09:00 | 000,000,000 | ---D | M] -- C:\Users\daddy\AppData\Roaming\Mozilla\Firefox\Profiles\edqlrn0v.default\extensions
[2010/10/20 12:03:02 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\daddy\AppData\Roaming\Mozilla\Firefox\Profiles\edqlrn0v.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/10/20 12:02:30 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\daddy\AppData\Roaming\Mozilla\Firefox\Profiles\edqlrn0v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/20 11:34:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/14 22:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 22:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/14 22:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/14 22:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlNSP.dll (Microsoft Ã‚® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlLSP.dll (Microsoft Ã‚® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlLSP.dll (Microsoft Ã‚® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlLSP.dll (Microsoft Ã‚® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlLSP.dll (Microsoft Ã‚® Corporation)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://portal.newham.gov.uk/InternalSite/WhlCompMgr.cab (Forefront UAG endpoint components)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.67.72 213.109.77.23
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/23 23:38:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\daddy\Desktop\OTL.exe
[2010/10/23 21:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/10/23 21:59:21 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\uTorrent
[2010/10/23 17:43:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/23 17:43:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/23 17:36:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/23 13:19:15 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/10/23 08:05:15 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\daddy\Desktop\TDSSKiller.exe
[2010/10/23 08:04:29 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\daddy\Desktop\bootkit_remover.exe
[2010/10/22 16:29:37 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\vlc
[2010/10/22 16:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/10/22 16:22:51 | 000,000,000 | ---D | C] -- C:\Users\daddy\Desktop\vid
[2010/10/22 16:22:43 | 000,000,000 | ---D | C] -- C:\Users\daddy\Desktop\send
[2010/10/22 16:18:15 | 000,000,000 | ---D | C] -- C:\Users\daddy\Desktop\100CANON
[2010/10/22 09:24:14 | 000,000,000 | ---D | C] -- C:\Users\daddy\Desktop\22-10-2010
[2010/10/22 09:20:44 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\Malwarebytes
[2010/10/22 09:20:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/22 09:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/22 09:20:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/22 09:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/22 09:18:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/10/21 20:08:18 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\QuickPar
[2010/10/21 20:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickPar
[2010/10/21 12:12:35 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\GrabIt
[2010/10/21 08:58:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/21 08:58:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/21 08:58:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/21 08:58:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/21 08:57:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/21 08:06:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/10/21 08:01:36 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\NVIDIA
[2010/10/21 07:56:32 | 000,000,000 | ---D | C] -- C:\Users\daddy\Documents\Pinnacle Studio
[2010/10/20 22:59:14 | 000,000,000 | ---D | C] -- C:\Windows\ovtcam
[2010/10/20 22:53:50 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\Yahoo
[2010/10/20 22:53:42 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\Yahoo!
[2010/10/20 22:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/10/20 22:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/10/20 22:24:52 | 000,000,000 | ---D | C] -- C:\Users\daddy\Library
[2010/10/20 22:24:52 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\com.adobe.ExMan
[2010/10/20 22:19:35 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\WinRAR
[2010/10/20 22:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/10/20 22:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Forefront UAG
[2010/10/20 22:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/10/20 21:57:17 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/10/20 20:21:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1108000.005
[2010/10/20 18:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/10/20 18:44:27 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/10/20 18:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2010/10/20 18:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/10/20 18:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/10/20 18:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/10/20 18:26:48 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\Nero
[2010/10/20 18:24:18 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/10/20 18:24:14 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\Macromedia
[2010/10/20 18:23:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/10/20 18:23:03 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010/10/20 18:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pinnacle
[2010/10/20 18:13:07 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\Downloaded Installations
[2010/10/20 18:12:45 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\Pinnacle
[2010/10/20 18:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Ultimate Collection
[2010/10/20 18:10:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Projects
[2010/10/20 18:08:50 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/10/20 18:08:49 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/10/20 18:08:49 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/10/20 18:08:49 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/10/20 18:08:49 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/10/20 18:08:45 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/10/20 18:08:45 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/10/20 18:08:45 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/10/20 18:08:45 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/10/20 18:08:45 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/10/20 18:08:45 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/10/20 18:08:44 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/10/20 18:08:44 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/10/20 18:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pegasus Imaging
[2010/10/20 18:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Yahoo!
[2010/10/20 18:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Studio 14
[2010/10/20 18:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Plus
[2010/10/20 18:08:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2010/10/20 18:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Pinnacle
[2010/10/20 18:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2010/10/20 18:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Jasc Software Inc
[2010/10/20 18:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/10/20 18:03:08 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\DivX
[2010/10/20 18:03:02 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\LEAPS
[2010/10/20 18:02:58 | 000,000,000 | ---D | C] -- C:\Users\daddy\Documents\TMPGEnc
[2010/10/20 17:56:06 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\Pegasys Inc
[2010/10/20 17:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Pegasys Inc
[2010/10/20 17:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/10/20 17:53:18 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\Adobe
[2010/10/20 17:53:17 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\Adobe
[2010/10/20 17:53:01 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010/10/20 17:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/10/20 17:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/20 17:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/10/20 17:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/10/20 17:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/10/20 17:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/10/20 17:21:13 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\Google
[2010/10/20 17:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/10/20 17:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\GrabIt
[2010/10/20 17:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/10/20 17:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/10/20 17:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/10/20 16:54:50 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2010/10/20 16:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/10/20 16:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/10/20 16:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/10/20 16:52:10 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/10/20 16:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/10/20 16:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/10/20 16:49:36 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\Microsoft Help
[2010/10/20 16:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/10/20 16:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/10/20 16:49:02 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/10/20 16:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\Image Resizer
[2010/10/20 16:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/10/20 15:32:27 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL
[2010/10/20 15:32:25 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FLBEFE.DLL
[2010/10/20 15:32:23 | 000,078,848 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BEFE.DLL
[2010/10/20 15:01:57 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\ElevatedDiagnostics
[2010/10/20 14:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2010/10/20 12:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/10/20 11:59:19 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\Sunbelt Software
[2010/10/20 11:59:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/10/20 11:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/10/20 11:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/10/20 11:58:17 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/10/20 11:53:37 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/20 11:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/20 11:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/20 11:47:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2010/10/20 11:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/10/20 11:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/10/20 11:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/20 11:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/20 11:34:13 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\Mozilla
[2010/10/20 11:34:13 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\Mozilla
[2010/10/20 11:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

