1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Assistance appreciated

Discussion in 'Malware and Virus Removal Archive' started by Belzenfyfer, 2010/11/13.

Page 1 of 2
  1. 2010/11/13
    Belzenfyfer

    Belzenfyfer Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    14
    Likes Received:
    0
    [Resolved] Assistance appreciated

    I have been reviewing your forum for awhile and just joined. Your forum has appeared to address similar problems so I am hopeful you can assist me. I am trying to follow your exact instructions in your malware-virus-removal section. I have not been able to get any windows updates, or anti-virus updates. Several website are not accessible (all the ones required for help of course). I had to download all executable files onto a second computer and use my flash drive to run them on this computer to get to this stage.
    My appologies if this was to be done in multiple posts versus one large one.


    MBAM
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5110

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18975

    11/13/2010 4:49:47 PM
    mbam-log-2010-11-13 (16-49-47).txt

    Scan type: Quick scan
    Objects scanned: 202541
    Time elapsed: 6 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    GMER
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-13 16:09:27
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 ST350063 rev.3.AD
    Running: m2xkt5zi.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldipow.sys


    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[840] ntdll.dll!NtProtectVirtualMemory 771F4D34 5 Bytes JMP 0082000A
    .text C:\Windows\system32\svchost.exe[840] ntdll.dll!NtWriteVirtualMemory 771F5674 5 Bytes JMP 0087000A
    .text C:\Windows\system32\svchost.exe[840] ntdll.dll!KiUserExceptionDispatcher 771F5DC8 5 Bytes JMP 0081000A
    .text C:\Windows\system32\svchost.exe[840] ole32.dll!CoCreateInstance 75F79F3E 5 Bytes JMP 008E000A
    .text C:\Windows\Explorer.EXE[1152] ntdll.dll!NtProtectVirtualMemory 771F4D34 5 Bytes JMP 01D1000A
    .text C:\Windows\Explorer.EXE[1152] ntdll.dll!NtWriteVirtualMemory 771F5674 5 Bytes JMP 01D2000A
    .text C:\Windows\Explorer.EXE[1152] ntdll.dll!KiUserExceptionDispatcher 771F5DC8 5 Bytes JMP 01D0000A

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73BB7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C0A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73BBBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73BAF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73BB75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73BAE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73BE8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73BBDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73BAFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73BAFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73BA71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73C3CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73BDC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73BAD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73BA6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73BA687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73BB2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sectors 976772912 (+255): rootkit-like behavior;

    ---- EOF - GMER 1.0.15 ----
    MBRCheck
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Dell DXP061
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 152):
    0x81E0F000 \SystemRoot\system32\ntkrnlpa.exe
    0x821C8000 \SystemRoot\system32\hal.dll
    0x86999000 \SystemRoot\system32\kdcom.dll
    0x8060C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x8067C000 \SystemRoot\system32\PSHED.dll
    0x8068D000 \SystemRoot\system32\BOOTVID.dll
    0x80695000 \SystemRoot\system32\CLFS.SYS
    0x806D6000 \SystemRoot\system32\CI.dll
    0x8240A000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x82486000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x82493000 \SystemRoot\system32\drivers\acpi.sys
    0x824D9000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x824E2000 \SystemRoot\system32\drivers\msisadrv.sys
    0x824EA000 \SystemRoot\system32\drivers\pci.sys
    0x82511000 \SystemRoot\System32\drivers\partmgr.sys
    0x82520000 \SystemRoot\system32\drivers\volmgr.sys
    0x8252F000 \SystemRoot\System32\drivers\volmgrx.sys
    0x82579000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8260C000 \SystemRoot\system32\drivers\iastor.sys
    0x826C4000 \SystemRoot\system32\drivers\fltmgr.sys
    0x826F6000 \SystemRoot\system32\drivers\fileinfo.sys
    0x82706000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
    0x8271C000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x82725000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x87C09000 \SystemRoot\system32\drivers\ndis.sys
    0x87D14000 \SystemRoot\system32\drivers\msrpc.sys
    0x87D3F000 \SystemRoot\system32\drivers\NETIO.SYS
    0x87E0A000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x87F1A000 \SystemRoot\system32\drivers\volsnap.sys
    0x87F53000 \SystemRoot\System32\Drivers\spldr.sys
    0x87F5B000 \SystemRoot\System32\drivers\sfhlp02.sys
    0x87F63000 \SystemRoot\System32\drivers\sfdrv01.sys
    0x87F76000 \SystemRoot\System32\Drivers\mup.sys
    0x87F85000 \SystemRoot\system32\Drivers\fsbts.sys
    0x87F8E000 \SystemRoot\System32\drivers\ecache.sys
    0x87FB5000 \SystemRoot\system32\drivers\disk.sys
    0x87FC6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x87FE7000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8CCB9000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8CCC4000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8CCCD000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8D00E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8DB20000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x8DB22000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8DBC3000 \SystemRoot\System32\drivers\watchdog.sys
    0x8CCDC000 \SystemRoot\system32\DRIVERS\e1e6032.sys
    0x8DBCF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8CD16000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8DBDA000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8CD54000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8DBE9000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
    0x8CDE1000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8DBEB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x87D7A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x87DA9000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8DBF1000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x82796000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8D000000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x827AD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x87DEA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x827D0000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x827E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x82589000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x82600000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x82599000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x825A4000 \SystemRoot\system32\DRIVERS\c2scsi.sys
    0x807B6000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0x8D00B000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8DE0A000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8DE34000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8DE3E000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8DE5F000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8DE94000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8DEA5000 \SystemRoot\system32\drivers\HdAudio.sys
    0x8DEE4000 \SystemRoot\system32\drivers\portcls.sys
    0x8DF11000 \SystemRoot\system32\drivers\drmk.sys
    0x8DF36000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8DF3F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x8DF4F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8DF56000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8DF58000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x8DF61000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8DF6A000 \SystemRoot\System32\Drivers\Null.SYS
    0x8DF71000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8DF78000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
    0x8DF7E000 \SystemRoot\System32\drivers\vga.sys
    0x8DF8A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8DFAB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8DFB3000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8DFBB000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8DFC6000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8DFD4000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8E200000 \SystemRoot\System32\drivers\tcpip.sys
    0x8E2EA000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8E305000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8E31B000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8E32F000 \SystemRoot\system32\drivers\afd.sys
    0x8E377000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8E3A9000 \SystemRoot\system32\drivers\ws2ifsl.sys
    0x8E3B2000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8E3C8000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8E3D6000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8EA02000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8EA3E000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8EA48000 \??\C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsvista.sys
    0x8EA50000 \SystemRoot\System32\drivers\fsdfw.sys
    0x8EA60000 \SystemRoot\System32\drivers\fses.sys
    0x8EA68000 \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys
    0x8EA77000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8EA7F000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8EA96000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x8EAD1000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8EADE000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x81630000 \SystemRoot\System32\win32k.sys
    0x8EB96000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8EBA0000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x81850000 \SystemRoot\System32\TSDDD.dll
    0x81870000 \SystemRoot\System32\cdd.dll
    0x8EBAF000 \SystemRoot\system32\drivers\luafv.sys
    0x8EBCA000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0x8EBD5000 \SystemRoot\System32\DLA\DLADResM.SYS
    0x8EBD6000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
    0x8EBEE000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
    0x8EBF3000 \SystemRoot\System32\DLA\DLAPoolM.SYS
    0x8EBF5000 \SystemRoot\System32\DLA\DLABMFSM.SYS
    0x8E3E9000 \SystemRoot\System32\DLA\DLABOIOM.SYS
    0x8DFDD000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
    0x8CC00000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
    0xA0C0D000 \SystemRoot\system32\drivers\spsys.sys
    0xA0CBD000 \SystemRoot\system32\DRIVERS\irda.sys
    0xA0CDB000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0xA0CEB000 \SystemRoot\system32\DRIVERS\nmsgopro.sys
    0xA0CF2000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xA0D05000 \SystemRoot\system32\drivers\HTTP.sys
    0xA0D72000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA0D8F000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xA0DA8000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xA0DBD000 \SystemRoot\system32\drivers\mrxdav.sys
    0xA0DDE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x8CC17000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x8CC50000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x8CC68000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA2202000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA2250000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
    0xA2252000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xA227A000 \SystemRoot\system32\DRIVERS\nmsunidr.sys
    0xA227C000 \SystemRoot\system32\drivers\peauth.sys
    0xA235A000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA2364000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA2370000 \??\C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys
    0xA2392000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x771F0000 \Windows\System32\ntdll.dll

    Processes (total 81):
    0 System Idle Process
    4 System
    456 C:\Windows\System32\smss.exe
    524 csrss.exe
    584 C:\Windows\System32\wininit.exe
    592 csrss.exe
    628 C:\Windows\System32\services.exe
    640 C:\Windows\System32\lsass.exe
    648 C:\Windows\System32\lsm.exe
    676 C:\Windows\System32\winlogon.exe
    840 C:\Windows\System32\svchost.exe
    920 C:\Windows\System32\nvvsvc.exe
    956 C:\Windows\System32\svchost.exe
    1028 C:\Windows\System32\svchost.exe
    1092 C:\Windows\System32\svchost.exe
    1132 C:\Windows\System32\svchost.exe
    1192 C:\Windows\System32\svchost.exe
    1280 C:\Windows\System32\audiodg.exe
    1344 C:\Windows\System32\svchost.exe
    1448 C:\Windows\System32\nvvsvc.exe
    1456 C:\Windows\System32\SLsvc.exe
    1480 C:\Windows\System32\svchost.exe
    1604 C:\Windows\System32\svchost.exe
    1720 C:\Windows\System32\taskeng.exe
    1788 C:\Windows\System32\spoolsv.exe
    1852 C:\Windows\System32\svchost.exe
    1916 C:\Windows\System32\rundll32.exe
    448 C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
    824 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1220 C:\Program Files\Bonjour\mDNSResponder.exe
    1512 C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    596 C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
    1832 C:\Program Files\Shaw Secure\Anti-Virus\fsgk32.exe
    1824 C:\Program Files\Shaw Secure\Common\FSMA32.EXE
    2128 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2144 C:\Program Files\Shaw Secure\Common\FSHDLL32.EXE
    2164 C:\Windows\Runservice.exe
    2228 C:\Windows\System32\svchost.exe
    2344 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
    2600 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    2664 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2736 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    2776 C:\Windows\System32\svchost.exe
    2864 C:\Windows\System32\svchost.exe
    2924 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2980 C:\Windows\System32\SearchIndexer.exe
    3208 C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
    3228 C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
    3256 C:\Program Files\Shaw Secure\FWES\program\fsdfwd.exe
    3460 WmiPrvSE.exe
    3816 C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
    3836 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2692 C:\Windows\System32\taskeng.exe
    2752 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    624 C:\Windows\System32\dwm.exe
    3592 C:\Windows\explorer.exe
    3680 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    2256 C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
    3512 C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
    3528 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    3552 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    3712 C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
    4108 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
    4132 C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
    4168 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    4240 C:\Windows\System32\wpcumi.exe
    4248 C:\Program Files\QuickTime\QTTask.exe
    4256 C:\Program Files\iTunes\iTunesHelper.exe
    4284 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    4292 C:\Program Files\Shaw Secure\Common\FSM32.EXE
    4308 C:\Program Files\Windows Sidebar\sidebar.exe
    4336 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    4344 C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
    4364 C:\Program Files\Microsoft Office\Office\OSA.EXE
    4372 C:\Program Files\shaw\bin\shawsupport.exe
    5532 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
    5540 C:\Program Files\iPod\bin\iPodService.exe
    5448 C:\Windows\servicing\TrustedInstaller.exe
    1892 WmiPrvSE.exe
    6088 C:\Windows\System32\wscript.exe
    6084 E:\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`82800000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

