zube

Hi, Thanks again for the help. Here are the logs you requested. ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-11-05 02:43:19 # local_time=2009-11-05 09:43:19 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=5892 16776638 100 95 55622382 94027657 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16777214 75 74 12794830 24777493 0 0 # scanned=124880 # found=8 # cleaned=0 # scan_time=3248 C:\Program Files (x86)\Nero\Nero 9\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I F:\Junk\Keymaker09_DGN_CW.rar probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I F:\Junk\Nero-9.4.13.2d_trial.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I F:\Junk\SSoft.AD.AD.HD.v6.5.4.9.Final.Incl.KeY_cw.rar a variant of Win32/Injector.PV trojan 00000000000000000000000000000000 I F:\Junk\rar zip extractions\SetupAnyDVD6549.exe a variant of Win32/Injector.PV trojan 00000000000000000000000000000000 I F:\Junk\unzips\CS4ECK.rar probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I F:\Junk\unzips\CS4 Cracking Kit\adobe-master-cs4-keygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I F:\Temp\Keymaker09_DGN_CW\Keymaker09_DGN_CW\Nero 9 - Keymaker_DGN_CW\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-11-08 02:48:24 # local_time=2009-11-08 09:48:24 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=5892 16776638 100 95 55884859 94290134 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16777214 75 74 13057307 25039970 0 0 # scanned=3468 # found=0 # cleaned=0 # scan_time=276 # version=7 # iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-11-25 04:56:16 # local_time=2009-11-25 11:56:16 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=5892 16776638 100 95 57358906 95764181 0 0 # compatibility_mode=8192 67108863 100 0 818618 818618 0 0 # compatibility_mode=9217 16777214 75 74 14531354 26514017 0 0 # scanned=100381 # found=1 # cleaned=0 # scan_time=2700 C:\Program Files (x86)\Nero\Nero 9\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-02-26 02:15:34 # local_time=2010-02-26 09:15:34 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=5892 16776638 100 95 65381928 103787203 0 0 # compatibility_mode=8192 67108863 100 0 8841640 8841640 0 0 # compatibility_mode=9217 16777214 75 74 22554376 34537039 0 0 # scanned=130309 # found=4 # cleaned=0 # scan_time=5237 C:\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\52d131f4-3d2b91a5 multiple threats 00000000000000000000000000000000 I F:\Junk\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I F:\Junk\rar zip extractions\SetupAnyDVD6549.exe a variant of Win32/Injector.PV trojan 00000000000000000000000000000000 I F:\Temp\Keymaker09_DGN_CW\Keymaker09_DGN_CW\Nero 9 - Keymaker_DGN_CW\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-02-26 09:10:42 # local_time=2010-02-26 04:10:42 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=5892 16776638 100 95 65406756 103812031 0 0 # compatibility_mode=8192 67108863 100 0 8866468 8866468 0 0 # compatibility_mode=9217 16777214 75 74 22579204 34561867 0 0 # scanned=130181 # found=4 # cleaned=0 # scan_time=5317 C:\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\52d131f4-3d2b91a5 multiple threats 00000000000000000000000000000000 I F:\Junk\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I F:\Junk\rar zip extractions\SetupAnyDVD6549.exe a variant of Win32/Injector.PV trojan 00000000000000000000000000000000 I F:\Temp\Keymaker09_DGN_CW\Keymaker09_DGN_CW\Nero 9 - Keymaker_DGN_CW\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-06-04 11:13:05 # local_time=2010-06-04 07:13:05 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5892 16776638 100 45 73886830 112288517 0 0 # compatibility_mode=8192 67108863 100 0 17342954 17342954 0 0 # compatibility_mode=9217 16777214 75 74 31059290 43038353 0 0 # scanned=55231 # found=0 # cleaned=0 # scan_time=3373 ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-02 02:02:32 # local_time=2011-10-02 10:02:32 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 6619783 6619783 0 0 # compatibility_mode=5892 16776638 100 45 115759970 154161657 0 0 # compatibility_mode=8192 67108863 100 0 59216094 59216094 0 0 # compatibility_mode=9217 16777214 75 74 72932430 84911493 0 0 # scanned=39028 # found=0 # cleaned=0 # scan_time=1200 # version=7 # iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59 # end=stopped # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-12 10:33:22 # local_time=2011-10-12 06:33:22 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 7470432 7470432 0 0 # compatibility_mode=5892 16776638 100 45 116610619 155012306 0 0 # compatibility_mode=8192 67108863 100 0 60066743 60066743 0 0 # compatibility_mode=9217 16777214 75 74 73783079 85762142 0 0 # scanned=59685 # found=0 # cleaned=0 # scan_time=2002 # version=7 # iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-12 10:01:16 # local_time=2011-10-12 06:01:16 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 7508371 7508371 0 0 # compatibility_mode=5892 16776638 100 45 116648558 155050245 0 0 # compatibility_mode=8192 67108863 100 0 60104682 60104682 0 0 # compatibility_mode=9217 16777214 75 74 73821018 85800081 0 0 # scanned=170509 # found=2 # cleaned=2 # scan_time=5337 C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\DRMPadTray\rasMapppm.dll.vir a variant of Win32/Sefnit.BR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C F:\Temp\Keymaker09_DGN_CW\Keymaker09_DGN_CW\Nero 9 - Keymaker_DGN_CW\keymaker.exe probably a variant of Win32/Agent.KHBSUSP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C AND Results of screen317's Security Check version 0.99.24 Windows Vista x64 (UAC is enabled) Out of date service pack!! `````````````````````````````` Antivirus/Firewall Check: ESET Online Scanner v3 ZoneAlarm Pro WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware DH Driver Cleaner Professional Edition Java 6 Update 22 Out of date Java installed! Adobe Flash Player ( 10.2.153.1) Flash Player Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log```````````` No other issues for me. havent noticed any search results being hijacked, and as long as my logs are clear things seem to be ok.

hi screen317 Thank you for your help. Here are the logs you requested. ComboFix 11-10-09.01 - Mike 10/09/2011 6:50.2.8 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4853 [GMT -4:00] Running from: c:\users\Mike\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Mike\AppData\Local\DRMPadTray\rasMapppm.dll c:\users\Mike\karplayer.tmp . . ((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 ))))))))))))))))))))))))))))))) . . 2011-10-09 10:55 . 2011-10-09 10:55 -------- d-----w- c:\users\Ty\AppData\Local\temp 2011-10-03 11:50 . 2011-10-05 11:43 -------- d-----w- c:\users\Mike\AppData\Local\WinWebmon2 2011-10-02 09:58 . 2011-10-09 10:54 -------- d-----w- c:\users\Mike\AppData\Local\DRMPadTray 2011-09-10 17:18 . 2011-09-10 17:18 -------- d-----w- c:\users\Ty\AppData\Roaming\Unity 2011-09-10 17:07 . 2011-09-10 17:07 -------- d-----w- c:\users\Ty\AppData\Local\Unity . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-31 21:00 . 2010-06-12 01:14 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 15:34 . 2011-07-12 15:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll 2011-07-12 15:34 . 2011-07-12 15:34 212840 ----a-w- c:\windows\system32\dnssdX.dll 2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll 2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Reader Speed Launcher"="f:\program files\Adobe Reader\Reader\Reader_sl.exe" [2009-02-27 35696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . R3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [x] R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-06-01 1038088] R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 136176] R3 KodakSvc;Kodak AiO Device Service;c:\program files (x86)\Kodak\printer\center\KodakSvc.exe [2008-02-28 18944] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 27648] R3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [x] R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2011-10-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files (x86)\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20] . 2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 20:26] . 2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 20:26] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-12-26 6962208] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-26 1833504] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/ mLocal Page = %SystemRoot%\system32\blank.htm uInternet Settings,ProxyOverride = *.local IE: &Windows Live Search - c:\program files (x86)\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\wpclsp.dll TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} FF - Ext: Eraser: Eraser@vikram - %profile%\extensions\Eraser@vikram FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe Wow6432Node-HKCU-Run-rasMapppm - c:\users\Mike\AppData\Local\DRMPadTray\rasMapppm.dll WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Ashampoo Burning Studio 9_is1 - f:\program files\abs9\Ashampoo Burning Studio 9\unins000.exe AddRemove-EVPmaker_is1 - f:\evpmaker\unins000.exe AddRemove-Fraps - f:\program files\uninstall.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.032" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.abr" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ani" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.arw" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.bay" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.bmp" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.bw" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.cr2" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.crw" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.cs1" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.cur" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.dcr" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.dcx" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.dib" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.djv" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.djvu" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.dng" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.emf" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.eps" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.erf" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.fff" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.fpx" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.gif" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.hdr" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.icl" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.icn" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.iff" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ilbm" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.int" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.inta" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.iw4" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.j2c" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.j2k" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jbr" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jfif" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jif" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jp2" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpc" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpe" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpeg" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (S-1-5-21-4221219837-760294012-3936320173-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpg" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpk" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpx" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.kdc" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.lbm" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.mef" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.mos" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.mrw" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.nef" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.orf" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pbm" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pbr" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pcd" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-4221219837-760294012-3936320173-1000) "Progid"="ACDSee Photo Manager 2009.pct" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pcx" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pef" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pgm" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-4221219837-760294012-3936320173-1000) "Progid"="ACDSee Photo Manager 2009.pic" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-4221219837-760294012-3936320173-1000) "Progid"="ACDSee Photo Manager 2009.pict" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pix" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.png" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ppm" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.psd" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.psp" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pspbrush" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pspimage" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.raf" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ras" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.raw" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rgb" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rgba" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rle" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rsb" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.sgi" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.sr2" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.srf" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.tga" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.thm" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.tif" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.tiff" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ttc" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ttf" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.v11o" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.v11p" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.v11pf" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.wbm" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.wbmp" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.wmf" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.xbm" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.xif" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.xmp" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.xpm" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\SecuROM\License information*] "datasecu"=hex:f9,0a,95,2b,e9,d6,99,a4,55,d5,ef,b8,1e,45,d2,75,9c,0e,78,0b,15, 6a,46,84,b7,c1,93,3f,c3,76,01,d3,08,c0,a6,63,26,e2,f9,00,e0,34,d6,82,b0,46,\ "rkeysecu"=hex:a0,7f,4e,50,eb,62,92,f4,e8,ee,a7,ce,56,f4,e7,5a . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . Completion time: 2011-10-09 06:56:42 ComboFix-quarantined-files.txt 2011-10-09 10:56 . Pre-Run: 213,776,367,616 bytes free Post-Run: 213,741,764,608 bytes free . Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9 - - End Of File - - 56634917F73D7B34E8FFBB151077DE91 DDS Log . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22 Run by Mike at 6:57:32 on 2011-10-09 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4685 [GMT -4:00] . SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\Logitech\SetPointG\SetPointII.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\taskeng.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\RacAgent.exe C:\Windows\system32\lpremove.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe Reader\Reader\Reader_sl.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL LSP: C:\Windows\system32\wpclsp.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{2BE7AA77-CC2B-44E4-8AD0-656BC1044CC4} : DhcpNameServer = 75.75.76.76 75.75.75.75 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll BHO-X64: 0x1 - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe Reader\Reader\Reader_sl.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime IE-X64: {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\FFExternalAlert.dll FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - plugin: F:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll FF - plugin: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: F:\Program Files\Adobe Reader\Reader\browser\nppdf32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} FF - Ext: Eraser: Eraser@vikram - %profile%\extensions\Eraser@vikram FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} . ============= SERVICES / DRIVERS =============== . R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot64.sys --> C:\Windows\system32\drivers\pavboot64.sys [?] S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-4-9 89920] S3 copperhd;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys --> C:\Windows\system32\drivers\copperhd.sys [?] S3 cpuz132;cpuz132;\??\C:\Windows\system32\drivers\cpuz132_x64.sys --> C:\Windows\system32\drivers\cpuz132_x64.sys [?] S3 ENTECH64;ENTECH64;\??\C:\Windows\system32\DRIVERS\ENTECH64.sys --> C:\Windows\system32\DRIVERS\ENTECH64.sys [?] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-6-1 1038088] S3 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-28 136176] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-28 136176] S3 KodakSvc;Kodak AiO Device Service;C:\Program Files (x86)\Kodak\Printer\Center\KodakSvc.exe [2008-2-28 18944] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] . =============== Created Last 30 ================ . 2011-10-09 10:56:43 -------- d-----w- C:\Users\Mike\AppData\Local\temp 2011-10-09 10:48:58 98816 ----a-w- C:\Windows\sed.exe 2011-10-09 10:48:58 518144 ----a-w- C:\Windows\SWREG.exe 2011-10-09 10:48:58 256000 ----a-w- C:\Windows\PEV.exe 2011-10-09 10:48:58 208896 ----a-w- C:\Windows\MBR.exe 2011-10-03 11:50:17 -------- d-----w- C:\Users\Mike\AppData\Local\WinWebmon2 2011-10-02 09:58:38 -------- d-----w- C:\Users\Mike\AppData\Local\DRMPadTray . ==================== Find3M ==================== . 2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe 2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll 2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll 2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll 2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe 2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll 2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll 2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll . ============= FINISH: 6:57:43.17 ===============