gmaatt · 2010/10/23

[2010/10/20 11:29:29 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/10/20 11:29:29 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/10/20 11:29:29 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/10/20 11:27:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/10/20 11:26:00 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/20 11:26:00 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/20 11:26:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/20 11:26:00 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/20 11:26:00 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/20 11:26:00 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/20 11:26:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/20 11:26:00 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/20 11:26:00 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/20 11:26:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/20 11:26:00 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/20 11:25:54 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/10/20 11:25:54 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010/10/20 11:25:52 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/20 11:25:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/10/20 11:25:47 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/10/20 11:25:47 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/20 11:25:47 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/20 11:25:46 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/10/20 11:25:45 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/10/20 11:25:43 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/10/20 11:25:43 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/10/20 11:25:43 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/10/20 11:25:43 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/10/20 11:25:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/10/20 11:25:41 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/20 11:25:41 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010/10/20 11:25:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/20 11:25:41 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/10/20 11:25:40 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/20 11:25:40 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/10/20 11:25:38 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/10/20 11:25:38 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
[2010/10/20 11:23:27 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/10/20 11:23:27 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/10/20 11:23:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/10/20 11:17:06 | 000,000,000 | R--D | C] -- C:\Users\daddy\Searches
[2010/10/20 11:17:06 | 000,000,000 | -H-D | C] -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/10/20 11:16:59 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\Identities
[2010/10/20 11:16:58 | 000,000,000 | R--D | C] -- C:\Users\daddy\Contacts
[2010/10/20 11:16:53 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\VirtualStore
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\AppData\Local\Temporary Internet Files
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\Templates
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\Start Menu
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\SendTo
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\Recent
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\PrintHood
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\NetHood
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\Documents\My Videos
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\Documents\My Pictures
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\Documents\My Music
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\My Documents
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\Local Settings
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\AppData\Local\History
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\Cookies
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\Application Data
[2010/10/20 11:16:48 | 000,000,000 | -HSD | C] -- C:\Users\daddy\AppData\Local\Application Data
[2010/10/20 11:16:47 | 000,000,000 | --SD | C] -- C:\Users\daddy\AppData\Roaming\Microsoft
[2010/10/20 11:16:47 | 000,000,000 | R--D | C] -- C:\Users\daddy\Videos
[2010/10/20 11:16:47 | 000,000,000 | R--D | C] -- C:\Users\daddy\Saved Games
[2010/10/20 11:16:47 | 000,000,000 | R--D | C] -- C:\Users\daddy\Pictures
[2010/10/20 11:16:47 | 000,000,000 | R--D | C] -- C:\Users\daddy\Music
[2010/10/20 11:16:47 | 000,000,000 | R--D | C] -- C:\Users\daddy\Links
[2010/10/20 11:16:47 | 000,000,000 | R--D | C] -- C:\Users\daddy\Favorites
[2010/10/20 11:16:47 | 000,000,000 | R--D | C] -- C:\Users\daddy\Downloads
[2010/10/20 11:16:47 | 000,000,000 | R--D | C] -- C:\Users\daddy\My Documents