    PhysicalDrive0 Model Number: ST3500630AS, Rev: 3.ADG

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
    Done!
    DDS.txt
    DDS (Ver_10-11-10.01) - NTFSx86
    Run by Administrator at 16:20:22.44 on Sat 11/13/2010
    Internet Explorer: 8.0.6001.18975
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.2.1033.18.2045.1163 [GMT -7:00]
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    == Running Processes ==
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\Shaw Secure\Common\FSMA32.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Shaw Secure\Common\FSHDLL32.EXE
    C:\Windows\runservice.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
    C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
    C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
    C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
    C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Shaw Secure\Common\FSM32.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\shaw\bin\shawsupport.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\wscript.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Administrator\Desktop\dds.scr
    == Pseudo HJT Report ==
    uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=5070803
    uWindow Title = Internet Explorer provided by Dell
    uDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=5070803
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\shaw secure\nrs\iescript\baselitmus.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\shaw secure\nrs\iescript\baselitmus.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
    mRun: [CCUTRAYICON] c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe "
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe "
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe "
    mRun: [<NO NAME>]
    mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe "
    mRun: [shawnotify] c:\progra~1\shaw\update\siuloader.exe /notify
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [F-Secure Manager] "c:\program files\shaw secure\common\FSM32.EXE" /splash
    mRun: [F-Secure TNB] "c:\program files\shaw secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
    dRun: [U36VRSFLG6] c:\windows\temp\Ir0.exe
    dRun: [cleansweep.exe] c:\cleansweep.exe\cleansweep.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\MSOFFICE.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\shawsu~1.lnk - c:\program files\shaw\bin\shawsupport.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: c:\program files\shaw secure\fsps\program\FSLSP.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll
    Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
    mASetup: {4CDE2F9B-11C5-AF6D-C96F-A2B2E4036508} - c:\windows\system32\sys32\svchost.exe s
    == SERVICES / DRIVERS ==
    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-11-13 41624]
    R1 c2scsi;c2scsi;c:\windows\system32\drivers\C2SCSI.SYS [2007-8-18 252152]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\shaw secure\hips\drivers\fshs.sys [2010-11-13 68064]
    R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-11-13 35680]
    R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-11-13 71040]
    R1 fsvista;F-Secure Vista Support Driver;c:\program files\shaw secure\anti-virus\minifilter\fsvista.sys [2010-11-13 12384]
    R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
    R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\shaw secure\anti-virus\fsgk32st.exe [2010-11-13 215648]
    R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-2-27 2560]
    R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
    R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
    R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\shaw secure\anti-virus\minifilter\fsgk.sys [2010-11-13 124072]
    R3 FSORSPClient;F-Secure ORSP Client;c:\program files\shaw secure\orsp client\fsorsp.exe [2010-11-13 55904]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-27 136176]
    S2 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-11-18 174552]
    S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992]
    S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744]
    S2 SessionLauncher;SessionLauncher;c:\users\glen\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\glen\appdata\local\temp\dx9\SessionLauncher.exe [?]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-16 21504]
    S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\shaw secure\anti-virus\win2k\fsfilter.sys [2010-11-13 39776]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\shaw secure\anti-virus\win2k\fsrec.sys [2010-11-13 25184]
    == Created Last 30 ==
    2010-11-13 21:55:39 -------- d-----w- c:\users\admini~1\appdata\roaming\Malwarebytes
    2010-11-13 21:55:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-13 21:55:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-13 21:55:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-13 21:55:24 -------- d-----w- c:\progra~2\Malwarebytes
    2010-11-13 17:46:54 41624 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2010-11-13 17:46:40 35680 ----a-w- c:\windows\system32\drivers\fses.sys
    2010-11-13 17:46:31 71040 ----a-w- c:\windows\system32\drivers\fsdfw.sys
    2010-11-12 23:11:16 -------- d-----w- c:\windows\system32\catroot2
    2010-11-12 04:14:33 -------- d-----w- c:\windows\system32\catroot2.bak
    2010-11-12 03:50:24 -------- d-----w- c:\users\admini~1\appdata\local\Apple
    2010-11-07 23:41:07 -------- d-----w- c:\progra~2\Alwil Software
    2010-10-31 19:03:09 438272 ----a-w- c:\windows\system32\vp6vfw.dll
    2010-10-31 19:03:08 327680 ----a-w- c:\windows\system32\vp6dec.ax
    2010-10-31 19:03:08 118832 ----a-w- c:\windows\system32\SHW32.DLL
    2010-10-31 19:02:31 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
    2010-10-31 19:02:31 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
    2010-10-31 19:02:31 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
    2010-10-31 19:02:31 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
    2010-10-31 19:02:31 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
    2010-10-31 19:02:31 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
    2010-10-31 19:02:30 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
    2010-10-30 02:49:23 -------- d-----w- c:\program files\EA SPORTS
    2010-10-27 15:15:11 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-10-27 15:15:08 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-27 15:15:07 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-10-26 03:48:44 -------- d-----w- c:\windows\UfdApp
    2010-10-26 03:42:17 -------- d-----w- c:\users\admini~1\appdata\local\Adobe
    2010-10-25 23:33:49 -------- d-----w- C:\CPQSYSTEM
    2010-10-25 22:39:17 -------- d-----w- c:\users\admini~1\appdata\local\Google
    == Find3M ==
    2010-11-13 23:10:35 1473 --sha-w- c:\windows\system32\mmf.sys
    2010-11-07 16:04:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-09-08 17:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 17:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
    2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
    == ROOTKIT ==
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: ST350063 rev.3.AD -> Harddisk0\DR0 -> \Device\Ide\iaStor0
    device: opened successfully
    user: MBR read successfully
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86429446]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8642f504]; MOV EAX, [0x8642f580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x81E53962] -> \Device\Harddisk0\DR0[0x8573B7E8]
    3 CLASSPNP[0x87FCB8B3] -> ntkrnlpa!IofCallDriver[0x81E53962] -> [0x864888B0]
    \Driver\iaStor[0x860944B0] -> IRP_MJ_CREATE -> 0x86429446
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskST3500630AS_____3.ADG___#4&d9859c0&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\iaStor DriverStartIo -> 0x86429292
    user != kernel MBR !!!
    sectors 976773166 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
    == FINISH: 16:21:17.86 ==
    ATTACH.txt
    Advise if required
     
    Belzenfyfer,
    #1
  2. 2010/11/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/11/14
    Belzenfyfer

    Belzenfyfer Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    14
    Likes Received:
    0
    broni,
    Thanks for your response. There was one infected file to cure and no suspicious files. Requested a reboot and the log is enclosed.
    Thansk in advance for you assistance.