Hi, thank you for your help.. here are the two logs requested, seems MBAM did find 3 problem area's that i let it remove, i will post the log before i let it remove the threats by rebooting. Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7875 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 10/5/2011 7:36:16 AM mbam-log-2011-10-05 (07-36-16).txt Scan type: Quick scan Objects scanned: 202638 Time elapsed: 2 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\Users\Mike\AppData\Local\winwebmon2\isapadoffice.dll (Trojan.Agent) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\isaPadOffice (Trojan.Agent) -> Value: isaPadOffice -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Mike\AppData\Local\winwebmon2\isapadoffice.dll (Trojan.Agent) -> Quarantined and deleted successfully. and the DDS log . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22 Run by Mike at 7:29:39 on 2011-10-05 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4923 [GMT -4:00] . SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\System32\rundll32.exe F:\Program Files\Adobe Reader\Reader\reader_sl.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\Logitech\SetPointG\SetPointII.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe uRun: [rasMapppm] rundll32.exe "C:\Users\Mike\AppData\Local\DRMPadTray\rasMapppm.dll",iTunesmapCres smiCommsdrv uRun: [isaPadOffice] rundll32.exe "C:\Users\Mike\AppData\Local\WinWebmon2\isaPadOffice.dll",eapUserCtrl AppWebPlay mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe Reader\Reader\Reader_sl.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL LSP: C:\Windows\system32\wpclsp.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{2BE7AA77-CC2B-44E4-8AD0-656BC1044CC4} : DhcpNameServer = 75.75.76.76 75.75.75.75 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll BHO-X64: 0x1 - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe Reader\Reader\Reader_sl.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime IE-X64: {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\FFExternalAlert.dll FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - plugin: F:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll FF - plugin: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: F:\Program Files\Adobe Reader\Reader\browser\nppdf32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} FF - Ext: Eraser: Eraser@vikram - %profile%\extensions\Eraser@vikram FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} . ============= SERVICES / DRIVERS =============== . R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot64.sys --> C:\Windows\system32\drivers\pavboot64.sys [?] S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-4-9 89920] S3 copperhd;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys --> C:\Windows\system32\drivers\copperhd.sys [?] S3 cpuz132;cpuz132;\??\C:\Windows\system32\drivers\cpuz132_x64.sys --> C:\Windows\system32\drivers\cpuz132_x64.sys [?] S3 ENTECH64;ENTECH64;\??\C:\Windows\system32\DRIVERS\ENTECH64.sys --> C:\Windows\system32\DRIVERS\ENTECH64.sys [?] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-6-1 1038088] S3 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-28 136176] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-28 136176] S3 KodakSvc;Kodak AiO Device Service;C:\Program Files (x86)\Kodak\Printer\Center\KodakSvc.exe [2008-2-28 18944] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] . =============== Created Last 30 ================ . 2011-10-03 11:50:17 -------- d-----w- C:\Users\Mike\AppData\Local\WinWebmon2 2011-10-02 09:58:38 -------- d-----w- C:\Users\Mike\AppData\Local\DRMPadTray . ==================== Find3M ==================== . 2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe 2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll 2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll 2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll 2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe 2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll 2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll 2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll . ============= FINISH: 7:30:01.49 ===============

Hi, I was doing a routine scan with MBAM when it came across a Exploit.Drop.2 virus, i let MBAM delete it. Since then ive noticed that im getting a occasional redirect when searching on yahoo search engine, it takes me to a completely different website that has nothing to do with the link i was clicking on. It doesnt happen all the time but every once in awhile. Im wondering if there is something hidden somewhere that is causing this.. any help would be appreciated. im posting my HiJackThis log. Thank You Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:39:23 PM, on 10/2/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Trend Micro\HiJackThis\Hecheck.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe Reader\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [rasMapppm] rundll32.exe "C:\Users\Mike\AppData\Local\DRMPadTray\rasMapppm.dll",iTunesmapCres smiCommsdrv O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files (x86)\Kodak\printer\center\KodakSvc.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8183 bytes

Thanks very much aliB.. Could u tell me what the problem was ? I do run Firefox 99% of the time. I have taken your suggestions and thank you once again.

yes i do

here is the OTL log OTL logfile created on: 7/19/2011 4:29:30 PM - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Mike\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.99 Gb Total Physical Memory | 4.97 Gb Available Physical Memory | 82.92% Memory free 12.09 Gb Paging File | 11.14 Gb Available in Paging File | 92.13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 296.17 Gb Total Space | 242.58 Gb Free Space | 81.91% Space Free | Partition Type: NTFS Drive D: | 7.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 100.00 Gb Total Space | 84.90 Gb Free Space | 84.90% Space Free | Partition Type: NTFS Drive F: | 200.00 Gb Total Space | 108.56 Gb Free Space | 54.28% Space Free | Partition Type: NTFS Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/07/17 16:33:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.scr PRC - [2010/11/25 15:14:18 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2009/02/27 17:10:28 | 000,035,696 | ---- | M] (Adobe Systems Incorporated) -- F:\Program Files\Adobe Reader\Reader\reader_sl.exe ========== Modules (SafeList) ========== MOD - [2011/07/17 16:33:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.scr MOD - [2009/04/10 23:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/01/29 17:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2009/06/01 13:14:19 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011/07/13 16:57:22 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/11/25 15:14:18 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010/09/01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus® SRV - [2009/09/23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009/06/01 13:14:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/02/15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [On_Demand | Stopped] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2008/02/28 17:57:24 | 000,018,944 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Kodak\printer\center\KodakSvc.exe -- (KodakSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010/11/09 22:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C310(UVC) DRV:64bit: - [2010/11/09 22:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64) DRV:64bit: - [2009/11/10 07:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009/11/10 07:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009/06/30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot) DRV:64bit: - [2009/05/09 19:40:14 | 000,120,768 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2009/04/06 14:19:46 | 000,027,160 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2009/03/27 01:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132) DRV:64bit: - [2009/02/17 13:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2009/02/15 23:11:48 | 000,337,560 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2008/11/10 08:26:30 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008/04/22 11:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64) DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel® DRV:64bit: - [2006/11/01 00:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2006/05/24 11:51:14 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd) DRV:64bit: - [2005/10/21 17:01:22 | 000,019,200 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbicp.sys -- (uisp) DRV - [2009/05/09 19:40:14 | 000,120,768 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) DRV - [2001/01/04 10:12:42 | 000,162,900 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\USBICP.sys -- (uisp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: Eraser@vikram:1.03 FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:2.7.2.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: F:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/01/14 09:56:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/05 09:34:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D83964CE-3243-438C-8BBB-6D685E628C6C}: C:\Users\Mike\AppData\Local\{D83964CE-3243-438C-8BBB-6D685E628C6C}\ [2010/10/23 11:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions [2009/06/01 12:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2011/07/04 09:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions [2011/01/13 17:43:43 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2010/11/19 09:36:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/11/13 07:23:54 | 000,000,000 | ---D | M] (uTorrentBar Toolbar) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2010/11/19 09:36:20 | 000,000,000 | ---D | M] (Eraser) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\Eraser@vikram [2011/03/05 09:34:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/03/05 09:34:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011/03/05 09:34:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll O1 HOSTS File: ([2011/07/18 06:15:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] F:\Program Files\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.75.198 68.87.64.150 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysNative\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\NV_WP_Green2-16x9.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\NV_WP_Green2-16x9.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/09/23 15:32:44 | 000,000,133 | R--- | M] () - D:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/07/18 16:40:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/07/18 06:18:09 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011/07/18 06:18:09 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\temp [2011/07/18 06:08:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/07/18 06:08:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/07/18 06:08:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/07/18 06:08:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/07/18 06:08:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/07/18 06:08:10 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2011/07/18 06:07:11 | 004,155,513 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe [2011/07/18 06:02:55 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\tdsskiller [2011/07/17 16:33:02 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.scr [2011/07/17 16:32:13 | 001,908,224 | ---- | C] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe [2011/07/17 09:04:26 | 000,489,596 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\dds.scr [2011/07/04 06:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2011/07/04 06:54:30 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Canneverbe Limited [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Mike\*.tmp files -> C:\Users\Mike\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/07/19 16:32:43 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/07/19 16:32:43 | 000,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/07/19 16:32:43 | 000,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/07/19 16:28:24 | 000,052,400 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011/07/19 16:28:23 | 000,052,400 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011/07/19 16:28:16 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/07/19 16:28:08 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/07/19 16:28:08 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/07/19 16:28:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/07/18 18:26:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/07/18 18:03:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job [2011/07/18 06:15:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011/07/18 06:07:12 | 004,155,513 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe [2011/07/18 06:02:18 | 001,383,430 | ---- | M] () -- C:\Users\Mike\Desktop\tdsskiller.zip [2011/07/17 19:17:45 | 000,080,384 | ---- | M] () -- C:\Users\Mike\Desktop\MBRCheck.exe [2011/07/17 16:37:11 | 447,573,097 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/07/17 16:33:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.scr [2011/07/17 16:32:39 | 001,908,224 | ---- | M] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe [2011/07/17 09:17:10 | 000,000,000 | ---- | M] () -- C:\Users\Mike\defogger_reenable [2011/07/17 09:04:42 | 000,302,592 | ---- | M] () -- C:\Users\Mike\Desktop\6sye35yx.exe [2011/07/17 09:04:10 | 000,489,596 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\dds.scr [2011/07/17 08:58:33 | 000,050,477 | ---- | M] () -- C:\Users\Mike\Desktop\Defogger.exe [2011/07/16 12:35:31 | 000,350,197 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2011/07/16 12:11:06 | 000,729,742 | ---- | M] () -- C:\Users\Mike\AppData\Local\census.cache [2011/07/16 12:11:03 | 000,190,153 | ---- | M] () -- C:\Users\Mike\AppData\Local\ars.cache [2011/07/15 07:33:12 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/07/04 09:10:21 | 000,036,352 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/07/04 08:12:01 | 000,000,120 | ---- | M] () -- C:\Users\Mike\AppData\Local\Vhixeyiqamabimon.dat [2011/07/04 08:12:01 | 000,000,000 | ---- | M] () -- C:\Users\Mike\AppData\Local\Rkocuwejatazaleb.bin [2011/07/04 07:06:04 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib [2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Mike\*.tmp files -> C:\Users\Mike\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/18 06:08:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/07/18 06:08:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/07/18 06:08:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/07/18 06:08:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/07/18 06:08:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/07/18 06:02:17 | 001,383,430 | ---- | C] () -- C:\Users\Mike\Desktop\tdsskiller.zip [2011/07/17 19:17:44 | 000,080,384 | ---- | C] () -- C:\Users\Mike\Desktop\MBRCheck.exe [2011/07/17 09:17:10 | 000,000,000 | ---- | C] () -- C:\Users\Mike\defogger_reenable [2011/07/17 09:04:57 | 000,302,592 | ---- | C] () -- C:\Users\Mike\Desktop\6sye35yx.exe [2011/07/17 09:04:28 | 000,050,477 | ---- | C] () -- C:\Users\Mike\Desktop\Defogger.exe [2011/07/12 10:42:18 | 000,729,742 | ---- | C] () -- C:\Users\Mike\AppData\Local\census.cache [2011/07/12 10:42:09 | 000,190,153 | ---- | C] () -- C:\Users\Mike\AppData\Local\ars.cache [2011/07/04 08:12:01 | 000,000,120 | ---- | C] () -- C:\Users\Mike\AppData\Local\Vhixeyiqamabimon.dat [2011/07/04 08:12:01 | 000,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Local\Rkocuwejatazaleb.bin [2011/05/10 15:29:59 | 000,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Local\{02BEBAB3-0F94-479B-A240-33B2C6DA6E2F} [2010/11/09 22:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2010/11/09 22:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2010/11/09 22:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2010/08/29 10:43:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/04/09 14:35:14 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2010/04/09 14:35:06 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2010/04/09 14:34:52 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2010/04/09 14:34:52 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2010/03/26 15:00:50 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2010/03/13 09:55:22 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010/02/19 08:59:17 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2009/11/05 09:25:03 | 000,000,036 | ---- | C] () -- C:\Users\Mike\AppData\Local\housecall.guid.cache [2009/10/06 08:36:49 | 000,000,127 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\default.rss [2009/06/06 09:35:17 | 000,017,043 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\UserTile.png [2009/06/01 09:42:03 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009/05/30 14:26:03 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2009/05/30 11:04:06 | 000,000,258 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2009/05/29 14:53:53 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009/05/29 14:53:53 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009/05/29 06:47:03 | 000,036,352 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/05/28 22:24:00 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2009/05/28 22:23:59 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2009/05/28 22:23:59 | 000,000,273 | ---- | C] () -- C:\Windows\game.ini [2009/05/28 14:26:31 | 000,052,400 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/05/28 14:23:09 | 000,052,400 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008/01/20 22:48:34 | 004,495,360 | ---- | C] () -- C:\Windows\SysWow64\NlsData001d.dll [2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== LOP Check ========== [2009/05/31 09:08:23 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ACD Systems [2011/07/04 07:02:20 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Any Video Converter [2009/05/28 21:58:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Ashampoo [2011/07/04 06:54:30 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Canneverbe Limited [2009/06/07 18:06:50 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/11/05 08:20:40 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\FrostWire [2009/12/27 11:52:29 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\GARMIN [2009/11/22 11:30:35 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ICQ [2010/03/20 18:58:41 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Leadertech [2010/09/12 14:56:25 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\NCH Swift Sound [2011/03/05 09:36:04 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\OpenOffice.org [2009/06/06 09:35:17 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\PeerNetworking [2009/11/05 18:21:04 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Screaming Bee [2009/08/23 13:18:13 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\System Requirements Lab BETA [2009/10/23 10:35:54 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\SystemRequirementsLab [2011/07/12 07:47:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\uTorrent [2010/03/14 08:32:34 | 000,000,000 | ---D | M] -- C:\Users\Ty\AppData\Roaming\ACD Systems [2011/07/18 18:03:00 | 000,000,282 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job [2011/07/18 18:38:15 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report >