[2010/10/20 11:16:47 | 000,000,000 | R--D | C] -- C:\Users\daddy\Desktop
[2010/10/20 11:16:47 | 000,000,000 | -H-D | C] -- C:\Users\daddy\AppData
[2010/10/20 11:16:47 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\Temp
[2010/10/20 11:16:47 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Local\Microsoft
[2010/10/20 11:16:47 | 000,000,000 | ---D | C] -- C:\Users\daddy\AppData\Roaming\Media Center Programs
[2010/10/20 11:14:53 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/10/20 11:13:33 | 000,000,000 | ---D | C] -- C:\Recovery
[2010/10/20 11:13:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2010/10/20 11:13:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2010/10/20 11:13:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2010/10/20 11:13:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2010/10/20 11:13:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2010/10/20 11:13:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2010/10/20 11:13:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2010/10/20 11:13:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2010/10/20 11:13:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2010/10/20 11:13:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2010/10/20 11:08:32 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/10/20 11:08:30 | 000,000,000 | ---D | C] -- C:\Windows\CSC

========== Files - Modified Within 30 Days ==========

[2010/10/24 00:34:56 | 000,630,928 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/24 00:34:56 | 000,111,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/24 00:34:22 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/24 00:34:22 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/24 00:29:34 | 000,001,063 | ---- | M] () -- C:\Users\daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/10/24 00:29:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/24 00:29:13 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/23 23:30:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\daddy\Desktop\OTL.exe
[2010/10/23 21:59:56 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/10/23 20:54:21 | 000,055,176 | ---- | M] () -- C:\Users\daddy\Desktop\grab.gba
[2010/10/23 19:07:52 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/10/23 17:33:39 | 003,884,040 | R--- | M] () -- C:\Users\daddy\Desktop\ComboFix.exe
[2010/10/23 13:19:15 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/10/22 16:34:35 | 032,851,776 | ---- | M] () -- C:\Users\daddy\Documents\MVI_0009.avi
[2010/10/22 16:32:15 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010/10/22 09:48:06 | 000,080,384 | ---- | M] () -- C:\Users\daddy\Desktop\MBRCheck.exe
[2010/10/22 09:18:39 | 268,001,548 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/21 20:07:55 | 000,000,969 | ---- | M] () -- C:\Users\daddy\Desktop\QuickPar.lnk
[2010/10/21 18:01:08 | 000,959,570 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1108000.005\Cat.DB
[2010/10/21 12:42:11 | 000,037,843 | ---- | M] () -- C:\Users\daddy\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/10/21 12:39:05 | 000,118,500 | ---- | M] () -- C:\Users\daddy\Desktop\rainbows21-10-2010.pdf
[2010/10/21 07:49:28 | 002,409,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/20 22:47:03 | 000,001,135 | ---- | M] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/10/20 22:22:14 | 000,002,032 | -H-- | M] () -- C:\Users\daddy\Documents\Default.rdp
[2010/10/20 22:16:15 | 000,055,699 | ---- | M] () -- C:\Windows\System32\WhlLSPBackup_1.reg
[2010/10/20 22:16:15 | 000,003,103 | ---- | M] () -- C:\Windows\System32\WhlNSPBackup_1.reg
[2010/10/20 18:11:03 | 000,001,176 | ---- | M] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Pinnacle Studio 14.lnk
[2010/10/20 17:23:14 | 000,002,160 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
[2010/10/20 17:18:58 | 000,001,107 | ---- | M] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/10/20 17:17:25 | 000,000,917 | ---- | M] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\GrabIt.lnk
[2010/10/20 11:59:03 | 000,001,124 | ---- | M] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/20 11:43:57 | 000,001,244 | ---- | M] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/20 11:34:11 | 000,001,913 | ---- | M] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/20 11:33:22 | 000,001,411 | ---- | M] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/20 11:10:37 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/10/20 11:09:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/19 21:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/05 18:55:41 | 006,632,631 | ---- | M] () -- C:\Users\daddy\Desktop\attachments(2).zip
[2010/10/05 18:54:49 | 004,065,016 | ---- | M] () -- C:\Users\daddy\Desktop\attachments.zip
[2010/10/04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\daddy\Desktop\TDSSKiller.exe