    2010/11/14 12:35:16.0321 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
    2010/11/14 12:35:16.0321 ================================================================================
    2010/11/14 12:35:16.0321 SystemInfo:
    2010/11/14 12:35:16.0321
    2010/11/14 12:35:16.0321 OS Version: 6.0.6002 ServicePack: 2.0
    2010/11/14 12:35:16.0321 Product type: Workstation
    2010/11/14 12:35:16.0321 ComputerName: HOME-PC
    2010/11/14 12:35:16.0321 UserName: Administrator
    2010/11/14 12:35:16.0321 Windows directory: C:\Windows
    2010/11/14 12:35:16.0321 System windows directory: C:\Windows
    2010/11/14 12:35:16.0321 Processor architecture: Intel x86
    2010/11/14 12:35:16.0321 Number of processors: 4
    2010/11/14 12:35:16.0321 Page size: 0x1000
    2010/11/14 12:35:16.0321 Boot type: Normal boot
    2010/11/14 12:35:16.0321 ================================================================================
    2010/11/14 12:35:16.0883 Initialize success
    2010/11/14 12:35:19.0831 ================================================================================
    2010/11/14 12:35:19.0831 Scan started
    2010/11/14 12:35:19.0831 Mode: Manual;
    2010/11/14 12:35:19.0831 ================================================================================
    2010/11/14 12:35:20.0954 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2010/11/14 12:35:21.0032 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2010/11/14 12:35:21.0126 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2010/11/14 12:35:21.0157 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2010/11/14 12:35:21.0188 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2010/11/14 12:35:21.0266 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2010/11/14 12:35:21.0298 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2010/11/14 12:35:21.0376 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
    2010/11/14 12:35:21.0469 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2010/11/14 12:35:21.0500 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
    2010/11/14 12:35:21.0516 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2010/11/14 12:35:21.0547 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2010/11/14 12:35:21.0610 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2010/11/14 12:35:21.0703 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2010/11/14 12:35:21.0797 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/11/14 12:35:21.0859 atapi (a779ca2c76da4fcb595e692c05e8e4eb) C:\Windows\system32\drivers\atapi.sys
    2010/11/14 12:35:21.0937 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2010/11/14 12:35:22.0015 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2010/11/14 12:35:22.0078 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2010/11/14 12:35:22.0140 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2010/11/14 12:35:22.0218 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2010/11/14 12:35:22.0234 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2010/11/14 12:35:22.0265 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2010/11/14 12:35:22.0296 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2010/11/14 12:35:22.0358 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2010/11/14 12:35:22.0405 c2scsi (f07baaa5447980beb357239da05e74b3) C:\Windows\system32\DRIVERS\c2scsi.sys
    2010/11/14 12:35:22.0436 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/11/14 12:35:22.0499 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/11/14 12:35:22.0546 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2010/11/14 12:35:22.0639 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2010/11/14 12:35:22.0702 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
    2010/11/14 12:35:22.0733 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
    2010/11/14 12:35:22.0780 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2010/11/14 12:35:22.0811 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2010/11/14 12:35:22.0889 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2010/11/14 12:35:22.0982 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2010/11/14 12:35:23.0045 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
    2010/11/14 12:35:23.0092 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
    2010/11/14 12:35:23.0138 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
    2010/11/14 12:35:23.0154 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS
    2010/11/14 12:35:23.0170 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
    2010/11/14 12:35:23.0216 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
    2010/11/14 12:35:23.0248 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
    2010/11/14 12:35:23.0310 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
    2010/11/14 12:35:23.0357 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
    2010/11/14 12:35:23.0404 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
    2010/11/14 12:35:23.0466 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2010/11/14 12:35:23.0513 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
    2010/11/14 12:35:23.0528 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
    2010/11/14 12:35:23.0606 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    2010/11/14 12:35:23.0669 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
    2010/11/14 12:35:23.0731 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/11/14 12:35:23.0794 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
    2010/11/14 12:35:23.0872 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2010/11/14 12:35:23.0996 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2010/11/14 12:35:24.0059 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2010/11/14 12:35:24.0137 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2010/11/14 12:35:24.0262 F-Secure Filter (d4980588ed87f8bb16be43ddd0fbd5fe) C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys
    2010/11/14 12:35:24.0308 F-Secure Gatekeeper (59cb82e8506071335e5aecabe630032f) C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys
    2010/11/14 12:35:24.0386 F-Secure HIPS (f5aca65237c7511d5803cdc5e7003d75) C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys
    2010/11/14 12:35:24.0449 F-Secure Recognizer (6ce1195511533c9359f91a9e63792f5e) C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys
    2010/11/14 12:35:24.0542 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2010/11/14 12:35:24.0574 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2010/11/14 12:35:24.0667 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2010/11/14 12:35:24.0698 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2010/11/14 12:35:24.0730 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/11/14 12:35:24.0808 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2010/11/14 12:35:24.0901 fsbts (99fb9675904d92c18b2840a6467dd4a1) C:\Windows\system32\Drivers\fsbts.sys
    2010/11/14 12:35:24.0995 FSES (f5d5683428071b1c3a0ab83b298ac45a) C:\Windows\system32\drivers\fses.sys
    2010/11/14 12:35:25.0057 FSFW (7c54f491c35e74cb0a81ba7ec5af7b2f) C:\Windows\system32\drivers\fsdfw.sys
    2010/11/14 12:35:25.0182 fsvista (f4a1769bd7a3f073c492663e6a7decd1) C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsvista.sys
    2010/11/14 12:35:25.0213 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/11/14 12:35:25.0260 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2010/11/14 12:35:25.0338 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2010/11/14 12:35:25.0447 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
    2010/11/14 12:35:25.0525 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/11/14 12:35:25.0588 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2010/11/14 12:35:25.0603 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2010/11/14 12:35:25.0697 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/11/14 12:35:25.0728 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2010/11/14 12:35:25.0790 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2010/11/14 12:35:25.0822 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2010/11/14 12:35:25.0884 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/11/14 12:35:25.0946 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\drivers\iastor.sys
    2010/11/14 12:35:25.0978 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2010/11/14 12:35:26.0040 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2010/11/14 12:35:26.0087 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
    2010/11/14 12:35:26.0134 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/11/14 12:35:26.0196 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/11/14 12:35:26.0274 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2010/11/14 12:35:26.0352 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2010/11/14 12:35:26.0414 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
    2010/11/14 12:35:26.0446 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2010/11/14 12:35:26.0477 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
    2010/11/14 12:35:26.0524 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2010/11/14 12:35:26.0586 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/11/14 12:35:26.0633 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2010/11/14 12:35:26.0695 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2010/11/14 12:35:26.0773 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/11/14 12:35:26.0836 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2010/11/14 12:35:26.0882 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2010/11/14 12:35:26.0960 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/11/14 12:35:27.0038 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2010/11/14 12:35:27.0070 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2010/11/14 12:35:27.0101 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2010/11/14 12:35:27.0179 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2010/11/14 12:35:27.0241 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2010/11/14 12:35:27.0335 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2010/11/14 12:35:27.0382 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2010/11/14 12:35:27.0413 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/11/14 12:35:27.0444 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/11/14 12:35:27.0491 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2010/11/14 12:35:27.0569 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2010/11/14 12:35:27.0647 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2010/11/14 12:35:27.0678 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2010/11/14 12:35:27.0725 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2010/11/14 12:35:27.0787 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/11/14 12:35:27.0803 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/11/14 12:35:27.0865 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/11/14 12:35:27.0912 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
    2010/11/14 12:35:27.0959 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2010/11/14 12:35:28.0006 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2010/11/14 12:35:28.0037 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2010/11/14 12:35:28.0084 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/11/14 12:35:28.0146 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/11/14 12:35:28.0240 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2010/11/14 12:35:28.0286 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2010/11/14 12:35:28.0318 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/11/14 12:35:28.0349 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2010/11/14 12:35:28.0411 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2010/11/14 12:35:28.0489 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/11/14 12:35:28.0583 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2010/11/14 12:35:28.0614 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/11/14 12:35:28.0661 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/11/14 12:35:28.0676 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/11/14 12:35:28.0708 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2010/11/14 12:35:28.0739 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2010/11/14 12:35:28.0801 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2010/11/14 12:35:28.0848 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2010/11/14 12:35:28.0879 nmsgopro (acc8d7fc0da793450f5f257d9ce4ff75) C:\Windows\system32\DRIVERS\nmsgopro.sys
    2010/11/14 12:35:28.0895 nmsunidr (64fa28c15dd71a80bef3527e1ef07df6) C:\Windows\system32\DRIVERS\nmsunidr.sys
    2010/11/14 12:35:28.0942 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2010/11/14 12:35:28.0973 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2010/11/14 12:35:29.0066 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2010/11/14 12:35:29.0129 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2010/11/14 12:35:29.0144 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2010/11/14 12:35:29.0441 nvlddmkm (55526cd7b311236aab3f73434cbc651e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2010/11/14 12:35:29.0753 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
    2010/11/14 12:35:29.0862 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
    2010/11/14 12:35:29.0924 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2010/11/14 12:35:30.0096 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2010/11/14 12:35:30.0143 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2010/11/14 12:35:30.0205 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2010/11/14 12:35:30.0236 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2010/11/14 12:35:30.0346 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2010/11/14 12:35:30.0392 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
    2010/11/14 12:35:30.0439 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2010/11/14 12:35:30.0486 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
    2010/11/14 12:35:30.0548 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2010/11/14 12:35:30.0658 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/11/14 12:35:30.0689 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2010/11/14 12:35:30.0767 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2010/11/14 12:35:30.0814 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
    2010/11/14 12:35:30.0860 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2010/11/14 12:35:30.0923 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2010/11/14 12:35:30.0985 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2010/11/14 12:35:31.0016 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/11/14 12:35:31.0094 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/11/14 12:35:31.0172 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/11/14 12:35:31.0219 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/11/14 12:35:31.0266 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/11/14 12:35:31.0282 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/11/14 12:35:31.0375 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2010/11/14 12:35:31.0391 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2010/11/14 12:35:31.0469 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2010/11/14 12:35:31.0562 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/11/14 12:35:31.0609 RxFilter (80cae340f37b52d1cb75ff74e6a087cd) C:\Windows\system32\DRIVERS\RxFilter.sys
    2010/11/14 12:35:31.0703 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2010/11/14 12:35:31.0781 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2010/11/14 12:35:31.0843 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2010/11/14 12:35:31.0921 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2010/11/14 12:35:31.0968 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2010/11/14 12:35:32.0030 sfdrv01 (aad95fe3e005489c7156fa111f744eaf) C:\Windows\system32\drivers\sfdrv01.sys
    2010/11/14 12:35:32.0077 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    2010/11/14 12:35:32.0171 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2010/11/14 12:35:32.0186 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    2010/11/14 12:35:32.0233 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
    2010/11/14 12:35:32.0264 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2010/11/14 12:35:32.0311 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2010/11/14 12:35:32.0374 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2010/11/14 12:35:32.0420 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2010/11/14 12:35:32.0483 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2010/11/14 12:35:32.0530 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2010/11/14 12:35:32.0623 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
    2010/11/14 12:35:32.0686 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
    2010/11/14 12:35:32.0717 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/11/14 12:35:32.0779 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
    2010/11/14 12:35:32.0842 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2010/11/14 12:35:32.0951 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2010/11/14 12:35:32.0966 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2010/11/14 12:35:32.0998 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2010/11/14 12:35:33.0138 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2010/11/14 12:35:33.0216 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/11/14 12:35:33.0294 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2010/11/14 12:35:33.0341 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2010/11/14 12:35:33.0403 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2010/11/14 12:35:33.0450 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2010/11/14 12:35:33.0497 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2010/11/14 12:35:33.0590 TSHWMDTCP (3f6dc449398b21c213dcdd18f460df72) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
    2010/11/14 12:35:33.0637 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/11/14 12:35:33.0700 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2010/11/14 12:35:33.0731 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/11/14 12:35:33.0793 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2010/11/14 12:35:33.0887 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2010/11/14 12:35:33.0949 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2010/11/14 12:35:33.0980 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2010/11/14 12:35:34.0012 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2010/11/14 12:35:34.0058 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2010/11/14 12:35:34.0136 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2010/11/14 12:35:34.0199 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
    2010/11/14 12:35:34.0246 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    2010/11/14 12:35:34.0324 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/11/14 12:35:34.0370 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2010/11/14 12:35:34.0417 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/11/14 12:35:34.0448 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/11/14 12:35:34.0480 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2010/11/14 12:35:34.0526 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2010/11/14 12:35:34.0558 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2010/11/14 12:35:34.0573 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/11/14 12:35:34.0604 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/11/14 12:35:34.0667 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2010/11/14 12:35:34.0698 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/11/14 12:35:34.0760 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2010/11/14 12:35:34.0807 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2010/11/14 12:35:34.0870 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2010/11/14 12:35:34.0932 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
    2010/11/14 12:35:34.0979 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2010/11/14 12:35:35.0026 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2010/11/14 12:35:35.0088 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2010/11/14 12:35:35.0135 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2010/11/14 12:35:35.0197 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2010/11/14 12:35:35.0260 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/11/14 12:35:35.0260 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/11/14 12:35:35.0306 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2010/11/14 12:35:35.0353 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2010/11/14 12:35:35.0447 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    2010/11/14 12:35:35.0572 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2010/11/14 12:35:35.0650 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/11/14 12:35:35.0728 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/11/14 12:35:35.0821 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/11/14 12:35:35.0821 ================================================================================
    2010/11/14 12:35:35.0821 Scan finished
    2010/11/14 12:35:35.0821 ================================================================================
    2010/11/14 12:35:35.0837 Detected object count: 1
    2010/11/14 12:35:49.0580 \HardDisk0 - will be cured after reboot
    2010/11/14 12:35:49.0580 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2010/11/14 12:36:02.0216 Deinitialize success
     
    Belzenfyfer,
    #3
  5. 2010/11/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very good :)

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #4
  6. 2010/11/14
    Belzenfyfer

    Belzenfyfer Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    14
    Likes Received:
    0
    broni,
    As per request,

    ComboFix 10-11-14.01 - Administrator 11/14/2010 13:32:40.1.4 - x86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.2.1033.18.2045.1230 [GMT -7:00]
    Running from: c:\users\Administrator\Desktop\ComboFix.exe
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Glen\AppData\Roaming\inst.exe
    c:\users\Victoria\Desktop\Internet Explorer.lnk
    c:\windows\system32\Sys32

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
    .