here are the logs you requested. I havent noticed anything out of the ordinary, but havent had alot of time to be online today. Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7193 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 7/18/2011 4:46:18 PM mbam-log-2011-07-18 (16-46-18).txt Scan type: Quick scan Objects scanned: 187851 Time elapsed: 3 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-11-05 02:43:19 # local_time=2009-11-05 09:43:19 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=5892 16776638 100 95 55622382 94027657 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16777214 75 74 12794830 24777493 0 0 # scanned=124880 # found=8 # cleaned=0 # scan_time=3248 C:\Program Files (x86)\Nero\Nero 9\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I F:\Junk\Keymaker09_DGN_CW.rar probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I F:\Junk\Nero-9.4.13.2d_trial.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I F:\Junk\SSoft.AD.AD.HD.v6.5.4.9.Final.Incl.KeY_cw.rar a variant of Win32/Injector.PV trojan 00000000000000000000000000000000 I F:\Junk\rar zip extractions\SetupAnyDVD6549.exe a variant of Win32/Injector.PV trojan 00000000000000000000000000000000 I F:\Junk\unzips\CS4ECK.rar probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I F:\Junk\unzips\CS4 Cracking Kit\adobe-master-cs4-keygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I F:\Temp\Keymaker09_DGN_CW\Keymaker09_DGN_CW\Nero 9 - Keymaker_DGN_CW\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-11-08 02:48:24 # local_time=2009-11-08 09:48:24 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=5892 16776638 100 95 55884859 94290134 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16777214 75 74 13057307 25039970 0 0 # scanned=3468 # found=0 # cleaned=0 # scan_time=276 # version=7 # iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-11-25 04:56:16 # local_time=2009-11-25 11:56:16 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=5892 16776638 100 95 57358906 95764181 0 0 # compatibility_mode=8192 67108863 100 0 818618 818618 0 0 # compatibility_mode=9217 16777214 75 74 14531354 26514017 0 0 # scanned=100381 # found=1 # cleaned=0 # scan_time=2700 C:\Program Files (x86)\Nero\Nero 9\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-02-26 02:15:34 # local_time=2010-02-26 09:15:34 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=5892 16776638 100 95 65381928 103787203 0 0 # compatibility_mode=8192 67108863 100 0 8841640 8841640 0 0 # compatibility_mode=9217 16777214 75 74 22554376 34537039 0 0 # scanned=130309 # found=4 # cleaned=0 # scan_time=5237 C:\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\52d131f4-3d2b91a5 multiple threats 00000000000000000000000000000000 I F:\Junk\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I F:\Junk\rar zip extractions\SetupAnyDVD6549.exe a variant of Win32/Injector.PV trojan 00000000000000000000000000000000 I F:\Temp\Keymaker09_DGN_CW\Keymaker09_DGN_CW\Nero 9 - Keymaker_DGN_CW\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-02-26 09:10:42 # local_time=2010-02-26 04:10:42 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=5892 16776638 100 95 65406756 103812031 0 0 # compatibility_mode=8192 67108863 100 0 8866468 8866468 0 0 # compatibility_mode=9217 16777214 75 74 22579204 34561867 0 0 # scanned=130181 # found=4 # cleaned=0 # scan_time=5317 C:\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\52d131f4-3d2b91a5 multiple threats 00000000000000000000000000000000 I F:\Junk\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I F:\Junk\rar zip extractions\SetupAnyDVD6549.exe a variant of Win32/Injector.PV trojan 00000000000000000000000000000000 I F:\Temp\Keymaker09_DGN_CW\Keymaker09_DGN_CW\Nero 9 - Keymaker_DGN_CW\keymaker.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=f4e10e897bb6ef4cb6eec0f9fa542d59 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-06-04 11:13:05 # local_time=2010-06-04 07:13:05 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5892 16776638 100 45 73886830 112288517 0 0 # compatibility_mode=8192 67108863 100 0 17342954 17342954 0 0 # compatibility_mode=9217 16777214 75 74 31059290 43038353 0 0 # scanned=55231 # found=0 # cleaned=0 # scan_time=3373 ESETSmartInstaller@High as downloader log: all ok