========== Files Created - No Company Name ==========

[2010/10/23 21:59:56 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/10/23 19:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/23 17:33:26 | 003,884,040 | R--- | C] () -- C:\Users\daddy\Desktop\ComboFix.exe
[2010/10/22 16:33:28 | 032,851,776 | ---- | C] () -- C:\Users\daddy\Documents\MVI_0009.avi
[2010/10/22 09:48:39 | 000,080,384 | ---- | C] () -- C:\Users\daddy\Desktop\MBRCheck.exe
[2010/10/22 09:18:39 | 268,001,548 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/21 20:38:54 | 000,055,176 | ---- | C] () -- C:\Users\daddy\Desktop\grab.gba
[2010/10/21 20:07:55 | 000,000,969 | ---- | C] () -- C:\Users\daddy\Desktop\QuickPar.lnk
[2010/10/21 12:42:11 | 000,037,843 | ---- | C] () -- C:\Users\daddy\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/10/21 12:39:05 | 000,118,500 | ---- | C] () -- C:\Users\daddy\Desktop\rainbows21-10-2010.pdf
[2010/10/21 08:58:26 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/21 08:58:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/21 08:58:26 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/21 08:58:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/21 08:58:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/21 07:49:07 | 000,959,570 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1108000.005\Cat.DB
[2010/10/20 22:47:03 | 000,001,135 | ---- | C] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/10/20 22:17:18 | 000,002,032 | -H-- | C] () -- C:\Users\daddy\Documents\Default.rdp
[2010/10/20 22:16:15 | 000,055,699 | ---- | C] () -- C:\Windows\System32\WhlLSPBackup_1.reg
[2010/10/20 22:16:15 | 000,003,103 | ---- | C] () -- C:\Windows\System32\WhlNSPBackup_1.reg
[2010/10/20 18:44:28 | 000,001,063 | ---- | C] () -- C:\Users\daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/10/20 18:11:03 | 000,001,176 | ---- | C] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Pinnacle Studio 14.lnk
[2010/10/20 18:06:31 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010/10/20 17:23:13 | 000,002,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
[2010/10/20 17:18:58 | 000,001,107 | ---- | C] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/10/20 17:17:25 | 000,000,917 | ---- | C] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\GrabIt.lnk
[2010/10/20 16:10:15 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/10/20 11:59:03 | 000,001,124 | ---- | C] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/20 11:43:57 | 000,001,244 | ---- | C] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/20 11:34:11 | 000,001,913 | ---- | C] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/20 11:33:22 | 000,001,411 | ---- | C] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/20 11:16:47 | 000,000,290 | ---- | C] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/10/20 11:16:47 | 000,000,272 | ---- | C] () -- C:\Users\daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/10/20 11:09:10 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/20 11:08:08 | 2616,057,856 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/05 18:55:30 | 006,632,631 | ---- | C] () -- C:\Users\daddy\Desktop\attachments(2).zip
[2010/10/05 18:54:39 | 004,065,016 | ---- | C] () -- C:\Users\daddy\Desktop\attachments.zip
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== Custom Scans ==========