    2010-11-14 20:41 . 2010-11-14 20:41 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2010-11-14 20:41 . 2010-11-14 20:41 -------- d-----w- c:\users\Victoria\AppData\Local\temp
    2010-11-14 20:41 . 2010-11-14 20:41 -------- d-----w- c:\users\Marley\AppData\Local\temp
    2010-11-14 03:14 . 2010-11-14 03:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
    2010-11-14 03:14 . 2010-11-14 03:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
    2010-11-14 03:13 . 2010-11-14 03:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ApplicationHistory
    2010-11-14 03:13 . 2010-11-14 03:13 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2010-11-14 03:13 . 2010-11-14 03:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\GTek
    2010-11-13 22:02 . 2010-11-13 22:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
    2010-11-13 21:55 . 2010-11-13 21:55 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
    2010-11-13 21:55 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-13 21:55 . 2010-11-13 23:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-13 21:55 . 2010-11-13 21:55 -------- d-----w- c:\programdata\Malwarebytes
    2010-11-13 21:55 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-13 17:46 . 2010-11-13 21:52 41624 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2010-11-13 17:46 . 2009-08-05 15:57 35680 ----a-w- c:\windows\system32\drivers\fses.sys
    2010-11-13 17:46 . 2009-08-05 15:57 71040 ----a-w- c:\windows\system32\drivers\fsdfw.sys
    2010-11-12 23:11 . 2010-11-13 01:50 -------- d-----w- c:\windows\system32\catroot2
    2010-11-12 03:50 . 2010-11-12 03:50 -------- d-----w- c:\users\Administrator\AppData\Local\Apple
    2010-11-07 23:41 . 2010-11-07 23:41 -------- d-----w- c:\programdata\Alwil Software
    2010-11-07 23:41 . 2010-11-07 23:41 -------- d-----w- c:\program files\Alwil Software
    2010-11-06 22:19 . 2010-11-06 22:19 -------- d-----w- c:\users\Glen\AppData\Local\PackageAware
    2010-10-31 19:03 . 2004-08-30 20:25 438272 ----a-w- c:\windows\system32\vp6vfw.dll
    2010-10-31 19:03 . 2007-04-12 21:01 118832 ----a-w- c:\windows\system32\SHW32.DLL
    2010-10-31 19:03 . 2004-12-10 16:06 327680 ----a-w- c:\windows\system32\vp6dec.ax
    2010-10-31 19:02 . 2010-10-31 19:02 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
    2010-10-31 19:02 . 2006-02-07 21:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
    2010-10-31 19:02 . 2006-02-07 21:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
    2010-10-31 19:02 . 2006-02-07 21:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
    2010-10-31 19:02 . 2006-02-07 21:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
    2010-10-31 19:02 . 2005-11-14 05:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2010-10-31 19:02 . 2010-10-31 19:02 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
    2010-10-31 03:25 . 2010-10-31 03:25 -------- d--h--r- c:\users\Glen\AppData\Roaming\SecuROM
    2010-10-30 02:49 . 2010-10-31 18:40 -------- d-----w- c:\program files\EA SPORTS
    2010-10-27 15:15 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-10-27 15:15 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-27 15:15 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-10-26 03:48 . 2010-10-26 03:51 -------- d-----w- c:\windows\UfdApp
    2010-10-26 03:42 . 2010-10-26 13:00 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe
    2010-10-26 01:12 . 2010-10-26 01:12 -------- d-----w- c:\program files\Common Files\Adobe
    2010-10-25 23:33 . 2010-10-25 23:33 -------- d-----w- C:\CPQSYSTEM
    2010-10-25 22:39 . 2010-10-25 22:39 -------- d-----w- c:\users\Administrator\AppData\Local\Google

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-07 16:04 . 2010-04-16 23:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-19 20:51 . 2010-02-22 15:23 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-13 13:56 . 2010-10-13 18:30 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-09-08 17:17 . 2010-09-08 17:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 17:17 . 2010-09-08 17:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-08 06:01 . 2010-10-13 18:30 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57 . 2010-10-13 18:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 05:57 . 2010-10-13 18:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:56 . 2010-10-13 18:30 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-09-08 05:56 . 2010-10-13 18:30 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-09-08 05:04 . 2010-10-13 18:30 385024 ----a-w- c:\windows\system32\html.iec
    2010-09-08 04:26 . 2010-10-13 18:30 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-09-08 04:25 . 2010-10-13 18:29 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-06 16:20 . 2010-10-13 18:30 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-09-06 16:19 . 2010-10-13 18:30 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-09-06 13:45 . 2010-10-13 18:30 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-09-06 13:45 . 2010-10-13 18:30 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-09-06 13:45 . 2010-10-13 18:30 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-08-31 15:46 . 2010-10-13 18:29 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-08-31 15:46 . 2010-10-13 18:29 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-08-31 15:44 . 2010-10-13 18:29 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-31 13:27 . 2010-10-13 18:29 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-08-26 16:37 . 2010-10-13 18:30 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-26 16:33 . 2010-10-27 15:15 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 16:33 . 2010-10-27 15:15 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2010-08-26 16:33 . 2010-10-27 15:15 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2010-08-26 16:33 . 2010-10-27 15:15 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2010-08-20 16:05 . 2010-10-13 18:29 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-08-17 14:11 . 2010-09-16 03:27 128000 ----a-w- c:\windows\system32\spoolsv.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "WindowsWelcomeCenter "= "oobefldr.dll" [2009-04-11 2153472]
    "ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-27 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CCUTRAYICON "= "c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
    "dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
    "ECenter "= "c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
    "IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
    "ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
    "NMSSupport "= "c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
    "RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
    "DMXLauncher "= "c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
    "shawnotify "= "c:\progra~1\shaw\update\siuloader.exe" [2009-05-11 378152]
    "DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-10-03 221184]
    "AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
    "WPCUMI "= "c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "F-Secure Manager "= "c:\program files\Shaw Secure\Common\FSM32.EXE" [2009-08-05 199264]
    "F-Secure TNB "= "c:\program files\Shaw Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office Shortcut Bar.lnk - c:\program files\Microsoft Office\Office\MSOFFICE.EXE [1997-7-11 333824]
    Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-11 51984]
    Shaw Support.lnk - c:\program files\shaw\bin\shawsupport.exe [2009-7-30 1291624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux3 "=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring "=dword:00000001

    R1 eysxtoiy;eysxtoiy;c:\windows\system32\drivers\eysxtoiy.sys [x]
    R1 ttdzztey;ttdzztey;c:\windows\system32\drivers\ttdzztey.sys [x]
    R1 xxuvzlyr;xxuvzlyr;c:\windows\system32\drivers\xxuvzlyr.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 136176]
    R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2009-02-28 2560]
    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
    R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
    R2 SessionLauncher;SessionLauncher;c:\users\Glen\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
    R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Shaw Secure\ORSP Client\fsorsp.exe [2009-08-05 55904]
    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]
    R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]
    S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-11-13 41624]
    S1 c2scsi;c2scsi;c:\windows\system32\DRIVERS\c2scsi.sys [2007-08-18 252152]
    S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Shaw Secure\HIPS\drivers\fshs.sys [2009-08-05 68064]
    S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2009-08-05 35680]
    S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-08-05 71040]
    S1 fsvista;F-Secure Vista Support Driver;c:\program files\Shaw Secure\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384]
    S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
    S2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
    S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
    S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
    S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys [2010-11-13 124072]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - mfeavfk
    *Deregistered* - mfebopk
    *Deregistered* - mferkdk
    *Deregistered* - mfesmfk
    *Deregistered* - MPFP

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 14:17]

    2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 14:17]

    2010-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1768912833-1729506590-1983972597-1002Core.job
    - c:\users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-27 13:02]

    2010-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1768912833-1729506590-1983972597-1002UA.job
    - c:\users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-27 13:02]

    2010-11-14 c:\windows\Tasks\User_Feed_Synchronization-{526C3451-169A-4750-8C01-9B9FBEFA2F16}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]

    2010-11-14 c:\windows\Tasks\User_Feed_Synchronization-{7F7E11DC-F562-4DC4-A6C7-0BF09D56AFA5}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]

    2010-11-14 c:\windows\Tasks\User_Feed_Synchronization-{C45246AB-9E2B-4FA3-8A03-B8C11C34AE5D}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]

    2010-11-14 c:\windows\Tasks\User_Feed_Synchronization-{EE6C01A2-861E-42A6-BE24-5F7EEE619403}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=5070803
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    LSP: c:\program files\Shaw Secure\FSPS\program\FSLSP.DLL
    Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
    HKU-Default-Run-cleansweep.exe - c:\cleansweep.exe\cleansweep.exe
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    MSConfigStartUp-Mjukaquzacufot - c:\windows\system32\config\systemprofile\AppData\Local\oxebemoj.dll
    ActiveSetup-{4CDE2F9B-11C5-AF6D-C96F-A2B2E4036508} - c:\windows\system32\sys32\svchost.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-14 13:41
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,7b,63,f5,bd,f6,88,4c,91,83,c9,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,7b,63,f5,bd,f6,88,4c,91,83,c9,\

    [HKEY_USERS\S-1-5-21-1768912833-1729506590-1983972597-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,4d,bb,98,da,23,a6,42,af,8b,dc,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,4d,bb,98,da,23,a6,42,af,8b,dc,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(720)
    c:\program files\shaw secure\hips\fshook32.dll

    - - - - - - - > 'lsass.exe'(636)
    c:\program files\shaw secure\hips\fshook32.dll
    .
    Completion time: 2010-11-14 13:43:18
    ComboFix-quarantined-files.txt 2010-11-14 20:43

    Pre-Run: 116,633,743,360 bytes free
    Post-Run: 116,579,106,816 bytes free

    - - End Of File - - 1166B7D3D5FDB76BD530CAEFC795F0FF
     
    Belzenfyfer,
    #5
  7. 2010/11/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\windows\system32\drivers\xxuvzlyr.sys
c:\windows\system32\drivers\ttdzztey.sys
c:\windows\system32\drivers\eysxtoiy.sys

Driver::
xxuvzlyr
ttdzztey
eysxtoiy

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #6
    Belzenfyfer likes this.
  8. 2010/11/14
    Belzenfyfer

    Belzenfyfer Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    14
    Likes Received:
    0
    broni,
    As per instructions,

    ComboFix 10-11-14.01 - Administrator 11/14/2010 14:26:18.1.4 - x86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.2.1033.18.2045.1208 [GMT -7:00]
    Running from: c:\users\Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::
    "c:\windows\system32\drivers\eysxtoiy.sys "
    "c:\windows\system32\drivers\ttdzztey.sys "
    "c:\windows\system32\drivers\xxuvzlyr.sys "
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_eysxtoiy
    -------\Service_ttdzztey
    -------\Service_xxuvzlyr


    ((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
    .