ok, here are the 2 logs you requested. 2011/07/18 06:03:20.0206 3728 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56 2011/07/18 06:03:20.0596 3728 ================================================================================ 2011/07/18 06:03:20.0596 3728 SystemInfo: 2011/07/18 06:03:20.0596 3728 2011/07/18 06:03:20.0596 3728 OS Version: 6.0.6002 ServicePack: 2.0 2011/07/18 06:03:20.0596 3728 Product type: Workstation 2011/07/18 06:03:20.0596 3728 ComputerName: MIKE-PC 2011/07/18 06:03:20.0596 3728 UserName: Mike 2011/07/18 06:03:20.0596 3728 Windows directory: C:\Windows 2011/07/18 06:03:20.0596 3728 System windows directory: C:\Windows 2011/07/18 06:03:20.0596 3728 Running under WOW64 2011/07/18 06:03:20.0596 3728 Processor architecture: Intel x64 2011/07/18 06:03:20.0596 3728 Number of processors: 8 2011/07/18 06:03:20.0596 3728 Page size: 0x1000 2011/07/18 06:03:20.0596 3728 Boot type: Normal boot 2011/07/18 06:03:20.0596 3728 ================================================================================ 2011/07/18 06:03:21.0391 3728 Initialize success 2011/07/18 06:03:25.0400 3676 ================================================================================ 2011/07/18 06:03:25.0400 3676 Scan started 2011/07/18 06:03:25.0400 3676 Mode: Manual; 2011/07/18 06:03:25.0400 3676 ================================================================================ 2011/07/18 06:03:26.0243 3676 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys 2011/07/18 06:03:26.0274 3676 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys 2011/07/18 06:03:26.0336 3676 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys 2011/07/18 06:03:26.0383 3676 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys 2011/07/18 06:03:26.0399 3676 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys 2011/07/18 06:03:26.0414 3676 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys 2011/07/18 06:03:26.0477 3676 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys 2011/07/18 06:03:26.0508 3676 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys 2011/07/18 06:03:26.0524 3676 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys 2011/07/18 06:03:26.0555 3676 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys 2011/07/18 06:03:26.0570 3676 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys 2011/07/18 06:03:26.0586 3676 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys 2011/07/18 06:03:26.0648 3676 AnyDVD (0470de8172887124b84c85e1db495efe) C:\Windows\system32\Drivers\AnyDVD.sys 2011/07/18 06:03:26.0680 3676 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys 2011/07/18 06:03:26.0711 3676 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys 2011/07/18 06:03:26.0742 3676 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/07/18 06:03:26.0820 3676 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys 2011/07/18 06:03:26.0960 3676 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys 2011/07/18 06:03:26.0976 3676 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys 2011/07/18 06:03:26.0992 3676 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys 2011/07/18 06:03:27.0023 3676 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys 2011/07/18 06:03:27.0054 3676 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys 2011/07/18 06:03:27.0070 3676 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys 2011/07/18 06:03:27.0085 3676 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys 2011/07/18 06:03:27.0101 3676 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys 2011/07/18 06:03:27.0132 3676 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys 2011/07/18 06:03:27.0163 3676 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys 2011/07/18 06:03:27.0194 3676 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys 2011/07/18 06:03:27.0241 3676 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys 2011/07/18 06:03:27.0272 3676 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys 2011/07/18 06:03:27.0304 3676 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys 2011/07/18 06:03:27.0319 3676 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys 2011/07/18 06:03:27.0366 3676 copperhd (71879a4ab90d21bccf9e3cfcf0bb5f4a) C:\Windows\system32\drivers\copperhd.sys 2011/07/18 06:03:27.0413 3676 cpuz132 (c9c25778efe890baa4087e32937016a0) C:\Windows\system32\drivers\cpuz132_x64.sys 2011/07/18 06:03:27.0460 3676 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys 2011/07/18 06:03:27.0538 3676 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys 2011/07/18 06:03:27.0584 3676 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys 2011/07/18 06:03:27.0616 3676 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys 2011/07/18 06:03:27.0662 3676 DXGKrnl (e828cdca431d1f98d33501dfc390079a) C:\Windows\System32\drivers\dxgkrnl.sys 2011/07/18 06:03:27.0740 3676 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys 2011/07/18 06:03:27.0772 3676 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys 2011/07/18 06:03:27.0803 3676 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys 2011/07/18 06:03:27.0850 3676 ElbyCDIO (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys 2011/07/18 06:03:27.0959 3676 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys 2011/07/18 06:03:28.0006 3676 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys 2011/07/18 06:03:28.0130 3676 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys 2011/07/18 06:03:28.0162 3676 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys 2011/07/18 06:03:28.0193 3676 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys 2011/07/18 06:03:28.0208 3676 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys 2011/07/18 06:03:28.0224 3676 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys 2011/07/18 06:03:28.0255 3676 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys 2011/07/18 06:03:28.0286 3676 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/07/18 06:03:28.0318 3676 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys 2011/07/18 06:03:28.0333 3676 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys 2011/07/18 06:03:28.0364 3676 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys 2011/07/18 06:03:28.0427 3676 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys 2011/07/18 06:03:28.0458 3676 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/07/18 06:03:28.0505 3676 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys 2011/07/18 06:03:28.0520 3676 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys 2011/07/18 06:03:28.0552 3676 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys 2011/07/18 06:03:28.0583 3676 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys 2011/07/18 06:03:28.0645 3676 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys 2011/07/18 06:03:28.0676 3676 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys 2011/07/18 06:03:28.0708 3676 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/07/18 06:03:28.0739 3676 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys 2011/07/18 06:03:28.0770 3676 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys 2011/07/18 06:03:28.0832 3676 IntcAzAudAddService (f734f6464e8b28712a9ec9eb447c5b92) C:\Windows\system32\drivers\RTKVHD64.sys 2011/07/18 06:03:28.0864 3676 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys 2011/07/18 06:03:28.0879 3676 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys 2011/07/18 06:03:28.0926 3676 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/07/18 06:03:28.0957 3676 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys 2011/07/18 06:03:28.0988 3676 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys 2011/07/18 06:03:29.0004 3676 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys 2011/07/18 06:03:29.0035 3676 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys 2011/07/18 06:03:29.0066 3676 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/07/18 06:03:29.0082 3676 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys 2011/07/18 06:03:29.0113 3676 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys 2011/07/18 06:03:29.0129 3676 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/07/18 06:03:29.0300 3676 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/07/18 06:03:29.0378 3676 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys 2011/07/18 06:03:29.0394 3676 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys 2011/07/18 06:03:29.0456 3676 LHidFilt (ceb6e18dcfad5c72b81c7da1ac3c1cc1) C:\Windows\system32\DRIVERS\LHidFilt.Sys 2011/07/18 06:03:29.0472 3676 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys 2011/07/18 06:03:29.0488 3676 LMouFilt (f9e48f18be4d2b365f138987b8e7885b) C:\Windows\system32\DRIVERS\LMouFilt.Sys 2011/07/18 06:03:29.0519 3676 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys 2011/07/18 06:03:29.0550 3676 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys 2011/07/18 06:03:29.0566 3676 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys 2011/07/18 06:03:29.0581 3676 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys 2011/07/18 06:03:29.0597 3676 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys 2011/07/18 06:03:29.0690 3676 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys 2011/07/18 06:03:29.0768 3676 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys 2011/07/18 06:03:29.0800 3676 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys 2011/07/18 06:03:29.0831 3676 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys 2011/07/18 06:03:29.0846 3676 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys 2011/07/18 06:03:29.0862 3676 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys 2011/07/18 06:03:29.0878 3676 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys 2011/07/18 06:03:29.0878 3676 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys 2011/07/18 06:03:29.0909 3676 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys 2011/07/18 06:03:29.0909 3676 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys 2011/07/18 06:03:29.0940 3676 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys 2011/07/18 06:03:29.0956 3676 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys 2011/07/18 06:03:29.0987 3676 mrxsmb (49a432ddff0ee53ee33abb7ddd1c604a) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/07/18 06:03:30.0018 3676 mrxsmb10 (5f71620d64d28c399012b2c1b1ce82fb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/07/18 06:03:30.0018 3676 mrxsmb20 (37abc27460f9d532efdcc0116b7e5e48) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/07/18 06:03:30.0049 3676 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys 2011/07/18 06:03:30.0065 3676 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys 2011/07/18 06:03:30.0080 3676 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys 2011/07/18 06:03:30.0096 3676 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys 2011/07/18 06:03:30.0127 3676 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys 2011/07/18 06:03:30.0143 3676 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/07/18 06:03:30.0158 3676 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys 2011/07/18 06:03:30.0190 3676 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys 2011/07/18 06:03:30.0205 3676 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/07/18 06:03:30.0221 3676 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys 2011/07/18 06:03:30.0252 3676 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys 2011/07/18 06:03:30.0268 3676 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys 2011/07/18 06:03:30.0424 3676 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys 2011/07/18 06:03:30.0564 3676 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys 2011/07/18 06:03:30.0595 3676 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/07/18 06:03:30.0626 3676 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/07/18 06:03:30.0642 3676 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/07/18 06:03:30.0658 3676 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys 2011/07/18 06:03:30.0704 3676 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys 2011/07/18 06:03:30.0720 3676 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys 2011/07/18 06:03:30.0751 3676 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys 2011/07/18 06:03:30.0798 3676 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys 2011/07/18 06:03:30.0829 3676 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys 2011/07/18 06:03:30.0860 3676 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys 2011/07/18 06:03:30.0892 3676 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys 2011/07/18 06:03:31.0422 3676 nvlddmkm (6f9cbe52517660b68694accee35ec4d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/07/18 06:03:31.0547 3676 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys 2011/07/18 06:03:31.0578 3676 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys 2011/07/18 06:03:31.0609 3676 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys 2011/07/18 06:03:31.0656 3676 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/07/18 06:03:31.0703 3676 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys 2011/07/18 06:03:31.0718 3676 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys 2011/07/18 06:03:31.0750 3676 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys 2011/07/18 06:03:31.0796 3676 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys 2011/07/18 06:03:31.0812 3676 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys 2011/07/18 06:03:31.0828 3676 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys 2011/07/18 06:03:31.0859 3676 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys 2011/07/18 06:03:31.0952 3676 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys 2011/07/18 06:03:31.0968 3676 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys 2011/07/18 06:03:32.0015 3676 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys 2011/07/18 06:03:32.0046 3676 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys 2011/07/18 06:03:32.0108 3676 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys 2011/07/18 06:03:32.0124 3676 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys 2011/07/18 06:03:32.0140 3676 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys 2011/07/18 06:03:32.0155 3676 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/07/18 06:03:32.0186 3676 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/07/18 06:03:32.0186 3676 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys 2011/07/18 06:03:32.0218 3676 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys 2011/07/18 06:03:32.0233 3676 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/07/18 06:03:32.0264 3676 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys 2011/07/18 06:03:32.0264 3676 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys 2011/07/18 06:03:32.0311 3676 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys 2011/07/18 06:03:32.0374 3676 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys 2011/07/18 06:03:32.0405 3676 RTL8169 (390482953c63e81bae52f20386394421) C:\Windows\system32\DRIVERS\Rtlh64.sys 2011/07/18 06:03:32.0436 3676 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys 2011/07/18 06:03:32.0483 3676 ScreamBAudioSvc (e03b9294a9b70a214328b2b518f20db0) C:\Windows\system32\drivers\ScreamingBAudio64.sys 2011/07/18 06:03:32.0498 3676 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/07/18 06:03:32.0514 3676 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys 2011/07/18 06:03:32.0530 3676 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys 2011/07/18 06:03:32.0545 3676 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys 2011/07/18 06:03:32.0561 3676 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys 2011/07/18 06:03:32.0576 3676 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys 2011/07/18 06:03:32.0592 3676 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys 2011/07/18 06:03:32.0608 3676 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys 2011/07/18 06:03:32.0623 3676 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys 2011/07/18 06:03:32.0654 3676 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys 2011/07/18 06:03:32.0686 3676 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys 2011/07/18 06:03:32.0732 3676 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys 2011/07/18 06:03:32.0764 3676 srv (b905f2549517ec427d3e74c52fafe735) C:\Windows\system32\DRIVERS\srv.sys 2011/07/18 06:03:32.0795 3676 srv2 (4bd25bf8666ce3f089579e05fe659ed2) C:\Windows\system32\DRIVERS\srv2.sys 2011/07/18 06:03:32.0826 3676 srvnet (caea15e0e52fb15a2c8b505643228057) C:\Windows\system32\DRIVERS\srvnet.sys 2011/07/18 06:03:32.0857 3676 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys 2011/07/18 06:03:32.0888 3676 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys 2011/07/18 06:03:32.0904 3676 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys 2011/07/18 06:03:32.0920 3676 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys 2011/07/18 06:03:32.0966 3676 Tcpip (e52f99b1160a1a1de83223379d2c1828) C:\Windows\system32\drivers\tcpip.sys 2011/07/18 06:03:33.0013 3676 Tcpip6 (e52f99b1160a1a1de83223379d2c1828) C:\Windows\system32\DRIVERS\tcpip.sys 2011/07/18 06:03:33.0060 3676 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys 2011/07/18 06:03:33.0076 3676 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys 2011/07/18 06:03:33.0091 3676 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys 2011/07/18 06:03:33.0122 3676 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys 2011/07/18 06:03:33.0138 3676 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys 2011/07/18 06:03:33.0185 3676 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/07/18 06:03:33.0200 3676 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys 2011/07/18 06:03:33.0216 3676 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys 2011/07/18 06:03:33.0232 3676 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys 2011/07/18 06:03:33.0263 3676 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys 2011/07/18 06:03:33.0310 3676 uisp (75894b827b8ca53fc2bb991c91b6728c) C:\Windows\system32\Drivers\usbicp.sys 2011/07/18 06:03:33.0325 3676 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys 2011/07/18 06:03:33.0341 3676 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys 2011/07/18 06:03:33.0372 3676 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys 2011/07/18 06:03:33.0403 3676 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys 2011/07/18 06:03:33.0419 3676 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys 2011/07/18 06:03:33.0450 3676 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys 2011/07/18 06:03:33.0481 3676 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/07/18 06:03:33.0497 3676 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys 2011/07/18 06:03:33.0512 3676 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys 2011/07/18 06:03:33.0544 3676 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys 2011/07/18 06:03:33.0575 3676 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys 2011/07/18 06:03:33.0590 3676 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys 2011/07/18 06:03:33.0622 3676 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys 2011/07/18 06:03:33.0637 3676 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/07/18 06:03:33.0653 3676 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/07/18 06:03:33.0684 3676 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys 2011/07/18 06:03:33.0715 3676 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/07/18 06:03:33.0731 3676 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys 2011/07/18 06:03:33.0746 3676 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys 2011/07/18 06:03:33.0778 3676 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys 2011/07/18 06:03:33.0809 3676 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys 2011/07/18 06:03:33.0840 3676 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys 2011/07/18 06:03:33.0871 3676 Vsdatant (8dffec0583d93bb465dfcd30d81e225b) C:\Windows\system32\DRIVERS\vsdatant.sys 2011/07/18 06:03:34.0012 3676 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys 2011/07/18 06:03:34.0058 3676 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys 2011/07/18 06:03:34.0074 3676 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/18 06:03:34.0074 3676 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/18 06:03:34.0105 3676 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys 2011/07/18 06:03:34.0136 3676 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys 2011/07/18 06:03:34.0214 3676 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/07/18 06:03:34.0261 3676 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/07/18 06:03:34.0277 3676 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys 2011/07/18 06:03:34.0308 3676 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/07/18 06:03:34.0339 3676 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0 2011/07/18 06:03:34.0355 3676 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/07/18 06:03:34.0355 3676 Boot (0x1200) (b0db5454c926edd76e661290a4268957) \Device\Harddisk0\DR0\Partition0 2011/07/18 06:03:34.0386 3676 Boot (0x1200) (88c94e9ff223df5c6bcca41a8cadc34f) \Device\Harddisk0\DR0\Partition1 2011/07/18 06:03:34.0402 3676 Boot (0x1200) (545d8c5bd489cd987847e29c731a96a5) \Device\Harddisk0\DR0\Partition2 2011/07/18 06:03:34.0402 3676 ================================================================================ 2011/07/18 06:03:34.0402 3676 Scan finished 2011/07/18 06:03:34.0402 3676 ================================================================================ 2011/07/18 06:03:34.0402 3700 Detected object count: 1 2011/07/18 06:03:34.0402 3700 Actual detected object count: 1 2011/07/18 06:04:13.0916 3700 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/07/18 06:04:13.0916 3700 \Device\Harddisk0\DR0 - ok 2011/07/18 06:04:13.0916 3700 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/07/18 06:04:44.0524 3736 Deinitialize success AND ComboFix 11-07-18.01 - Mike 07/18/2011 6:09.1.8 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4896 [GMT -4:00] Running from: c:\users\Mike\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ADS - Windows: deleted 24 bytes in 1 streams. . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Mike\AppData\Local\{D83964CE-3243-438C-8BBB-6D685E628C6C} c:\users\Mike\AppData\Local\{D83964CE-3243-438C-8BBB-6D685E628C6C}\chrome.manifest c:\users\Mike\AppData\Local\{D83964CE-3243-438C-8BBB-6D685E628C6C}\chrome\content\_cfg.js c:\users\Mike\AppData\Local\{D83964CE-3243-438C-8BBB-6D685E628C6C}\chrome\content\overlay.xul c:\users\Mike\AppData\Local\{D83964CE-3243-438C-8BBB-6D685E628C6C}\install.rdf c:\users\Mike\lame_enc_en.dll c:\users\Mike\lametritonus_en.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_usnjsvc . . ((((((((((((((((((((((((( Files Created from 2011-06-18 to 2011-07-18 ))))))))))))))))))))))))))))))) . . 2011-07-18 10:08 . 2011-07-18 10:08 -------- d-----w- C:\32788R22FWJFW 2011-07-04 12:12 . 2011-07-04 12:12 0 ----a-w- c:\users\Mike\AppData\Local\Rkocuwejatazaleb.bin 2011-07-04 10:54 . 2011-07-04 10:54 -------- d-----w- c:\programdata\Canneverbe Limited 2011-07-04 10:54 . 2011-07-04 10:54 -------- d-----w- c:\users\Mike\AppData\Roaming\Canneverbe Limited . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-06 23:52 . 2010-06-12 01:14 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-06 23:52 . 2010-06-12 01:14 25912 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-01-05 413696] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Reader Speed Launcher"="f:\program files\Adobe Reader\Reader\Reader_sl.exe" [2009-02-27 35696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . R3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [x] R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-06-01 1038088] R3 KodakSvc;Kodak AiO Device Service;c:\program files (x86)\Kodak\printer\center\KodakSvc.exe [2008-02-28 18944] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 27648] R3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [x] R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x] R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 136176] R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 136176] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2011-07-18 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files (x86)\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20] . 2011-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 20:26] . 2011-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 20:26] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "combofix"="c:\combofix\CF14713.cfxxe" [X] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-12-26 6962208] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-26 1833504] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/ mLocal Page = %SystemRoot%\system32\blank.htm IE: &Windows Live Search - c:\program files (x86)\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 68.87.75.198 68.87.64.150 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} FF - Ext: Eraser: Eraser@vikram - %profile%\extensions\Eraser@vikram FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe Wow6432Node-HKLM-Run-NWEReboot - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Ashampoo Burning Studio 9_is1 - f:\program files\abs9\Ashampoo Burning Studio 9\unins000.exe AddRemove-EVPmaker_is1 - f:\evpmaker\unins000.exe AddRemove-Fraps - f:\program files\uninstall.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe AddRemove-{F850707C-B6A0-4B56-8709-F89CF8F9AC6D} - c:\users\Mike\AppData\Local\{6EA75E52-8FBA-433F-B3AE-6E2437B75152}\EraserSetup64.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.032" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.abr" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ani" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.arw" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.bay" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.bmp" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.bw" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.cr2" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.crw" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.cs1" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.cur" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.dcr" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.dcx" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.dib" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.djv" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.djvu" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.dng" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.emf" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.eps" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.erf" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.fff" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.fpx" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.gif" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.hdr" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.icl" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.icn" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.iff" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ilbm" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.int" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.inta" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.iw4" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.j2c" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.j2k" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jbr" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jfif" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jif" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jp2" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpc" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpe" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpeg" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (S-1-5-21-4221219837-760294012-3936320173-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpg" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpk" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpx" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.kdc" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.lbm" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.mef" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.mos" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.mrw" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.nef" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.orf" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pbm" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pbr" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pcd" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-4221219837-760294012-3936320173-1000) "Progid"="ACDSee Photo Manager 2009.pct" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pcx" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pef" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pgm" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-4221219837-760294012-3936320173-1000) "Progid"="ACDSee Photo Manager 2009.pic" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-4221219837-760294012-3936320173-1000) "Progid"="ACDSee Photo Manager 2009.pict" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pix" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.png" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ppm" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.psd" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.psp" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pspbrush" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pspimage" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.raf" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ras" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.raw" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rgb" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rgba" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rle" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rsb" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.sgi" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.sr2" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.srf" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.tga" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.thm" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.tif" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.tiff" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ttc" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ttf" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.v11o" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.v11p" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.v11pf" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.wbm" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.wbmp" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.wmf" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.xbm" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.xif" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.xmp" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.xpm" . [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\Software\SecuROM\License information*] "datasecu"=hex:f9,0a,95,2b,e9,d6,99,a4,55,d5,ef,b8,1e,45,d2,75,9c,0e,78,0b,15, 6a,46,84,b7,c1,93,3f,c3,76,01,d3,08,c0,a6,63,26,e2,f9,00,e0,34,d6,82,b0,46,\ "rkeysecu"=hex:a0,7f,4e,50,eb,62,92,f4,e8,ee,a7,ce,56,f4,e7,5a . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Completion time: 2011-07-18 06:18:08 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-18 10:18 . Pre-Run: 260,868,521,984 bytes free Post-Run: 260,710,146,048 bytes free . Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9 - - End Of File - - CEE7217D0F9C6A14FCE8D1D95657CFBA