< >

< >

< %SYSTEMDRIVE%\*.* >
[2010/10/24 00:29:13 | 000,002,172 | ---- | M] () -- C:\aaw7boot.log
[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/10/23 17:43:34 | 000,013,638 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/10/24 00:29:13 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/24 00:29:13 | 3488,079,872 | -HS- | M] () -- C:\pagefile.sys
[2010/10/22 02:04:41 | 000,066,754 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_22.10.2010_01.59.12_log.txt
[2010/10/23 08:30:32 | 000,001,780 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_23.10.2010_08.30.32_log.txt
[2010/10/23 09:24:13 | 000,001,874 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_23.10.2010_09.24.10_log.txt
[2010/10/23 09:24:17 | 000,001,874 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_23.10.2010_09.24.15_log.txt
[2010/10/23 09:29:37 | 000,001,874 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_23.10.2010_09.29.36_log.txt
[2010/10/23 12:16:11 | 000,062,238 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_23.10.2010_09.39.17_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/14 02:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/10/20 11:33:22 | 000,000,221 | -HS- | M] () -- C:\Users\daddy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/09/01 15:33:49 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Users\daddy\Desktop\bootkit_remover.exe
[2010/10/23 17:33:39 | 003,884,040 | R--- | M] () -- C:\Users\daddy\Desktop\ComboFix.exe
[2010/10/22 09:48:06 | 000,080,384 | ---- | M] () -- C:\Users\daddy\Desktop\MBRCheck.exe
[2010/10/23 23:30:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\daddy\Desktop\OTL.exe
[2010/10/04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\daddy\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/10/20 11:33:07 | 000,000,402 | -HS- | M] () -- C:\Users\daddy\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

gmaatt · 2010/10/23

i notice that the dns hijacker remains and will reattempt your most recent instructions, i will hold reset longer than what i had done

Log in or Sign up

Solved Google redirect issue. r3.google.com/*

gmaatt Inactive Thread Starter

gmaatt Inactive Thread Starter

broni Moderator Malware Analyst

gmaatt Inactive Thread Starter

broni Moderator Malware Analyst

gmaatt Inactive Thread Starter

broni Moderator Malware Analyst

gmaatt Inactive Thread Starter

broni Moderator Malware Analyst

gmaatt Inactive Thread Starter

gmaatt Inactive Thread Starter

broni Moderator Malware Analyst

gmaatt Inactive Thread Starter

gmaatt Inactive Thread Starter

gmaatt Inactive Thread Starter

broni Moderator Malware Analyst

gmaatt Inactive Thread Starter

gmaatt Inactive Thread Starter

gmaatt Inactive Thread Starter

gmaatt Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Google redirect issue. r3.google.com/*

gmaatt Inactive Thread Starter

gmaatt Inactive Thread Starter

broni Moderator Malware Analyst

gmaatt Inactive Thread Starter

broni Moderator Malware Analyst

gmaatt Inactive Thread Starter

broni Moderator Malware Analyst

gmaatt Inactive Thread Starter

broni Moderator Malware Analyst

gmaatt Inactive Thread Starter

gmaatt Inactive Thread Starter

broni Moderator Malware Analyst

gmaatt Inactive Thread Starter

gmaatt Inactive Thread Starter

gmaatt Inactive Thread Starter

broni Moderator Malware Analyst

gmaatt Inactive Thread Starter

gmaatt Inactive Thread Starter

gmaatt Inactive Thread Starter

gmaatt Inactive Thread Starter

Share This Page

Useful Searches