    2010-11-14 21:36 . 2010-11-14 21:36 -------- d-----w- c:\users\Victoria\AppData\Local\temp
    2010-11-14 21:36 . 2010-11-14 21:36 -------- d-----w- c:\users\Marley\AppData\Local\temp
    2010-11-14 21:36 . 2010-11-14 21:36 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
    2010-11-14 21:36 . 2010-11-14 21:36 -------- d-----w- c:\users\Glen\AppData\Local\temp
    2010-11-14 21:36 . 2010-11-14 21:36 -------- d-----w- c:\users\Donna\AppData\Local\temp
    2010-11-14 03:14 . 2010-11-14 03:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
    2010-11-14 03:14 . 2010-11-14 03:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
    2010-11-14 03:13 . 2010-11-14 03:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ApplicationHistory
    2010-11-14 03:13 . 2010-11-14 03:13 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2010-11-14 03:13 . 2010-11-14 03:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\GTek
    2010-11-13 22:02 . 2010-11-13 22:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
    2010-11-13 21:55 . 2010-11-13 21:55 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
    2010-11-13 21:55 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-13 21:55 . 2010-11-13 23:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-13 21:55 . 2010-11-13 21:55 -------- d-----w- c:\programdata\Malwarebytes
    2010-11-13 21:55 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-13 17:46 . 2010-11-13 21:52 41624 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2010-11-13 17:46 . 2009-08-05 15:57 35680 ----a-w- c:\windows\system32\drivers\fses.sys
    2010-11-13 17:46 . 2009-08-05 15:57 71040 ----a-w- c:\windows\system32\drivers\fsdfw.sys
    2010-11-12 23:11 . 2010-11-13 01:50 -------- d-----w- c:\windows\system32\catroot2
    2010-11-12 03:50 . 2010-11-12 03:50 -------- d-----w- c:\users\Administrator\AppData\Local\Apple
    2010-11-07 23:41 . 2010-11-07 23:41 -------- d-----w- c:\programdata\Alwil Software
    2010-11-07 23:41 . 2010-11-07 23:41 -------- d-----w- c:\program files\Alwil Software
    2010-11-06 22:19 . 2010-11-06 22:19 -------- d-----w- c:\users\Glen\AppData\Local\PackageAware
    2010-10-31 19:03 . 2004-08-30 20:25 438272 ----a-w- c:\windows\system32\vp6vfw.dll
    2010-10-31 19:03 . 2007-04-12 21:01 118832 ----a-w- c:\windows\system32\SHW32.DLL
    2010-10-31 19:03 . 2004-12-10 16:06 327680 ----a-w- c:\windows\system32\vp6dec.ax
    2010-10-31 19:02 . 2010-10-31 19:02 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
    2010-10-31 19:02 . 2006-02-07 21:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
    2010-10-31 19:02 . 2006-02-07 21:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
    2010-10-31 19:02 . 2006-02-07 21:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
    2010-10-31 19:02 . 2006-02-07 21:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
    2010-10-31 19:02 . 2005-11-14 05:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2010-10-31 19:02 . 2010-10-31 19:02 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
    2010-10-31 03:25 . 2010-10-31 03:25 -------- d--h--r- c:\users\Glen\AppData\Roaming\SecuROM
    2010-10-30 02:49 . 2010-10-31 18:40 -------- d-----w- c:\program files\EA SPORTS
    2010-10-27 15:15 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-10-27 15:15 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-27 15:15 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-10-26 03:48 . 2010-10-26 03:51 -------- d-----w- c:\windows\UfdApp
    2010-10-26 03:42 . 2010-10-26 13:00 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe
    2010-10-26 01:12 . 2010-10-26 01:12 -------- d-----w- c:\program files\Common Files\Adobe
    2010-10-25 23:33 . 2010-10-25 23:33 -------- d-----w- C:\CPQSYSTEM
    2010-10-25 22:39 . 2010-10-25 22:39 -------- d-----w- c:\users\Administrator\AppData\Local\Google

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-07 16:04 . 2010-04-16 23:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-19 20:51 . 2010-02-22 15:23 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-13 13:56 . 2010-10-13 18:30 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-09-08 17:17 . 2010-09-08 17:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 17:17 . 2010-09-08 17:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-08 06:01 . 2010-10-13 18:30 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57 . 2010-10-13 18:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 05:57 . 2010-10-13 18:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:56 . 2010-10-13 18:30 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-09-08 05:56 . 2010-10-13 18:30 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-09-08 05:04 . 2010-10-13 18:30 385024 ----a-w- c:\windows\system32\html.iec
    2010-09-08 04:26 . 2010-10-13 18:30 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-09-08 04:25 . 2010-10-13 18:29 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-06 16:20 . 2010-10-13 18:30 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-09-06 16:19 . 2010-10-13 18:30 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-09-06 13:45 . 2010-10-13 18:30 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-09-06 13:45 . 2010-10-13 18:30 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-09-06 13:45 . 2010-10-13 18:30 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-08-31 15:46 . 2010-10-13 18:29 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-08-31 15:46 . 2010-10-13 18:29 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-08-31 15:44 . 2010-10-13 18:29 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-31 13:27 . 2010-10-13 18:29 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-08-26 16:37 . 2010-10-13 18:30 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-26 16:33 . 2010-10-27 15:15 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 16:33 . 2010-10-27 15:15 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2010-08-26 16:33 . 2010-10-27 15:15 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2010-08-26 16:33 . 2010-10-27 15:15 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2010-08-20 16:05 . 2010-10-13 18:29 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-08-17 14:11 . 2010-09-16 03:27 128000 ----a-w- c:\windows\system32\spoolsv.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "WindowsWelcomeCenter "= "oobefldr.dll" [2009-04-11 2153472]
    "ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-27 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CCUTRAYICON "= "c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
    "dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
    "ECenter "= "c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
    "IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
    "ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
    "NMSSupport "= "c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
    "RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
    "DMXLauncher "= "c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
    "shawnotify "= "c:\progra~1\shaw\update\siuloader.exe" [2009-05-11 378152]
    "DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-10-03 221184]
    "AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
    "WPCUMI "= "c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "F-Secure Manager "= "c:\program files\Shaw Secure\Common\FSM32.EXE" [2009-08-05 199264]
    "F-Secure TNB "= "c:\program files\Shaw Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office Shortcut Bar.lnk - c:\program files\Microsoft Office\Office\MSOFFICE.EXE [1997-7-11 333824]
    Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-11 51984]
    Shaw Support.lnk - c:\program files\shaw\bin\shawsupport.exe [2009-7-30 1291624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux3 "=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring "=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 136176]
    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
    R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
    R2 SessionLauncher;SessionLauncher;c:\users\Glen\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]
    R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]
    S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-11-13 41624]
    S1 c2scsi;c2scsi;c:\windows\system32\DRIVERS\c2scsi.sys [2007-08-18 252152]
    S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Shaw Secure\HIPS\drivers\fshs.sys [2009-08-05 68064]
    S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2009-08-05 35680]
    S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-08-05 71040]
    S1 fsvista;F-Secure Vista Support Driver;c:\program files\Shaw Secure\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384]
    S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
    S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2009-02-28 2560]
    S2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
    S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
    S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
    S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys [2010-11-13 124072]
    S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Shaw Secure\ORSP Client\fsorsp.exe [2009-08-05 55904]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - mfeavfk
    *Deregistered* - mfebopk
    *Deregistered* - mferkdk
    *Deregistered* - mfesmfk
    *Deregistered* - MPFP

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 14:17]

    2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 14:17]

    2010-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1768912833-1729506590-1983972597-1002Core.job
    - c:\users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-27 13:02]

    2010-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1768912833-1729506590-1983972597-1002UA.job
    - c:\users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-27 13:02]

    2010-11-14 c:\windows\Tasks\User_Feed_Synchronization-{526C3451-169A-4750-8C01-9B9FBEFA2F16}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]

    2010-11-14 c:\windows\Tasks\User_Feed_Synchronization-{7F7E11DC-F562-4DC4-A6C7-0BF09D56AFA5}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]

    2010-11-14 c:\windows\Tasks\User_Feed_Synchronization-{C45246AB-9E2B-4FA3-8A03-B8C11C34AE5D}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]

    2010-11-14 c:\windows\Tasks\User_Feed_Synchronization-{EE6C01A2-861E-42A6-BE24-5F7EEE619403}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=5070803
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    LSP: c:\program files\Shaw Secure\FSPS\program\FSLSP.DLL
    Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-14 14:39
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,7b,63,f5,bd,f6,88,4c,91,83,c9,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,7b,63,f5,bd,f6,88,4c,91,83,c9,\

    [HKEY_USERS\S-1-5-21-1768912833-1729506590-1983972597-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,4d,bb,98,da,23,a6,42,af,8b,dc,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,4d,bb,98,da,23,a6,42,af,8b,dc,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(720)
    c:\program files\shaw secure\hips\fshook32.dll

    - - - - - - - > 'lsass.exe'(640)
    c:\program files\shaw secure\hips\fshook32.dll

    - - - - - - - > 'Explorer.exe'(4236)
    c:\program files\shaw secure\hips\fshook32.dll
    c:\program files\Shaw Secure\Spam Control\fsscoepl.dll
    c:\program files\Roxio\Drag-to-Disc\Shellex.dll
    c:\windows\system32\DLAAPI_W.DLL
    c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Intel\IntelDH\CCU\AlertService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Shaw Secure\Anti-Virus\fsgk32st.exe
    c:\program files\Shaw Secure\Anti-Virus\FSGK32.EXE
    c:\program files\Shaw Secure\Common\FSMA32.EXE
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\program files\Shaw Secure\Common\FSHDLL32.EXE
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Shaw Secure\FWES\Program\fsdfwd.exe
    c:\program files\Shaw Secure\Anti-Virus\fssm32.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    c:\program files\Shaw Secure\Anti-Virus\fsav32.exe
    c:\program files\Intel\IntelDH\CCU\CCU_Engine.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2010-11-14 14:49:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-11-14 21:49
    ComboFix2.txt 2010-11-14 20:43

    Pre-Run: 116,491,141,120 bytes free
    Post-Run: 116,305,915,904 bytes free

    - - End Of File - - 85530B557313E8364A2B056A20998133
     
    Belzenfyfer,
    #7
  9. 2010/11/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #8
  10. 2010/11/14
    Belzenfyfer