here is the report you requested. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 64-bit Base Board Manufacturer: ASUSTeK Computer INC. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: System manufacturer System Product Name: System Product Name Logical Drives Mask: 0x0000003c Kernel Drivers (total 137): 0x0201B000 \SystemRoot\system32\ntoskrnl.exe 0x02533000 \SystemRoot\system32\hal.dll 0x0060F000 \SystemRoot\system32\kdcom.dll 0x00612000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x0064D000 \SystemRoot\system32\PSHED.dll 0x00661000 \SystemRoot\system32\CLFS.SYS 0x006BE000 \SystemRoot\system32\CI.dll 0x0080B000 \SystemRoot\system32\drivers\Wdf01000.sys 0x008E5000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x008F3000 \SystemRoot\system32\drivers\acpi.sys 0x00949000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00952000 \SystemRoot\system32\drivers\msisadrv.sys 0x0095C000 \SystemRoot\system32\drivers\pci.sys 0x0098C000 \SystemRoot\System32\drivers\partmgr.sys 0x009A1000 \SystemRoot\system32\drivers\volmgr.sys 0x00770000 \SystemRoot\System32\drivers\volmgrx.sys 0x009B5000 \SystemRoot\system32\drivers\pciide.sys 0x009BC000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x009CC000 \SystemRoot\System32\drivers\mountmgr.sys 0x009DF000 \SystemRoot\system32\drivers\pavboot64.sys 0x009EA000 \SystemRoot\system32\drivers\atapi.sys 0x007D6000 \SystemRoot\system32\drivers\ataport.SYS 0x00A0D000 \SystemRoot\system32\drivers\fltmgr.sys 0x00A54000 \SystemRoot\system32\drivers\fileinfo.sys 0x00A68000 \SystemRoot\System32\Drivers\ksecdd.sys 0x00C01000 \SystemRoot\system32\drivers\ndis.sys 0x00AEF000 \SystemRoot\system32\drivers\msrpc.sys 0x00B3F000 \SystemRoot\system32\drivers\NETIO.SYS 0x00E02000 \SystemRoot\System32\drivers\tcpip.sys 0x00F78000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01001000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01181000 \SystemRoot\system32\drivers\volsnap.sys 0x011C5000 \SystemRoot\System32\Drivers\spldr.sys 0x011CD000 \SystemRoot\System32\Drivers\mup.sys 0x00FA4000 \SystemRoot\System32\drivers\ecache.sys 0x011DF000 \SystemRoot\system32\drivers\disk.sys 0x00FD0000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x011F3000 \SystemRoot\system32\drivers\crcdisk.sys 0x00DE6000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x00DF2000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x00B98000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x0280C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x03533000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x02203000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x022E4000 \SystemRoot\System32\drivers\watchdog.sys 0x022F4000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x02300000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x02346000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x0360B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x036F8000 \SystemRoot\system32\DRIVERS\Rtlh64.sys 0x03729000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x0373B000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x0374B000 \SystemRoot\system32\DRIVERS\ASACPI.sys 0x03753000 \SystemRoot\System32\Drivers\AnyDVD.sys 0x03775000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x03791000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x0379A000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x02357000 \SystemRoot\system32\DRIVERS\storport.sys 0x037D3000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x023B4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x037E0000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x03535000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x037EC000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x023D7000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x03566000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x0357E000 \SystemRoot\system32\DRIVERS\termdd.sys 0x03591000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x0359F000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x037FC000 \SystemRoot\system32\DRIVERS\swenum.sys 0x035AB000 \SystemRoot\system32\DRIVERS\ks.sys 0x03600000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x035DF000 \SystemRoot\system32\DRIVERS\umbus.sys 0x00BAB000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x04804000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x04818000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x0499B000 \SystemRoot\system32\drivers\portcls.sys 0x049D6000 \SystemRoot\system32\drivers\drmk.sys 0x049F9000 \SystemRoot\system32\drivers\ksthunk.sys 0x023F5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x035EF000 \SystemRoot\System32\Drivers\Null.SYS 0x035F8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x009F2000 \SystemRoot\System32\drivers\vga.sys 0x04C0F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x04C34000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x04C3D000 \SystemRoot\system32\drivers\rdpencdd.sys 0x04C46000 \SystemRoot\System32\Drivers\Msfs.SYS 0x04C51000 \SystemRoot\System32\Drivers\Npfs.SYS 0x04C62000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x04C6B000 \SystemRoot\system32\DRIVERS\tdx.sys 0x04C88000 \SystemRoot\system32\DRIVERS\smb.sys 0x04CA3000 \SystemRoot\system32\drivers\afd.sys 0x04D0E000 \SystemRoot\System32\DRIVERS\netbt.sys 0x04D52000 \SystemRoot\system32\DRIVERS\vsdatant.sys 0x04DC3000 \SystemRoot\system32\DRIVERS\pacer.sys 0x04DE1000 \SystemRoot\system32\DRIVERS\netbios.sys 0x04E0D000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x04E28000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x04E75000 \SystemRoot\system32\drivers\nsiproxy.sys 0x04E81000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0x04E8B000 \SystemRoot\System32\Drivers\dfsc.sys 0x04EA8000 \SystemRoot\system32\DRIVERS\udfs.sys 0x04EF6000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x04F12000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x04F14000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x04F1D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x04F2F000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x04F3A000 \SystemRoot\System32\Drivers\crashdmp.sys 0x04F48000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x04F54000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x04F5C000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys 0x04F70000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x04F7B000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys 0x00050000 \SystemRoot\System32\win32k.sys 0x04F8F000 \SystemRoot\System32\drivers\Dxapi.sys 0x04F9B000 \SystemRoot\system32\DRIVERS\monitor.sys 0x004D0000 \SystemRoot\System32\TSDDD.dll 0x00670000 \SystemRoot\System32\cdd.dll 0x00820000 \SystemRoot\System32\ATMFD.DLL 0x04FAE000 \SystemRoot\system32\drivers\luafv.sys 0x08C02000 \SystemRoot\system32\drivers\spsys.sys 0x08C9C000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x08CB0000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x08CC8000 \SystemRoot\system32\drivers\HTTP.sys 0x08D6B000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x08D94000 \SystemRoot\system32\DRIVERS\bowser.sys 0x08DB2000 \SystemRoot\system32\drivers\mrxdav.sys 0x04FD0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x09001000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x0904A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x09069000 \SystemRoot\System32\DRIVERS\srv2.sys 0x0909B000 \SystemRoot\System32\DRIVERS\srv.sys 0x09130000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x0913B000 \SystemRoot\System32\Drivers\adfs.SYS 0x0980D000 \SystemRoot\system32\drivers\peauth.sys 0x098C3000 \SystemRoot\System32\Drivers\secdrv.SYS 0x098CE000 \SystemRoot\System32\drivers\tcpipreg.sys 0x77CA0000 \Windows\System32\ntdll.dll Processes (total 39): 0 System Idle Process 4 System 460 C:\Windows\System32\smss.exe 528 csrss.exe 596 C:\Windows\System32\wininit.exe 612 csrss.exe 656 C:\Windows\System32\services.exe 668 C:\Windows\System32\lsass.exe 676 C:\Windows\System32\lsm.exe 704 C:\Windows\System32\winlogon.exe 892 C:\Windows\System32\svchost.exe 948 C:\Windows\System32\nvvsvc.exe 984 C:\Windows\System32\svchost.exe 320 C:\Windows\System32\svchost.exe 468 C:\Windows\System32\svchost.exe 516 C:\Windows\System32\svchost.exe 992 C:\Windows\System32\audiodg.exe 1028 C:\Windows\System32\SLsvc.exe 1100 C:\Windows\System32\nvvsvc.exe 1144 C:\Windows\System32\svchost.exe 1252 C:\Windows\System32\svchost.exe 1516 C:\Windows\System32\spoolsv.exe 1548 C:\Windows\System32\svchost.exe 1748 C:\Windows\SysWOW64\PnkBstrA.exe 2064 C:\Windows\System32\dwm.exe 2076 C:\Windows\System32\svchost.exe 2088 C:\Windows\System32\taskeng.exe 2164 C:\Windows\System32\svchost.exe 2244 C:\Windows\System32\svchost.exe 2388 C:\Windows\System32\taskeng.exe 2420 C:\Windows\System32\SearchIndexer.exe 2460 C:\Windows\explorer.exe 2920 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 2468 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe 2636 F:\Program Files\Adobe Reader\Reader\reader_sl.exe 2684 C:\Program Files\Logitech\SetPointG\SetPointII.exe 3692 C:\Windows\System32\SearchProtocolHost.exe 3712 C:\Windows\System32\SearchFilterHost.exe 3372 C:\Users\Mike\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x0000007c`0ae00000 (NTFS) \\.\F: --> \\.\PhysicalDrive0 at offset 0x0000004a`0ae00000 (NTFS) PhysicalDrive0 Model Number: WDCWD6400AAKS-00H2B0, Rev: 07.04C07 Size Device Name MBR Status -------------------------------------------- 596 GB \\.\PhysicalDrive0 MBR Code Faked! SHA1: 92953A81AD1CC9184F426D1342D3BB6F9C82196A Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done!