    Belzenfyfer Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    14
    Likes Received:
    0
    Computer appears okay although I am using sparingly until cleaned.
    Here is OTL.txt (1 of 2)
    OTL logfile created on: 11/14/2010 6:04:39 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Administrator\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 455.72 Gb Total Space | 108.09 Gb Free Space | 23.72% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 3.55 Gb Free Space | 35.47% Space Free | Partition Type: NTFS
    Drive E: | 1.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: HOME-PC | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/14 18:01:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    PRC - [2010/11/13 14:51:50 | 000,365,248 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
    PRC - [2010/09/28 09:28:38 | 001,291,624 | ---- | M] (Shaw Communications) -- C:\Program Files\shaw\bin\shawsupport.exe
    PRC - [2010/09/27 07:17:31 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2009/08/05 08:59:26 | 000,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
    PRC - [2009/08/05 08:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Common\FSMA32.EXE
    PRC - [2009/08/05 08:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Common\FSM32.EXE
    PRC - [2009/08/05 08:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Common\FSHDLL32.EXE
    PRC - [2009/08/05 08:57:20 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\FWES\program\fsdfwd.exe
    PRC - [2009/08/05 08:56:10 | 000,585,312 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
    PRC - [2009/08/05 08:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
    PRC - [2009/08/05 08:56:08 | 000,463,968 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32.exe
    PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/27 21:50:09 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
    PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2007/08/24 14:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
    PRC - [2007/08/24 14:52:42 | 000,240,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
    PRC - [2007/08/24 14:52:38 | 001,083,888 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    PRC - [2007/08/24 14:52:02 | 000,018,928 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
    PRC - [2007/08/14 02:44:38 | 000,113,136 | ---- | M] () -- C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
    PRC - [2006/11/18 05:01:42 | 000,182,744 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
    PRC - [2006/11/18 05:01:32 | 000,272,856 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
    PRC - [2006/11/18 05:01:26 | 000,195,032 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
    PRC - [2006/11/02 05:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
    PRC - [2006/10/29 07:03:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    PRC - [2006/09/29 10:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2006/09/29 10:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2006/09/26 08:56:00 | 000,423,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
    PRC - [2006/09/11 03:40:34 | 000,086,960 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    PRC - [1997/07/11 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/11/14 18:01:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    MOD - [2009/08/05 08:59:08 | 000,256,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Spam Control\fsscoepl.dll
    MOD - [2009/08/05 08:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\shaw secure\hips\fshook32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Users\Glen\AppData\Local\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)
    SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/08/05 08:59:26 | 000,055,904 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
    SRV - [2009/08/05 08:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Shaw Secure\Common\FSMA32.EXE -- (FSMA)
    SRV - [2009/08/05 08:57:20 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
    SRV - [2009/08/05 08:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
    SRV - [2009/02/27 21:50:09 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
    SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
    SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/08/24 14:53:16 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
    SRV - [2007/08/24 14:53:14 | 000,072,176 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
    SRV - [2007/08/24 14:52:48 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
    SRV - [2007/08/24 14:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
    SRV - [2007/08/24 14:52:38 | 001,083,888 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
    SRV - [2007/03/19 10:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2006/11/18 05:01:26 | 000,195,032 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R)
    SRV - [2006/11/18 05:00:48 | 000,550,872 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)
    SRV - [2006/11/18 05:00:06 | 000,174,552 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)
    SRV - [2006/11/18 04:59:38 | 000,081,880 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R)
    SRV - [2006/11/18 04:59:02 | 000,032,216 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)
    SRV - [2006/10/29 07:03:30 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
    SRV - [2006/09/29 10:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\jl2005c.sys -- (JL2005C)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2010/11/13 14:52:02 | 000,041,624 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\fsbts.sys -- (fsbts)
    DRV - [2010/11/13 10:56:17 | 000,124,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
    DRV - [2010/03/24 04:23:16 | 011,614,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/08/05 08:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
    DRV - [2009/08/05 08:57:20 | 000,071,040 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW)
    DRV - [2009/08/05 08:57:12 | 000,035,680 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fses.sys -- (FSES)
    DRV - [2009/08/05 08:56:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Shaw Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
    DRV - [2009/08/05 08:56:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Shaw Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
    DRV - [2009/08/05 08:56:12 | 000,012,384 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
    DRV - [2009/04/10 21:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/01/18 22:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
    DRV - [2008/01/18 21:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2007/08/18 02:09:04 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
    DRV - [2007/08/18 00:34:34 | 000,252,152 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\C2SCSI.SYS -- (c2scsi)
    DRV - [2007/05/06 17:12:02 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/02/25 10:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2007/02/21 12:49:47 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2007/02/21 12:49:47 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2007/02/21 12:49:47 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2007/02/09 11:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2007/02/08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2007/02/08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2007/01/05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2007/01/05 22:59:34 | 000,086,096 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce(tm)
    DRV - [2006/11/18 05:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\tshwmdtcp.sys -- (TSHWMDTCP)
    DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1g60i32.sys -- (E1G60) Intel(R)
    DRV - [2006/10/26 15:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
    DRV - [2006/10/26 15:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2006/10/26 15:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2006/10/26 15:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2006/10/26 15:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2006/10/26 15:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2006/10/26 15:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2006/10/26 15:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2006/10/19 13:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
    DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\dsproct.sys -- (DSproct)
    DRV - [2006/09/29 12:59:58 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
    DRV - [2006/09/27 14:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro)
    DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2006/07/05 05:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
    DRV - [2006/06/14 07:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=5070803
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{A762F017-B909-49D9-8593-27D97072B381}: C:\Windows\system32\config\systemprofile\AppData\Local\{A762F017-B909-49D9-8593-27D97072B381}\ [2010/11/02 19:06:09 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Shaw Secure\NRS\litmus-ff@f-secure.com [2010/11/13 10:46:20 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2010/11/14 14:38:54 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Shaw Secure\NRS\iescript\BaseLitmus.dll (F-Secure Corporation)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Shaw Secure\NRS\iescript\BaseLitmus.dll (F-Secure Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe ()
    O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
    O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
    O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Shaw Secure\Common\FSM32.EXE (F-Secure Corporation)
    O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
    O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
    O4 - HKLM..\Run: [shawnotify] c:\Program Files\shaw\Update\siuloader.exe (Shaw Cablesystems)
    O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Shaw Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
    O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: VIDC.JDCT - jl_jdct.drv File not found
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP62 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/14 18:00:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    [2010/11/14 14:50:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\F-Secure
    [2010/11/14 14:49:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/11/14 14:23:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/11/14 13:25:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/11/14 13:25:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/11/14 13:25:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/11/14 13:25:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/11/14 13:24:58 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/11/14 12:34:51 | 001,330,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\TDSSKiller.exe
    [2010/11/14 12:34:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WinRAR
    [2010/11/13 20:13:42 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2010/11/13 14:55:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
    [2010/11/13 14:55:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/11/13 14:55:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/11/13 14:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/13 14:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/11/13 10:46:40 | 000,035,680 | ---- | C] (F-Secure Corporation) -- C:\Windows\System32\drivers\fses.sys
    [2010/11/13 10:46:31 | 000,071,040 | ---- | C] (F-Secure Corporation) -- C:\Windows\System32\drivers\fsdfw.sys
    [2010/11/12 16:11:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
    [2010/11/11 21:14:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2.bak
    [2010/11/11 20:50:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple
    [2010/11/07 16:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2010/11/07 16:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/10/31 12:03:09 | 000,438,272 | ---- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll
    [2010/10/31 12:03:08 | 000,327,680 | ---- | C] (On2.com Inc.) -- C:\Windows\System32\vp6dec.ax
    [2010/10/31 12:03:08 | 000,118,832 | ---- | C] (MicroQuill Software Publishing, Inc.) -- C:\Windows\System32\SHW32.DLL
    [2010/10/29 19:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\EA SPORTS
    [2010/10/25 20:48:44 | 000,000,000 | ---D | C] -- C:\Windows\UfdApp
    [2010/10/25 20:42:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
    [2010/10/25 18:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010/10/25 16:33:49 | 000,000,000 | ---D | C] -- C:\CPQSYSTEM
    [2010/10/25 15:45:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
    [2010/10/25 15:39:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Google
    [2010/10/25 15:39:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google

    ========== Files - Modified Within 30 Days ==========

    [2010/11/14 18:06:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7F7E11DC-F562-4DC4-A6C7-0BF09D56AFA5}.job
    [2010/11/14 18:04:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C45246AB-9E2B-4FA3-8A03-B8C11C34AE5D}.job
    [2010/11/14 18:03:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE6C01A2-861E-42A6-BE24-5F7EEE619403}.job
    [2010/11/14 18:01:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    [2010/11/14 17:27:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/14 17:18:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1768912833-1729506590-1983972597-1002UA.job
    [2010/11/14 16:53:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/14 16:53:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/14 14:58:10 | 000,632,064 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/11/14 14:58:10 | 000,118,844 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/11/14 14:54:20 | 000,142,901 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2010/11/14 14:54:19 | 000,142,901 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2010/11/14 14:54:10 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/14 14:53:52 | 000,001,473 | -HS- | M] () -- C:\Windows\System32\mmf.sys
    [2010/11/14 14:53:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/14 14:38:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/11/14 13:21:21 | 003,909,871 | R--- | M] () -- C:\Users\Administrator\Desktop\ComboFix.exe
    [2010/11/14 12:34:15 | 001,215,581 | ---- | M] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
    [2010/11/14 12:32:32 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{526C3451-169A-4750-8C01-9B9FBEFA2F16}.job
    [2010/11/13 16:11:57 | 000,630,272 | ---- | M] () -- C:\Users\Administrator\Desktop\dds.scr
    [2010/11/13 15:37:23 | 000,000,500 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\m2xkt5zi.exe - Shortcut.lnk
    [2010/11/13 15:32:45 | 143,155,587 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/11/13 15:24:50 | 000,296,448 | ---- | M] () -- C:\Users\Administrator\Desktop\m2xkt5zi.exe
    [2010/11/13 14:55:29 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/13 14:52:02 | 000,041,624 | ---- | M] () -- C:\Windows\System32\drivers\fsbts.sys
    [2010/11/13 10:48:35 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\Shaw Secure.lnk
    [2010/11/13 09:18:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1768912833-1729506590-1983972597-1002Core.job
    [2010/11/12 19:41:52 | 333,824,316 | ---- | M] () -- C:\Users\Administrator\Desktop\11-12-10 Registry backup.reg
    [2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\TDSSKiller.exe
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
    [2010/11/07 16:41:33 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2010/11/07 08:39:50 | 000,001,751 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Shaw Support.lnk
    [2010/11/07 08:39:50 | 000,000,835 | ---- | M] () -- C:\Users\Public\Desktop\Shaw Support.lnk
    [2010/10/29 19:51:02 | 000,000,935 | ---- | M] () -- C:\Users\Administrator\Desktop\TigerWoods99 PGA TOUR.lnk
    [2010/10/25 18:12:26 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