Hi aliB, thank you for helping me. I tried to run aswMBR.exe and it gave me a BSOD, i rebooted and tried again and it still gave me a BSOD without ever starting. I am running vista 64bit if that has anything to do with it, not sure. So i ran OTL and here are the 2 logs from its scan. OTL logfile created on: 7/17/2011 4:39:42 PM - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Mike\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.99 Gb Total Physical Memory | 4.77 Gb Available Physical Memory | 79.70% Memory free 12.09 Gb Paging File | 10.97 Gb Available in Paging File | 90.76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 296.17 Gb Total Space | 244.89 Gb Free Space | 82.69% Space Free | Partition Type: NTFS Drive D: | 7.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 100.00 Gb Total Space | 84.90 Gb Free Space | 84.90% Space Free | Partition Type: NTFS Drive F: | 200.00 Gb Total Space | 108.56 Gb Free Space | 54.28% Space Free | Partition Type: NTFS Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/07/17 16:33:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.scr PRC - [2010/11/25 15:14:18 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010/10/04 11:23:26 | 000,908,760 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2009/02/27 17:10:28 | 000,035,696 | ---- | M] (Adobe Systems Incorporated) -- F:\Program Files\Adobe Reader\Reader\reader_sl.exe ========== Modules (SafeList) ========== MOD - [2011/07/17 16:33:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.scr MOD - [2009/04/10 23:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/01/29 17:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2009/06/01 13:14:19 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011/07/13 16:57:22 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/11/25 15:14:18 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010/09/01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus® SRV - [2009/09/23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009/06/01 13:14:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/02/15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [On_Demand | Stopped] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2008/02/28 17:57:24 | 000,018,944 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Kodak\printer\center\KodakSvc.exe -- (KodakSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010/11/09 22:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C310(UVC) DRV:64bit: - [2010/11/09 22:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64) DRV:64bit: - [2009/11/10 07:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009/11/10 07:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009/06/30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot) DRV:64bit: - [2009/05/09 19:40:14 | 000,120,768 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2009/04/06 14:19:46 | 000,027,160 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2009/03/27 01:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132) DRV:64bit: - [2009/02/17 13:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2009/02/15 23:11:48 | 000,337,560 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2008/11/10 08:26:30 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008/04/22 11:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64) DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel® DRV:64bit: - [2006/11/01 00:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2006/05/24 11:51:14 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd) DRV:64bit: - [2005/10/21 17:01:22 | 000,019,200 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbicp.sys -- (uisp) DRV - [2009/05/09 19:40:14 | 000,120,768 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) DRV - [2001/01/04 10:12:42 | 000,162,900 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\USBICP.sys -- (uisp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: Eraser@vikram:1.03 FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {D83964CE-3243-438C-8BBB-6D685E628C6C}:1.9.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: F:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/01/14 09:56:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/05 09:34:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D83964CE-3243-438C-8BBB-6D685E628C6C}: C:\Users\Mike\AppData\Local\{D83964CE-3243-438C-8BBB-6D685E628C6C}\ [2011/07/04 08:12:00 | 000,000,000 | ---D | M] [2010/10/23 11:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions [2009/06/01 12:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2011/07/04 09:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions [2011/01/13 17:43:43 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2010/11/19 09:36:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/11/13 07:23:54 | 000,000,000 | ---D | M] (uTorrentBar Toolbar) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2010/11/19 09:36:20 | 000,000,000 | ---D | M] (Eraser) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\Eraser@vikram [2011/03/05 09:34:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/03/05 09:34:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/07/04 08:12:00 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MIKE\APPDATA\LOCAL\{D83964CE-3243-438C-8BBB-6D685E628C6C} [2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011/03/05 09:34:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll O1 HOSTS File: ([2010/08/30 14:21:45 | 000,000,771 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-4221219837-760294012-3936320173-1000\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] F:\Program Files\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-4221219837-760294012-3936320173-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-4221219837-760294012-3936320173-1000..\Run: [WMPNSCFG] File not found O4 - HKLM..\RunOnceEx: [] File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.75.198 68.87.64.150 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysNative\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\NV_WP_Green2-16x9.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\NV_WP_Green2-16x9.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/09/23 15:32:44 | 000,000,133 | R--- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{b2e602a0-ebd1-11de-9e7b-00248c25f9ba}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.garmin.com/agent O33 - MountPoints2\{e42b15ec-4a0d-11de-998b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e42b15ec-4a0d-11de-998b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2010/09/17 23:01:31 | 000,349,520 | R--- | M] (Valve Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/07/17 16:33:02 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.scr [2011/07/17 16:32:13 | 001,908,224 | ---- | C] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe [2011/07/17 09:04:26 | 000,489,596 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\dds.scr [2011/07/04 08:12:00 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{D83964CE-3243-438C-8BBB-6D685E628C6C} [2011/07/04 06:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2011/07/04 06:54:30 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Canneverbe Limited [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Mike\*.tmp files -> C:\Users\Mike\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/07/17 16:42:52 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/07/17 16:42:52 | 000,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/07/17 16:42:52 | 000,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/07/17 16:37:42 | 000,052,400 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011/07/17 16:37:41 | 000,052,400 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011/07/17 16:37:32 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/07/17 16:37:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/07/17 16:37:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/07/17 16:37:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/07/17 16:37:11 | 447,573,097 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/07/17 16:33:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.scr [2011/07/17 16:32:39 | 001,908,224 | ---- | M] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe [2011/07/17 16:26:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/07/17 11:03:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job [2011/07/17 09:17:10 | 000,000,000 | ---- | M] () -- C:\Users\Mike\defogger_reenable [2011/07/17 09:04:42 | 000,302,592 | ---- | M] () -- C:\Users\Mike\Desktop\6sye35yx.exe [2011/07/17 09:04:10 | 000,489,596 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\dds.scr [2011/07/17 08:58:33 | 000,050,477 | ---- | M] () -- C:\Users\Mike\Desktop\Defogger.exe [2011/07/16 12:35:31 | 000,350,197 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2011/07/16 12:11:06 | 000,729,742 | ---- | M] () -- C:\Users\Mike\AppData\Local\census.cache [2011/07/16 12:11:03 | 000,190,153 | ---- | M] () -- C:\Users\Mike\AppData\Local\ars.cache [2011/07/15 07:33:12 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/07/04 09:10:21 | 000,036,352 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/07/04 08:12:01 | 000,000,120 | ---- | M] () -- C:\Users\Mike\AppData\Local\Vhixeyiqamabimon.dat [2011/07/04 08:12:01 | 000,000,000 | ---- | M] () -- C:\Users\Mike\AppData\Local\Rkocuwejatazaleb.bin [2011/07/04 07:06:04 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Mike\*.tmp files -> C:\Users\Mike\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/17 09:17:10 | 000,000,000 | ---- | C] () -- C:\Users\Mike\defogger_reenable [2011/07/17 09:04:57 | 000,302,592 | ---- | C] () -- C:\Users\Mike\Desktop\6sye35yx.exe [2011/07/17 09:04:28 | 000,050,477 | ---- | C] () -- C:\Users\Mike\Desktop\Defogger.exe [2011/07/12 10:42:18 | 000,729,742 | ---- | C] () -- C:\Users\Mike\AppData\Local\census.cache [2011/07/12 10:42:09 | 000,190,153 | ---- | C] () -- C:\Users\Mike\AppData\Local\ars.cache [2011/07/04 08:12:01 | 000,000,120 | ---- | C] () -- C:\Users\Mike\AppData\Local\Vhixeyiqamabimon.dat [2011/07/04 08:12:01 | 000,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Local\Rkocuwejatazaleb.bin [2011/05/10 15:29:59 | 000,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Local\{02BEBAB3-0F94-479B-A240-33B2C6DA6E2F} [2010/11/09 22:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2010/11/09 22:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2010/11/09 22:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2010/08/29 10:43:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/04/09 14:35:14 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2010/04/09 14:35:06 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2010/04/09 14:34:52 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2010/04/09 14:34:52 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2010/03/26 15:00:50 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2010/03/13 09:55:22 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010/02/19 08:59:17 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2009/11/05 09:25:03 | 000,000,036 | ---- | C] () -- C:\Users\Mike\AppData\Local\housecall.guid.cache [2009/10/06 08:36:49 | 000,000,127 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\default.rss [2009/06/06 09:35:17 | 000,017,043 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\UserTile.png [2009/06/01 09:42:03 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009/05/30 14:26:03 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2009/05/30 11:04:06 | 000,000,258 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2009/05/29 14:53:53 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009/05/29 14:53:53 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009/05/29 06:47:03 | 000,036,352 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/05/28 22:24:00 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2009/05/28 22:23:59 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2009/05/28 22:23:59 | 000,000,273 | ---- | C] () -- C:\Windows\game.ini [2009/05/28 14:26:31 | 000,052,400 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/05/28 14:23:09 | 000,052,400 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008/01/20 22:48:34 | 004,495,360 | ---- | C] () -- C:\Windows\SysWow64\NlsData001d.dll [2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== LOP Check ========== [2009/05/31 09:08:23 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ACD Systems [2011/07/04 07:02:20 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Any Video Converter [2009/05/28 21:58:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Ashampoo [2011/07/04 06:54:30 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Canneverbe Limited [2009/06/07 18:06:50 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/11/05 08:20:40 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\FrostWire [2009/12/27 11:52:29 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\GARMIN [2009/11/22 11:30:35 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ICQ [2010/03/20 18:58:41 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Leadertech [2010/09/12 14:56:25 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\NCH Swift Sound [2011/03/05 09:36:04 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\OpenOffice.org [2009/06/06 09:35:17 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\PeerNetworking [2009/11/05 18:21:04 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Screaming Bee [2009/08/23 13:18:13 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\System Requirements Lab BETA [2009/10/23 10:35:54 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\SystemRequirementsLab [2011/07/12 07:47:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\uTorrent [2010/03/14 08:32:34 | 000,000,000 | ---D | M] -- C:\Users\Ty\AppData\Roaming\ACD Systems [2011/07/17 11:03:00 | 000,000,282 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job [2011/07/17 13:43:02 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE > [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2009/04/11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe [2009/04/11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2008/01/20 22:49:20 | 000,192,512 | ---- | M] (Microsoft Corporation) MD5=77CC24684975AB1CF4C2C43D836C675C -- C:\Windows\SysNative\explorer.exe [2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: SVCHOST.EXE > [2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe [2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe [2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe [2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe < MD5 for: USERINIT.EXE > [2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WINLOGON.EXE > [2009/04/11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009/04/11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/10/04 11:23:23 | 000,552,184 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/10/04 11:23:23 | 000,552,184 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/10/04 11:23:23 | 000,552,184 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2010/10/04 11:23:26 | 000,908,760 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2010/10/04 11:23:26 | 000,908,760 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2010/10/04 11:23:26 | 000,908,760 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2008/01/20 22:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2008/01/20 22:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2008/01/20 22:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2009/04/10 23:27:46 | 000,636,080 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2008/01/20 22:48:18 | 000,084,992 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2008/01/20 22:48:18 | 000,084,992 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2008/01/20 22:48:18 | 000,084,992 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2009/04/10 23:27:46 | 000,636,080 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:7B568E0CF4077A80 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > AND OTL Extras logfile created on: 7/17/2011 4:39:42 PM - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Mike\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.99 Gb Total Physical Memory | 4.77 Gb Available Physical Memory | 79.70% Memory free 12.09 Gb Paging File | 10.97 Gb Available in Paging File | 90.76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 296.17 Gb Total Space | 244.89 Gb Free Space | 82.69% Space Free | Partition Type: NTFS Drive D: | 7.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 100.00 Gb Total Space | 84.90 Gb Free Space | 84.90% Space Free | Partition Type: NTFS Drive F: | 200.00 Gb Total Space | 108.56 Gb Free Space | 54.28% Space Free | Partition Type: NTFS Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [ACDSee 11.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "F:\Program Files\WinAmp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "F:\Program Files\WinAmp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "F:\Program Files\WinAmp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee 11.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "F:\Program Files\WinAmp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "F:\Program Files\WinAmp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "F:\Program Files\WinAmp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 09 74 E1 30 16 D8 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4221219837-760294012-3936320173-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 2 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4221219837-760294012-3936320173-1001] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0E8F884E-B700-4439-A486-7BB4D9892EAC}" = lport=18395 | protocol=17 | dir=in | name=bf | "{10823E7D-2B59-4AD5-983C-5472087EC6D4}" = lport=13505 | protocol=17 | dir=in | name=bf | "{27FC817E-C73A-42B3-B41E-579862873C0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{480C6F6B-09D2-4C9D-8877-4672F7273114}" = lport=2869 | protocol=6 | dir=in | app=system | "{6460CE12-B7AC-4DF8-903A-8B7C11A8A83D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{851AFFEC-2511-4D64-A76C-9D792F357E17}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{87E93AC5-7EA4-41CE-8AE3-1BAC57855189}" = lport=80 | protocol=6 | dir=in | name=bf | "{E5ABA048-6D18-49C3-A3A4-1C8EEBB1AA31}" = lport=18390 | protocol=17 | dir=in | name=bf | "{F6229A1B-ABA3-48A8-9262-B35DE959E661}" = lport=18395 | protocol=6 | dir=in | name=bf | "{FE69F787-D215-4D02-9A5E-0AAEBBA1ADC2}" = lport=18390 | protocol=6 | dir=in | name=bf | "{FF9B88CA-27CA-4A53-9863-03BE14633D03}" = lport=13505 | protocol=6 | dir=in | name=bf | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01A07F55-24E7-45FD-81D3-0387596AE535}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{081EFDBE-FDB6-47C5-8746-5A94305A3519}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{0F00C8A1-AD05-40F5-BD40-1ED8489750DF}" = protocol=6 | dir=in | app=e:\combat arms\nmservice.exe | "{12D9552D-CE70-4CBC-83AD-98DE84E57E5F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{14C9F353-AB21-4653-B954-9AB4D205BF11}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{254E488C-5DA7-4712-A69A-E9847C050CB6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{28184228-F16E-46BB-876C-7A850CE972DF}" = protocol=17 | dir=in | app=e:\combat arms\nmservice.exe | "{28579243-B467-43D5-9FCE-9AA9999AD6AB}" = protocol=6 | dir=in | app=e:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{427BEFC9-99C5-499A-B08B-D1D713F0CE89}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{47EA3225-FFE9-455B-8A29-659DACC83048}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{49C04D1B-B2AC-4B0E-8E77-52232262E25F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{4FD42476-C2A9-4163-BA87-861F8BD999B1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{53A4D44D-543D-4348-A1A2-8230DD3EDF7A}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steam.exe | "{5524B374-684F-4649-A980-471BF2E5D95B}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{5835177D-904D-43EC-AE52-7FD53ACAD442}" = protocol=17 | dir=in | app=e:\cod4\iw3mp.exe | "{5BE8D5DA-C944-451D-8247-53219671AA89}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "{69029F1A-0C98-47B8-862D-1C8B4B84590E}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{6FE70E72-45BE-4DF5-9683-CC238B669F4D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{7AA840EB-4582-42F5-B92B-892EB12CD7C0}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steam.exe | "{88E8C6DF-ED38-4C74-B0ED-FD8FE82E2633}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{8CF530AE-6294-4E9E-AF3C-CC5D484E486E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{974923B0-0212-497C-BA5F-04A992E65B98}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{A4596682-76DF-41DE-BB77-07BCC178BDE4}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{AF26EBE4-992A-4782-9EE7-D2546A4A1000}" = protocol=6 | dir=in | app=f:\program files\vent\ventrilo.exe | "{B46220A0-6463-4957-B963-2B38D36ABDB0}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{BB423D58-61C6-418A-9843-15ED73B1A3FF}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe | "{C874D4A2-86C2-4BBF-89C3-B498A685DDD9}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{CD0DCE48-CABE-4CE9-8EB8-56B0F662F645}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D674C74B-8DCC-4163-A2C0-C8C001FFB4C5}" = protocol=17 | dir=in | app=e:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{DB928591-5DF1-47CA-837D-6C8C9770F320}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{DE147C40-7B5F-4D29-B259-7C091DC324ED}" = protocol=17 | dir=in | app=f:\program files\vent\ventrilo.exe | "{EC38F750-641C-4238-B4CB-A3903A4BE501}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{EDB7FE4D-3AC5-409F-ABF6-3A0A844BDC74}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "{F17599D4-64BD-4AED-89F5-7C56BDAD186D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{F299396B-C895-467F-9CB8-06BDBDC2D8B7}" = protocol=6 | dir=in | app=e:\cod4\iw3mp.exe | "{FAFCB0EE-2A75-4E6B-AFF6-D631FDBD7894}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{FE32A8C1-2652-4DB1-8E5B-476068915026}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64 "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64 "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4 "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4 "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4 "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit) "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64 "CPUID CPU-Z_is1" = CPUID CPU-Z 1.51 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "SP6" = Logitech SetPoint 6.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt "{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery "{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009 "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{71DFAA65-77FA-41F3-A748-013B5A8524A3}" = Garmin City Navigator North America NT 2010.30 "{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw "{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap "{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr "{c4bdcd59-66e3-487d-a3c4-3ac6e9140ca9}" = Nero 9 Trial "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = KODAK All-in-One Printer Software "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR "{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug "{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4 "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "AC3Filter_is1" = AC3Filter 1.60b "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "Any Video Converter_is1" = Any Video Converter 2.7.8 "Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9 BETA "Audacity_is1" = Audacity 1.2.6 "AutoHotkey" = AutoHotkey 1.0.48.05 "CameraUserGuide-PSSX120IS" = Canon PowerShot SX120 IS Camera User Guide "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDC8" = Canon Utilities CameraWindow DC 8 "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivXLand Media Subtitler" = DivXLand Media Subtitler "Driver Cleaner Pro" = DH Driver Cleaner Professional Edition "DVD Shrink_is1" = DVD Shrink 3.2 "ESET Online Scanner" = ESET Online Scanner v3 "EVPmaker_is1" = EVPmaker 2.5 "Fraps" = Fraps (remove only) "Free Internet Window Washer" = Free Internet Window Washer "Guitar Pro 5_is1" = Guitar Pro 5.0 "GuitarSpeedTrainer_is1" = GST 2.3.8.4 "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare "Kremlin" = Kremlin "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox (3.5.14)" = Mozilla Firefox (3.5.14) "MyCamera" = Canon Utilities MyCamera "MyCameraDC" = Canon Utilities MyCamera DC "Personal Printing Guide" = Canon Personal Printing Guide "PFPortChecker" = PFPortChecker 1.0.32 "PhotoStitch" = Canon Utilities PhotoStitch "PROHYBRIDR" = 2007 Microsoft Office system "PunkBusterSvc" = PunkBuster Services "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "SkypePlayer" = Skype Audio Player (remove only) "Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Switch" = Switch Sound File Converter "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2 "uTorrent" = µTorrent "VLC media player" = VLC media player 1.0.1 "Winamp" = Winamp "Windows Live Toolbar" = Windows Live Toolbar "Xfire" = Xfire (remove only) "Xvid_is1" = Xvid 1.2.1 final uninstall "ZoneAlarm Pro" = ZoneAlarm Pro "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4221219837-760294012-3936320173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 8/20/2010 5:47:44 PM | Computer Name = Mike-PC | Source = Steam Client Service | ID = 1 Description = Error: Steam folder not found Error - 8/20/2010 5:49:20 PM | Computer Name = Mike-PC | Source = WinMgmt | ID = 10 Description = Error - 8/21/2010 5:06:50 AM | Computer Name = Mike-PC | Source = Steam Client Service | ID = 1 Description = Error: GetSteamInstallPath failed 2 Error - 8/21/2010 5:06:50 AM | Computer Name = Mike-PC | Source = Steam Client Service | ID = 1 Description = Error: Failed to find Steam Path Error - 8/21/2010 5:06:50 AM | Computer Name = Mike-PC | Source = Steam Client Service | ID = 1 Description = Error: Steam folder not found Error - 8/21/2010 5:08:26 AM | Computer Name = Mike-PC | Source = WinMgmt | ID = 10 Description = Error - 8/21/2010 7:00:45 AM | Computer Name = Mike-PC | Source = Steam Client Service | ID = 1 Description = Error: GetSteamInstallPath failed 2 Error - 8/21/2010 7:00:45 AM | Computer Name = Mike-PC | Source = Steam Client Service | ID = 1 Description = Error: Failed to find Steam Path Error - 8/21/2010 7:00:45 AM | Computer Name = Mike-PC | Source = Steam Client Service | ID = 1 Description = Error: Steam folder not found Error - 8/21/2010 7:02:19 AM | Computer Name = Mike-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 7/17/2011 4:41:17 PM | Computer Name = Mike-PC | Source = disk | ID = 262151 Description = The device, \Device\Harddisk0\DR0, has a bad block. Error - 7/17/2011 4:41:19 PM | Computer Name = Mike-PC | Source = disk | ID = 262151 Description = The device, \Device\Harddisk0\DR0, has a bad block. Error - 7/17/2011 4:41:22 PM | Computer Name = Mike-PC | Source = disk | ID = 262151 Description = The device, \Device\Harddisk0\DR0, has a bad block. Error - 7/17/2011 4:41:24 PM | Computer Name = Mike-PC | Source = disk | ID = 262151 Description = The device, \Device\Harddisk0\DR0, has a bad block. Error - 7/17/2011 4:41:27 PM | Computer Name = Mike-PC | Source = disk | ID = 262151 Description = The device, \Device\Harddisk0\DR0, has a bad block. Error - 7/17/2011 4:41:29 PM | Computer Name = Mike-PC | Source = disk | ID = 262151 Description = The device, \Device\Harddisk0\DR0, has a bad block. Error - 7/17/2011 4:42:45 PM | Computer Name = Mike-PC | Source = disk | ID = 262151 Description = The device, \Device\Harddisk0\DR0, has a bad block. Error - 7/17/2011 4:42:47 PM | Computer Name = Mike-PC | Source = disk | ID = 262151 Description = The device, \Device\Harddisk0\DR0, has a bad block. Error - 7/17/2011 4:42:50 PM | Computer Name = Mike-PC | Source = disk | ID = 262151 Description = The device, \Device\Harddisk0\DR0, has a bad block. Error - 7/17/2011 4:42:52 PM | Computer Name = Mike-PC | Source = disk | ID = 262151 Description = The device, \Device\Harddisk0\DR0, has a bad block. < End of report >