    ========== Files Created - No Company Name ==========

    [2010/11/14 13:25:34 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/11/14 13:25:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/11/14 13:25:34 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/11/14 13:25:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/11/14 13:25:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/11/14 13:21:15 | 003,909,871 | R--- | C] () -- C:\Users\Administrator\Desktop\ComboFix.exe
    [2010/11/14 12:34:13 | 001,215,581 | ---- | C] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
    [2010/11/13 16:18:03 | 000,630,272 | ---- | C] () -- C:\Users\Administrator\Desktop\dds.scr
    [2010/11/13 15:37:23 | 000,000,500 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\m2xkt5zi.exe - Shortcut.lnk
    [2010/11/13 15:24:33 | 000,296,448 | ---- | C] () -- C:\Users\Administrator\Desktop\m2xkt5zi.exe
    [2010/11/13 15:18:37 | 143,155,587 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/11/13 14:55:29 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/13 10:48:35 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\Shaw Secure.lnk
    [2010/11/13 10:46:54 | 000,041,624 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
    [2010/11/12 19:41:29 | 333,824,316 | ---- | C] () -- C:\Users\Administrator\Desktop\11-12-10 Registry backup.reg
    [2010/10/29 19:51:02 | 000,000,935 | ---- | C] () -- C:\Users\Administrator\Desktop\TigerWoods99 PGA TOUR.lnk
    [2010/10/25 18:12:26 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/10/23 12:49:32 | 000,000,424 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE6C01A2-861E-42A6-BE24-5F7EEE619403}.job
    [2010/09/27 07:19:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/07/06 17:16:25 | 000,142,901 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2010/07/06 17:10:07 | 000,142,901 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2010/03/14 09:15:59 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
    [2009/08/07 19:41:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/06/05 16:48:35 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2009/06/05 16:48:34 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/06/05 16:48:15 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/03/07 10:46:30 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
    [2009/03/07 10:46:29 | 000,000,957 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2009/03/07 10:46:29 | 000,000,611 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009/02/27 21:50:10 | 000,001,473 | -HS- | C] () -- C:\Windows\System32\mmf.sys
    [2009/02/27 21:50:09 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
    [2008/11/02 18:51:54 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
    [2008/09/16 00:26:05 | 000,027,650 | ---- | C] () -- C:\Windows\System32\eyunwun.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
    [2008/04/20 19:21:13 | 000,072,192 | ---- | C] () -- C:\Windows\System32\zlib.dll
    [2008/04/07 17:59:11 | 000,000,655 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2008/03/02 16:31:43 | 000,000,000 | ---- | C] () -- C:\Windows\SETUP32.INI
    [2008/01/01 15:23:54 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
    [2008/01/01 15:23:54 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
    [2008/01/01 15:23:54 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
    [2007/12/23 18:31:03 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
    [2007/10/15 17:53:32 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
    [2007/10/15 17:53:31 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
    [2007/09/04 17:43:15 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
    [2007/09/01 11:07:22 | 000,001,039 | ---- | C] () -- C:\Windows\disney.ini
    [2007/08/21 12:22:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 01:30:49 | 000,021,506 | ---- | C] () -- C:\Windows\System32\pregwin.dll
    [2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/09/16 21:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/09/16 21:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2006/06/23 07:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
    [2004/01/30 14:07:46 | 000,245,408 | ---- | C] () -- C:\Windows\System32\unicows.dll
    [1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
    [1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
    [1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

    ========== LOP Check ==========

    [2010/04/27 10:00:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BitZipper
    [2010/11/14 14:50:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\F-Secure
    [2010/11/14 14:52:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/11/14 12:32:32 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{526C3451-169A-4750-8C01-9B9FBEFA2F16}.job
    [2010/11/14 18:06:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7F7E11DC-F562-4DC4-A6C7-0BF09D56AFA5}.job
    [2010/11/14 18:04:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C45246AB-9E2B-4FA3-8A03-B8C11C34AE5D}.job
    [2010/11/14 18:03:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EE6C01A2-861E-42A6-BE24-5F7EEE619403}.job
     
    Belzenfyfer,
    #9
  11. 2010/11/14
    Belzenfyfer

    Belzenfyfer Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    14
    Likes Received:
    0
    OTL.txt (2 of 2)
    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/12/29 08:57:39 | 000,000,035 | ---- | M] () -- C:\aa.txt
    [2009/04/19 09:34:27 | 000,001,752 | ---- | M] () -- C:\aaw7boot.log
    [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/01/07 02:26:49 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2010/11/14 14:50:02 | 000,019,812 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2007/08/03 07:41:04 | 000,004,347 | RH-- | M] () -- C:\dell.sdr
    [2008/01/07 01:53:06 | 2145,308,672 | -HS- | M] () -- C:\hiberfil.sys
    [2007/09/05 08:36:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2007/09/05 08:36:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/11/14 14:53:34 | 2459,136,000 | -HS- | M] () -- C:\pagefile.sys
    [2010/11/14 12:36:02 | 000,061,856 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_14.11.2010_12.35.16_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/09/23 20:17:21 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/01/19 00:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 17:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/09/20 02:32:13 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/07 02:26:18 | 006,610,944 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/07 02:26:16 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/07 02:26:18 | 000,024,576 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2008/01/07 02:26:24 | 015,572,992 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2008/01/07 02:26:26 | 006,041,600 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/03/20 08:37:59 | 000,000,221 | -HS- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/14 13:21:21 | 003,909,871 | R--- | M] () -- C:\Users\Administrator\Desktop\ComboFix.exe
    [2010/11/13 15:24:50 | 000,296,448 | ---- | M] () -- C:\Users\Administrator\Desktop\m2xkt5zi.exe
    [2010/11/14 18:01:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    [2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/03/20 08:27:57 | 000,000,402 | -HS- | M] () -- C:\Users\Administrator\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2008/04/07 18:01:19 | 000,000,655 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2010/11/14 14:54:19 | 000,142,901 | ---- | M] () -- C:\ProgramData\nvModes.001

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >
     
    Belzenfyfer,
    #10
  12. 2010/11/14
    Belzenfyfer

    Belzenfyfer Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    14
    Likes Received:
    0
    Extras.txt
    OTL Extras logfile created on: 11/14/2010 6:04:39 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Administrator\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 455.72 Gb Total Space | 108.09 Gb Free Space | 23.72% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 3.55 Gb Free Space | 35.47% Space Free | Partition Type: NTFS
    Drive E: | 1.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: HOME-PC | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
    "C:\Windows\TEMP\xitb.exe" = C:\Windows\TEMP\xitb.exe:*:Enabled:mad:xpsp2res.dll,-22019 -- File not found
    "C:\cleansweep.exe\cleansweep.exe" = C:\cleansweep.exe\cleansweep.exe:*:Enabled:mad:xpsp2res.dll,-22019 -- File not found


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{354562C1-DD3F-402B-9D7B-60FC87775953}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
    "{88B4E98D-9494-4787-B2DF-530DD28BAE22}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
    "{B65798E8-1648-4C58-8E20-6CB89F5CA369}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
    "{C69D49E1-E4D3-4C75-AA19-87D5951A6EE3}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
    "{CF757B99-5FAF-4BE6-A727-23BC8D0B45C2}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
    "{F4128C1C-3CF4-4832-AEA2-5019B67E5CA3}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1EE61BD3-0012-4934-8D65-AC3543866C96}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{30CF4812-32E3-485C-AC6F-DABFFE74D0DE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{5CA9E7CD-70D0-46CF-9205-C2DFBFE80029}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
    "{5F2BFBB5-A4A1-4934-ABDE-BBD01E42B5F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{71711555-3711-4C03-8288-F36FD3D4FEF3}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
    "{79E7F5F7-E034-4C93-8A89-2CB3333F9CA1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{7B468A6C-0139-4E83-A8DC-BC8D6D545D7D}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{853B005A-668E-424A-A68A-A31F19047ECA}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
    "{97AA2D3D-AA4F-48CC-8039-A526ECF352BF}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{998675EF-7CC9-44B8-BFFA-591A116BED93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A519089D-6307-4519-B5AF-D66A5008C050}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
    "{AE2C4156-AD7A-427E-AB2B-2D6E8F4CF792}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AEB57940-4E6F-4B3A-9E12-E92F50FF0A05}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{BD851858-291D-4D2E-8DC4-0C0BB721A42B}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{CA610DEE-D282-4567-8676-41E51AC79441}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{D4A9260A-9D0A-43D6-A8A8-F4C4627F8FB1}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{DD6BBB46-A308-411E-9FF3-A30BEC8EE4F5}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
    "{FBB11F83-7AFD-4C19-B2CE-6D357FA7CC15}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
    "{FD953AE6-BCEA-4BAB-A051-47D5F9C1005D}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
    "TCP Query User{0DA6ABEC-A58F-44FF-A73A-B92F6528D3BF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{1E0CD906-FAEC-4640-8DFF-F45A899A9CBB}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
    "TCP Query User{2F6F334D-74DD-4696-9257-F32A0A77C311}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
    "TCP Query User{941F40B2-BC7D-4029-8434-BE0CB09234E8}C:\users\glen\desktop\movies\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\glen\desktop\movies\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe |
    "TCP Query User{97DAA818-A6E2-4A90-B6CF-25C9E7BD9E32}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "TCP Query User{E9C2CF40-74B6-400B-A831-8804E385EB71}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "UDP Query User{00EF0EDC-6754-4B7B-9357-9418858BB073}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
    "UDP Query User{10A2F79C-71AF-4471-9A0E-958F11888D02}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "UDP Query User{6032F47B-FDFE-4CAC-B65C-C8F8D7ECFC9D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{79C8FA10-9EB1-40C4-86C7-BA5717195E8B}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
    "UDP Query User{9F1126E2-8820-464A-825C-64D3AA830762}C:\users\glen\desktop\movies\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\glen\desktop\movies\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe |
    "UDP Query User{B3444DFA-F4B3-4213-8F7D-4144AE21497D}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}" = QuickTax 2007
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{26C610BF-761B-4209-BD6A-A0F1B73D6DDE}" = Intel(R) Viiv(TM) Software
    "{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
    "{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{3E67A8DA-FE7B-4160-8465-F5571EA18753}" = Roxio Disc Gallery
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
    "{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
    "{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
    "{72E3FF67-450F-4ADD-99A7-4147780F6C7B}_is1" = Shaw Support 3.3.2
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A9A1828-31D1-4590-A99F-022B7237AFAE}" = Roxio MediaShare
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}" = Roxio Easy Media Creator 10 Suite
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
    "{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
    "{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
    "{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "CutePDF Writer Installation" = CutePDF Writer 2.8
    "ExpressBurn" = Express Burn
    "ffdshow_is1" = ffdshow [rev 2844] [2009-03-30]
    "Freelancer 1.0" = Freelancer
    "F-Secure Product 444" = Shaw Secure
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "ImgBurn" = ImgBurn
    "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "Intel(R) Configuration Center" = Intel(R) Viiv(TM) Software
    "InterActual Player" = InterActual Player
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "Office8.0" = Microsoft Office 97, Professional Edition
    "Out of the Park Baseball9" = Out of the Park Baseball 9
    "Shaw Internet Update_is1" = Shaw Internet Update 3.2.2
    "WinRAR archiver" = WinRAR archiver
    "XiphQT" = Xiph QuickTime Components
    "Xvid_is1" = Xvid 1.2.1 final uninstall

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/13/2010 6:40:03 PM | Computer Name = Home-PC | Source = Perflib | ID = 1008
    Description =

    Error - 11/13/2010 6:40:03 PM | Computer Name = Home-PC | Source = Perflib | ID = 1010
    Description =

    Error - 11/13/2010 6:40:04 PM | Computer Name = Home-PC | Source = PerfNet | ID = 2004
    Description =

    Error - 11/13/2010 6:40:04 PM | Computer Name = Home-PC | Source = PerfNet | ID = 2002
    Description =

    Error - 11/13/2010 7:24:22 PM | Computer Name = Home-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.6001.18975 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: be4 Start Time: 01cb8389b20de4c1 Termination Time: 15

    Error - 11/13/2010 10:11:04 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
    0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
    exception code 0xc0000005, fault offset 0x0004714e, process id 0x478, application
    start time 0x01cb83956e8403b5.