Hi, THank you for any help you can give me. Ive been having a problem when searching on yahoo search and clicking links, sometimes (not all the time) it will take me to a page that has nothing to do with the search result find, when i click on the link. I first noticed the problem on July 4th, so i ran MBAM and i will post that log further below, however, once it rebooted, i got a message that it couldnt find something it was looking for, even though the logs say it was deleted. I scanned again and now it cannot find any problems, however, i still get redirected on links, again, its not everytime. Ive ran online scanners and cant find anything. So, im posting my original mbam log from that day, and all other scans ive started today. Im hoping someone can look and see if there is still a problem. I did recieve a email from my ISP yesterday, saying that my machine was infected with a BOT, so im guessing i didnt kill this thing. Oh, GMER didnt find anything either, so i wont be attaching that file. THank you for any help. MBAM LOG 7/4/2011 .................. Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7018 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 7/4/2011 10:04:08 AM mbam-log-2011-07-04 (10-04-08).txt Scan type: Quick scan Objects scanned: 180325 Time elapsed: 3 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\Users\Mike\AppData\Local\KBDMTi.dll (Trojan.Hiloti) -> Delete on reboot. c:\Users\Mike\AppData\Local\erigibux.dll (Trojan.Agent.U) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ywuzilaquvacax (Trojan.Hiloti) -> Value: Ywuzilaquvacax -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Myemetukopib (Trojan.Agent.U) -> Value: Myemetukopib -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Mike\AppData\Local\KBDMTi.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. c:\Windows\Temp\oeaF079.tmp (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\Windows\Temp\oeaF099.tmp (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\Users\Mike\local settings\KBDMTi.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. c:\Users\Mike\local settings\application data\KBDMTi.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. c:\Users\Mike\AppData\Local\erigibux.dll (Trojan.Agent.U) -> Quarantined and deleted successfully. DDS TXT 7/17/2011 .................. DDS (Ver_2011-07-14.01) - NTFS_AMD64 Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22 Run by Mike at 9:17:54 on 2011-07-17 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4774 [GMT -4:00] . SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\Logitech\SetPointG\SetPointII.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned> BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll uRun: [AdobeBridge] <no file> mRun: [NWEReboot] <no file> mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files (x86)\ICQ6.5\ICQ.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 68.87.75.198 68.87.64.150 TCP: Interfaces\{2BE7AA77-CC2B-44E4-8AD0-656BC1044CC4} : DHCPNameServer = 68.87.75.198 68.87.64.150 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming x64-mPolicies-Explorer: NoActiveDesktop = dword:1 x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1 x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 x64-mPolicies-System: EnableUIADesktopToggle = dword:0 x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\FFExternalAlert.dll FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9oh0f1ik.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - plugin: F:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll FF - plugin: F:\Program Files\Adobe Reader\Reader\browser\nppdf32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} FF - Ext: Eraser: Eraser@vikram - %profile%\extensions\Eraser@vikram FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} FF - Ext: XULRunner: {D83964CE-3243-438C-8BBB-6D685E628C6C} - C:\Users\Mike\AppData\Local\{D83964CE-3243-438C-8BBB-6D685E628C6C} . ============= SERVICES / DRIVERS =============== . R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2009-11-5 33800] S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-4-9 89920] S3 copperhd;Razer Copperhead Driver;C:\Windows\System32\drivers\copperhd.sys [2009-5-28 13824] S3 cpuz132;cpuz132;C:\Windows\System32\drivers\cpuz132_x64.sys [2009-5-30 19432] S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2008-6-27 12744] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-6-1 1038088] S3 KodakSvc;Kodak AiO Device Service;C:\Program Files (x86)\Kodak\Printer\Center\KodakSvc.exe [2008-2-28 18944] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-11-9 341856] S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-11-9 4162784] S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2008-1-20 27648] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-4-6 27160] S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-28 136176] S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-28 136176] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2011-07-06 23:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 9:18:15.06 =============== attach.txt

seems to be fine now. THank you for your help

thank you and understood. the following is the combo fix log as requested. ComboFix 11-02-22.05 - sis 02/23/2011 8:39.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2811.1630 [GMT -5:00] Running from: c:\users\sis\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files (x86)\Gamevance c:\program files (x86)\Gamevance\ars.cfg c:\program files (x86)\Gamevance\gamevance32.exe c:\program files (x86)\Gamevance\gamevancelib32.dll c:\program files (x86)\Gamevance\gvtl.dll c:\program files (x86)\Gamevance\gvun.exe c:\program files (x86)\Gamevance\icon.ico c:\users\sis\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com c:\users\sis\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome.manifest c:\users\sis\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll . ((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 ))))))))))))))))))))))))))))))) . 2011-02-23 13:45 . 2011-02-23 13:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-22 22:23 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll 2011-02-22 22:23 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll 2011-02-22 21:54 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10D1B999-7715-49A0-B0C4-1C583969B4BA}\mpengine.dll 2011-02-19 14:30 . 2011-02-19 14:30 -------- d-----w- c:\program files (x86)\ESET 2011-02-19 14:08 . 2011-02-21 23:01 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner 2011-02-18 21:26 . 2011-02-18 21:26 -------- d-----w- c:\users\sis\AppData\Roaming\Malwarebytes 2011-02-18 21:25 . 2011-02-18 21:25 -------- d-----w- c:\programdata\Malwarebytes 2011-02-18 21:25 . 2011-02-21 23:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-02-18 18:48 . 2011-02-21 20:26 -------- d-----w- c:\users\sis\AppData\Local\ElevatedDiagnostics . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-02 22:11 . 2010-12-25 17:42 270720 ------w- c:\windows\system32\MpSigStub.exe 2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-05-07 26211624] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-17 98304] "Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe" [2010-04-14 243544] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992] R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-17 202752] S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-25 92216] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-06-17 6403072] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-06-17 188928] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder 2011-02-23 c:\windows\Tasks\HPCeeScheduleForsis.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53] . --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local . - - - - ORPHANS REMOVED - - - - Wow6432Node-HKLM-Run-Gamevance - c:\program files (x86)\Gamevance\gamevance32.exe HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe AddRemove-Gamevance - c:\program files (x86)\Gamevance\gvun.exe AddRemove-{CF1A69F1-4335-4322-A137-235E3AE36BB0} - c:\program files (x86)\InstallShield Installation Information\{CF1A69F1-4335-4322-A137-235E3AE36BB0}\setup.exe . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files (x86)\Common Files\Java\Java Update\jusched.exe c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe . ************************************************************************** . Completion time: 2011-02-23 08:52:37 - machine was rebooted ComboFix-quarantined-files.txt 2011-02-23 13:52 Pre-Run: 255,819,739,136 bytes free Post-Run: 255,488,434,176 bytes free - - End Of File - - 5B8EECABDEB817241803A91D2B169089

hi again elise. i ran tdsskiller.exe and was able to reboot to desktop in normal boot mode. the following is the log requested. 2011/02/22 16:44:01.0684 1592 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08 2011/02/22 16:44:01.0793 1592 ================================================================================ 2011/02/22 16:44:01.0793 1592 SystemInfo: 2011/02/22 16:44:01.0793 1592 2011/02/22 16:44:01.0793 1592 OS Version: 6.1.7600 ServicePack: 0.0 2011/02/22 16:44:01.0793 1592 Product type: Workstation 2011/02/22 16:44:01.0793 1592 ComputerName: SIS-HP 2011/02/22 16:44:01.0793 1592 UserName: sis 2011/02/22 16:44:01.0793 1592 Windows directory: C:\Windows 2011/02/22 16:44:01.0793 1592 System windows directory: C:\Windows 2011/02/22 16:44:01.0793 1592 Running under WOW64 2011/02/22 16:44:01.0793 1592 Processor architecture: Intel x64 2011/02/22 16:44:01.0793 1592 Number of processors: 2 2011/02/22 16:44:01.0793 1592 Page size: 0x1000 2011/02/22 16:44:01.0793 1592 Boot type: Safe boot with network 2011/02/22 16:44:01.0793 1592 ================================================================================ 2011/02/22 16:44:02.0136 1592 Initialize success 2011/02/22 16:44:10.0030 1492 ================================================================================ 2011/02/22 16:44:10.0030 1492 Scan started 2011/02/22 16:44:10.0030 1492 Mode: Manual; 2011/02/22 16:44:10.0030 1492 ================================================================================ 2011/02/22 16:44:11.0683 1492 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/02/22 16:44:12.0042 1492 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 2011/02/22 16:44:12.0385 1492 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/02/22 16:44:12.0728 1492 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/02/22 16:44:13.0056 1492 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/02/22 16:44:13.0415 1492 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/02/22 16:44:13.0805 1492 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 2011/02/22 16:44:14.0164 1492 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 2011/02/22 16:44:14.0507 1492 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 2011/02/22 16:44:14.0881 1492 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 2011/02/22 16:44:15.0302 1492 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/02/22 16:44:15.0802 1492 amdkmdag (4bffead896affbc80c86f62cd18f17c9) C:\Windows\system32\DRIVERS\atipmdag.sys 2011/02/22 16:44:16.0254 1492 amdkmdap (a7155a832f24cf5b048f6048380636ec) C:\Windows\system32\DRIVERS\atikmpag.sys 2011/02/22 16:44:16.0613 1492 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/02/22 16:44:16.0940 1492 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys 2011/02/22 16:44:17.0284 1492 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/02/22 16:44:17.0611 1492 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys 2011/02/22 16:44:17.0939 1492 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 2011/02/22 16:44:18.0298 1492 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/02/22 16:44:18.0641 1492 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/02/22 16:44:18.0953 1492 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/02/22 16:44:19.0296 1492 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 2011/02/22 16:44:19.0670 1492 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys 2011/02/22 16:44:20.0045 1492 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys 2011/02/22 16:44:20.0404 1492 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys 2011/02/22 16:44:20.0762 1492 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/02/22 16:44:21.0090 1492 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/02/22 16:44:21.0418 1492 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/02/22 16:44:21.0808 1492 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/02/22 16:44:22.0135 1492 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys 2011/02/22 16:44:22.0463 1492 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/02/22 16:44:22.0806 1492 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/02/22 16:44:23.0118 1492 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/02/22 16:44:23.0430 1492 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/02/22 16:44:23.0789 1492 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/02/22 16:44:24.0101 1492 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/02/22 16:44:24.0444 1492 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/02/22 16:44:24.0803 1492 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/02/22 16:44:25.0146 1492 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 2011/02/22 16:44:25.0489 1492 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/02/22 16:44:25.0739 1492 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/02/22 16:44:26.0145 1492 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/02/22 16:44:26.0160 1492 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 2011/02/22 16:44:26.0207 1492 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 2011/02/22 16:44:26.0254 1492 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/02/22 16:44:26.0285 1492 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/02/22 16:44:26.0316 1492 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/02/22 16:44:26.0379 1492 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 2011/02/22 16:44:26.0425 1492 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/02/22 16:44:26.0488 1492 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/02/22 16:44:26.0550 1492 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/02/22 16:44:26.0613 1492 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys 2011/02/22 16:44:26.0722 1492 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/02/22 16:44:27.0127 1492 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/02/22 16:44:27.0439 1492 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 2011/02/22 16:44:27.0829 1492 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/02/22 16:44:28.0141 1492 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/02/22 16:44:28.0469 1492 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/02/22 16:44:28.0812 1492 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/02/22 16:44:29.0124 1492 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/02/22 16:44:29.0452 1492 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/02/22 16:44:29.0779 1492 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 2011/02/22 16:44:30.0138 1492 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/02/22 16:44:30.0481 1492 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/02/22 16:44:30.0840 1492 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 2011/02/22 16:44:31.0183 1492 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/02/22 16:44:31.0542 1492 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/02/22 16:44:31.0885 1492 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/02/22 16:44:32.0244 1492 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 2011/02/22 16:44:32.0587 1492 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/02/22 16:44:32.0915 1492 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/02/22 16:44:33.0227 1492 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/02/22 16:44:33.0555 1492 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/02/22 16:44:33.0913 1492 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 2011/02/22 16:44:34.0335 1492 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/02/22 16:44:34.0709 1492 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 2011/02/22 16:44:35.0037 1492 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 2011/02/22 16:44:35.0427 1492 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/02/22 16:44:35.0801 1492 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/02/22 16:44:36.0300 1492 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys 2011/02/22 16:44:36.0753 1492 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/02/22 16:44:37.0127 1492 IntcAzAudAddService (b88e24bd77a0ce2cffee2facf1151be0) C:\Windows\system32\drivers\RTKVHD64.sys 2011/02/22 16:44:37.0470 1492 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 2011/02/22 16:44:37.0798 1492 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/02/22 16:44:38.0125 1492 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/02/22 16:44:38.0453 1492 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/02/22 16:44:38.0749 1492 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/02/22 16:44:39.0124 1492 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/02/22 16:44:39.0436 1492 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 2011/02/22 16:44:39.0779 1492 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/02/22 16:44:40.0122 1492 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/02/22 16:44:40.0465 1492 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/02/22 16:44:40.0762 1492 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 2011/02/22 16:44:41.0089 1492 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 2011/02/22 16:44:41.0401 1492 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/02/22 16:44:41.0776 1492 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/02/22 16:44:42.0119 1492 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/02/22 16:44:42.0462 1492 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/02/22 16:44:42.0774 1492 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/02/22 16:44:43.0133 1492 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/02/22 16:44:43.0476 1492 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/02/22 16:44:43.0788 1492 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/02/22 16:44:44.0116 1492 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/02/22 16:44:44.0475 1492 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/02/22 16:44:44.0787 1492 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/02/22 16:44:45.0177 1492 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2011/02/22 16:44:45.0567 1492 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/02/22 16:44:45.0894 1492 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 2011/02/22 16:44:46.0206 1492 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 2011/02/22 16:44:46.0518 1492 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/02/22 16:44:46.0815 1492 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 2011/02/22 16:44:47.0142 1492 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/02/22 16:44:47.0439 1492 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/02/22 16:44:47.0766 1492 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/02/22 16:44:48.0078 1492 msahci (5e939cf91ea4a841dbafe4627e0292bb) C:\Windows\system32\DRIVERS\msahci.sys 2011/02/22 16:44:48.0406 1492 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 2011/02/22 16:44:48.0718 1492 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/02/22 16:44:49.0045 1492 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/02/22 16:44:49.0357 1492 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/02/22 16:44:49.0716 1492 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/02/22 16:44:50.0028 1492 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/02/22 16:44:50.0403 1492 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/02/22 16:44:50.0449 1492 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 2011/02/22 16:44:50.0496 1492 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/02/22 16:44:50.0527 1492 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/02/22 16:44:50.0574 1492 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/02/22 16:44:50.0590 1492 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/02/22 16:44:50.0668 1492 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/02/22 16:44:50.0886 1492 NAVENG (5f20c5ab2f3cdc1700a1013902398e5c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\ENG64.SYS 2011/02/22 16:44:50.0949 1492 NAVEX15 (386578e94e66302136288b349deb1e92) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\EX64.SYS 2011/02/22 16:44:51.0323 1492 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 2011/02/22 16:44:51.0666 1492 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/02/22 16:44:52.0025 1492 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/02/22 16:44:52.0384 1492 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/02/22 16:44:52.0680 1492 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/02/22 16:44:52.0992 1492 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 2011/02/22 16:44:53.0335 1492 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/02/22 16:44:53.0647 1492 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 2011/02/22 16:44:54.0084 1492 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 2011/02/22 16:44:54.0521 1492 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/02/22 16:44:54.0864 1492 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/02/22 16:44:55.0192 1492 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/02/22 16:44:55.0551 1492 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys 2011/02/22 16:44:55.0909 1492 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/02/22 16:44:56.0268 1492 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys 2011/02/22 16:44:56.0580 1492 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys 2011/02/22 16:44:56.0877 1492 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/02/22 16:44:57.0173 1492 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/02/22 16:44:57.0516 1492 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/02/22 16:44:57.0828 1492 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 2011/02/22 16:44:58.0140 1492 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 2011/02/22 16:44:58.0468 1492 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 2011/02/22 16:44:58.0780 1492 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/02/22 16:44:59.0061 1492 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/02/22 16:44:59.0404 1492 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/02/22 16:44:59.0809 1492 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 2011/02/22 16:45:00.0153 1492 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/02/22 16:45:00.0496 1492 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 2011/02/22 16:45:00.0870 1492 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/02/22 16:45:01.0198 1492 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/02/22 16:45:01.0525 1492 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/02/22 16:45:01.0837 1492 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/02/22 16:45:02.0181 1492 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/02/22 16:45:02.0508 1492 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/02/22 16:45:02.0867 1492 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/02/22 16:45:03.0210 1492 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/02/22 16:45:03.0553 1492 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 2011/02/22 16:45:03.0865 1492 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/02/22 16:45:04.0177 1492 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/02/22 16:45:04.0536 1492 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/02/22 16:45:04.0848 1492 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/02/22 16:45:05.0176 1492 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 2011/02/22 16:45:05.0550 1492 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 2011/02/22 16:45:05.0925 1492 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/02/22 16:45:06.0268 1492 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys 2011/02/22 16:45:06.0627 1492 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys 2011/02/22 16:45:06.0985 1492 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/02/22 16:45:07.0297 1492 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 2011/02/22 16:45:07.0656 1492 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys 2011/02/22 16:45:08.0031 1492 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/02/22 16:45:08.0358 1492 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/02/22 16:45:08.0686 1492 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/02/22 16:45:09.0029 1492 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/02/22 16:45:09.0357 1492 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/02/22 16:45:09.0700 1492 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/02/22 16:45:10.0043 1492 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/02/22 16:45:10.0355 1492 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/02/22 16:45:10.0729 1492 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/02/22 16:45:11.0041 1492 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/02/22 16:45:11.0400 1492 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/02/22 16:45:11.0806 1492 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/02/22 16:45:12.0180 1492 SRTSP (4f3dee025dfc4d8bb067fa952d040405) C:\Windows\system32\drivers\NISx64\1200000.080\SRTSP64.SYS 2011/02/22 16:45:12.0539 1492 SRTSPX (f14935c467021f3293a099307cfc8e2a) C:\Windows\system32\drivers\NISx64\1200000.080\SRTSPX64.SYS 2011/02/22 16:45:12.0882 1492 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys 2011/02/22 16:45:13.0225 1492 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys 2011/02/22 16:45:13.0569 1492 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 2011/02/22 16:45:13.0943 1492 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 2011/02/22 16:45:14.0302 1492 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 2011/02/22 16:45:14.0629 1492 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys 2011/02/22 16:45:14.0941 1492 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/02/22 16:45:15.0285 1492 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 2011/02/22 16:45:15.0659 1492 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys 2011/02/22 16:45:16.0080 1492 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys 2011/02/22 16:45:16.0439 1492 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys 2011/02/22 16:45:16.0782 1492 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/02/22 16:45:17.0141 1492 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/02/22 16:45:17.0437 1492 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/02/22 16:45:17.0781 1492 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 2011/02/22 16:45:18.0108 1492 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 2011/02/22 16:45:18.0498 1492 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/02/22 16:45:18.0857 1492 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 2011/02/22 16:45:19.0169 1492 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/02/22 16:45:19.0200 1492 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys 2011/02/22 16:45:19.0263 1492 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/02/22 16:45:19.0294 1492 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 2011/02/22 16:45:19.0341 1492 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/02/22 16:45:19.0403 1492 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys 2011/02/22 16:45:19.0465 1492 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/02/22 16:45:19.0497 1492 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 2011/02/22 16:45:19.0559 1492 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys 2011/02/22 16:45:19.0637 1492 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys 2011/02/22 16:45:19.0715 1492 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys 2011/02/22 16:45:19.0762 1492 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 2011/02/22 16:45:19.0793 1492 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/02/22 16:45:19.0840 1492 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/02/22 16:45:19.0855 1492 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/02/22 16:45:19.0933 1492 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys 2011/02/22 16:45:20.0027 1492 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/02/22 16:45:20.0074 1492 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/02/22 16:45:20.0089 1492 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/02/22 16:45:20.0136 1492 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/02/22 16:45:20.0167 1492 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 2011/02/22 16:45:20.0199 1492 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/02/22 16:45:20.0214 1492 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 2011/02/22 16:45:20.0261 1492 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 2011/02/22 16:45:20.0292 1492 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/02/22 16:45:20.0355 1492 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/02/22 16:45:20.0386 1492 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/02/22 16:45:20.0417 1492 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 2011/02/22 16:45:20.0464 1492 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/02/22 16:45:20.0511 1492 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/02/22 16:45:20.0526 1492 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/02/22 16:45:20.0604 1492 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/02/22 16:45:20.0651 1492 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/02/22 16:45:20.0729 1492 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/02/22 16:45:20.0791 1492 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/02/22 16:45:20.0916 1492 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/02/22 16:45:20.0963 1492 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/02/22 16:45:21.0025 1492 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/02/22 16:45:21.0072 1492 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 2011/02/22 16:45:21.0103 1492 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/02/22 16:45:21.0197 1492 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys 2011/02/22 16:45:21.0275 1492 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/02/22 16:45:21.0275 1492 ================================================================================ 2011/02/22 16:45:21.0275 1492 Scan finished 2011/02/22 16:45:21.0275 1492 ================================================================================ 2011/02/22 16:45:21.0291 1364 Detected object count: 1 2011/02/22 16:46:17.0217 1364 \HardDisk0 - will be cured after reboot 2011/02/22 16:46:17.0217 1364 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/02/22 16:46:22.0692 0832 Deinitialize success thank you for your continued help