    Error - 11/13/2010 11:23:47 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application MSOFFICE.EXE, version 8.0.0.3512, time stamp
    0x3287ddb4, faulting module MSOFFICE.EXE, version 8.0.0.3512, time stamp 0x3287ddb4,
    exception code 0xc0000005, fault offset 0x0000acfd, process id 0x10cc, application
    start time 0x01cb83ab57080572.

    Error - 11/14/2010 3:29:59 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 11/14/2010 3:29:59 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 50053030

    Error - 11/14/2010 3:29:59 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 50053030

    [ Media Center Events ]
    Error - 5/23/2008 6:21:59 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/25/2008 5:42:28 AM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/25/2008 7:25:42 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/29/2008 12:41:38 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 6/3/2008 1:01:28 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 6/8/2008 1:36:58 AM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 8/25/2008 2:04:01 AM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/28/2008 11:15:27 AM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 3/28/2009 1:46:56 AM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 6/5/2009 3:31:43 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ OSession Events ]
    Error - 10/2/2007 12:20:23 AM | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 198
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 11/14/2010 5:39:27 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 11/14/2010 5:39:27 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 11/14/2010 5:39:27 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 11/14/2010 5:39:27 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 11/14/2010 5:43:25 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7022
    Description =

    Error - 11/14/2010 5:55:09 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/14/2010 5:55:09 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 11/14/2010 5:55:09 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 11/14/2010 5:55:09 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 11/14/2010 5:55:09 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
    Description =


    < End of report >
     
    Belzenfyfer,
    #11
  13. 2010/11/14
    Belzenfyfer

    Belzenfyfer Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    14
    Likes Received:
    0
    broni,
    I just notice an icon for new updates from microsoft update. Please advise if I am okay to proceed with the update?
     
    Belzenfyfer,
    #12
  14. 2010/11/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You should be OK with Windows updates right now.
    Also let me know, if you can update your AV program now.

    I'm looking through your last logs...
     
    broni,
    #13
  15. 2010/11/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    We need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ================================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/11/07 16:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/11/07 16:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #14
  16. 2010/11/14
    Belzenfyfer

    Belzenfyfer Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    14
    Likes Received:
    0
    Windows and AV appear to update normally.
    JavaRa downloaded and older versions removed.
    New log after running OTL "run Fix ";
    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    C:\ProgramData\Alwil Software\Avast5\log folder moved successfully.
    C:\ProgramData\Alwil Software\Avast5 folder moved successfully.
    C:\ProgramData\Alwil Software folder moved successfully.
    C:\Program Files\Alwil Software\Avast5\Setup folder moved successfully.
    C:\Program Files\Alwil Software\Avast5\DATA\report folder moved successfully.
    C:\Program Files\Alwil Software\Avast5\DATA\moved folder moved successfully.
    C:\Program Files\Alwil Software\Avast5\DATA\log folder moved successfully.
    C:\Program Files\Alwil Software\Avast5\DATA\journal folder moved successfully.
    C:\Program Files\Alwil Software\Avast5\DATA\integ folder moved successfully.
    C:\Program Files\Alwil Software\Avast5\DATA\fw folder moved successfully.
    C:\Program Files\Alwil Software\Avast5\DATA\chest folder moved successfully.
    C:\Program Files\Alwil Software\Avast5\DATA\backup folder moved successfully.
    C:\Program Files\Alwil Software\Avast5\DATA folder moved successfully.
    C:\Program Files\Alwil Software\Avast5 folder moved successfully.
    C:\Program Files\Alwil Software folder moved successfully.
    ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 85306 bytes
    ->Temporary Internet Files folder emptied: 9474315 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Donna
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 5608588 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Glen
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: IUSR_NMPR
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Marley
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Victoria
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3615 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 14.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Donna
    ->Flash cache emptied: 0 bytes

    User: Glen
    ->Flash cache emptied: 0 bytes

    User: IUSR_NMPR

    User: Marley
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Victoria
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11142010_201150

    Files\Folders moved on Reboot...
    C:\Windows\temp\JET14B8.tmp moved successfully.
    C:\Windows\temp\JETF7A.tmp moved successfully.
    File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
    Belzenfyfer,
    #15
  17. 2010/11/14
    Belzenfyfer

    Belzenfyfer Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    14
    Likes Received:
    0
    Security Check log;
    Results of screen317's Security Check version 0.99.5
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Disabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 9.4.0
    Chinese Traditional Fonts Support For Adobe Reader 9
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Shaw Secure Anti-Virus fsgk32st.exe
    Shaw Secure Anti-Virus FSGK32.EXE
    Shaw Secure Anti-Virus fssm32.exe
    Shaw Secure Anti-Virus fsav32.exe
    ````````````````````````````````
    DNS Vulnerability Check:
    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
    Belzenfyfer,
    #16
  18. 2010/11/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good news :)

    Go on...
     
    broni,
    #17
  19. 2010/11/15
    Belzenfyfer

    Belzenfyfer Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    14
    Likes Received:
    0
    ESET scan completed with no infected files. However, I decided to complete a full system scan overnight using Shaw Secure (F-Secure) and it came back with 3 viruses and 1 spyware. I am given the option to select;
    Automatic cleaning (recommended)
    I want to decide by item.
    When I select "decide by item" I can see the 3 viruses;
    Objects
    Autorun.exe, Autorun.exe and TigerWoods PGA Tour 2008.rar
    Infection for all 3 is
    Trojan.Generic.4990227
    Action
    For the first autorun it states "none" and the reason given is that the infected file is inside an archive (such as a zip file) and cannot be processed automatically.

    This zip file can be deleted with no loss to me.

    I should state that I have not taken any action with Shaw Secure until I hear from you.
     
    Last edited: 2010/11/15
    Belzenfyfer,
    #18
  20. 2010/11/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Before I advice, I'd like to see files locations.
    You can also upload all three files to http://www.virustotal.com/
    They accept files up to 2MB, so that rar file probably won't go.
    If it was downloaded through some torrent, you better delete it.

    Other, than that....

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
    broni,
    #19
  21. 2010/11/15
    Belzenfyfer

    Belzenfyfer Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    14
    Likes Received:
    0
    broni,
    I left the AV scan alone and when i got back to the computer it had either taken corrective action or someone else in the household selected one of the options. Here is the report;
    Scanning Report
    14 November 2010 22:39:18 - 00:27:56
    Computer name: HOME-PC
    Scanning type: Full scan
    Target: C:\ D:\ + system + rootkits


    --------------------------------------------------------------------------------

    Result: 4 malware found
    Trojan.Generic.4990227 (virus)
    C:\Users\Glen\Desktop\Movies\Tiger Woods PGA Tour 2008\Tiger Woods PGA Tour 2008\AutoRun.exe Action: quarantined
    C:\Users\Glen\Desktop\Movies\Tiger Woods PGA Tour 2008.rar\Tiger Woods PGA Tour 2008\AutoRun.exe
    C:\Users\Glen\Desktop\Movies\Tiger Woods PGA Tour 2008.rar Action: deleted
    TrackingCookie.2o7 (Tracking cookie)
    Action: quarantined




    --------------------------------------------------------------------------------

    Statistics
    Scanned:
    Files: 76761
    Not scanned: 4
    Result:
    Viruses: 3
    Spyware: 1
    Suspicious items: 0
    Riskware: 0
    Actions:
    Disinfected: 0
    Renamed: 0
    Deleted: 1
    Quarantined: 2
    Failed: 0
    Boot Sectors:
    Scanned: 2
    Infected: 0
    Suspicious items: 0
    Disinfected: 0
    Files not scanned:
    Cannot open file (click here for more info) C:\PAGEFILE.SYS
    Cannot open file (click here for more info) C:\WINDOWS\SYSTEM32\MMF.SYS
    Cannot open a file in archive C:\Users\Glen\Desktop\Movies\Tiger Woods PGA Tour 2008.rar\Tiger Woods PGA Tour 2008\0compressed.zip
    Cannot open a file in archive C:\Users\Glen\Desktop\Movies\Tiger Woods PGA Tour 2008.rar\Tiger Woods PGA Tour 2008\0compressed.zip


    --------------------------------------------------------------------------------

    Options
    Definitions version:
    Viruses: 2010-11-15_06
    Spyware: 2010-11-15_06
    Scanning Engines:
    F-Secure Aquarius: 11.00.00, 2010-11-15
    F-Secure Hydra: 5.02.15, 2010-11-15
    F-Secure Gemini: 0.00.00, 0-00-00
    F-Secure BlackLight: 2.04.1099, 0-00-00
    Scanning options:
    Scan defined files: ANI ASP AX BAT BIN BOO CHM CMD COM CPL DLL DOC DOT DRV EML EXE HLP HTA HTM HTML HTT INF INI JOB JS JSE LNK LSP MDB MHT MPP MPT MSG MSO OCX PDF PHP PIF POT PPT RTF SCR SHS SWF SYS TD0 VBE VBS VXD WBK WMA WMV WMF WSC WSF WSH WRI XLS XLT XML ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
    Scan inside archives
    Actions:
    Viruses: Ask after scan
    Spyware: Ask after scan
    Show suspicious items after a full scan

    --------------------------------------------------------------------------------

    Error information
    "Cannot open file" error occurred:
    The "Cannot open file" error message means that the scanner was unable to open a file and that this file was not scanned. You can normally ignore this error message as there are many reasons for this message that do not imply a security threat, including:
    The file was a system file. System files are protected by the operation system by design. You can ignore this message in this case.
    You do not have permission to read the file. To scan the file, log in with a user account with sufficient permissions (for example the computer's administrator account) and rescan.
    The file was in use by an application when the scan was performed. To scan this file, close all applications and rescan.

    --------------------------------------------------------------------------------

    Copyright © 1998-2009 Product support | Send virus sample to F-Secure
    F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
     
    Belzenfyfer,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...