Free Malware Removal Forum

by **ElAzul** » June 9th, 2010, 4:36 pm

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:10:31 PM, on 6/9/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\CASEY\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 7082 bytes

Uninstall List:

Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player 11.5
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Bonjour
Broadcom ASF Management Applications
Broadcom Gigabit Integrated Controller
Broadcom Management Programs
CCleaner
Choice Guard
CloneDVD 4.1.0.23
CommView for WiFi
CyberLink PowerDVD 9
CyberLink PowerDVD 9
Dell Touchpad
DivX Codec
DivX Converter
DivX Plus DirectShow Filters
DivX Web Player
Download Updater (AOL LLC)
Emicsoft FLV Converter
FLV to WMV Convert 2.7
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HiJackThis
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
Java(TM) 6 Update 13
Junk Mail filter update
LimeWire 5.5.8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.5)
MSVCRT
MyDSC2
Nero 7 Premium
Paint.NET v3.36
Pcsx2 0.9.6
PokerStars.net
QuickTime
RealPlayer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Spybot - Search & Destroy
System Requirements Lab
Tic-Tac-Toe Gadget for Windows SideShow
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb977719)
VC80CRTRedist - 8.0.50727.762
VLC media player 0.9.9
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Wizard101

The problem I have been having is that my video card doesn't seem to be able to keep up whenever I watch something on Hulu or megavideo for example. This is a recent development as I didn't have this issue until yesterday. Could someone please help me figure out what us wrong? Thank you.

by **deltalima** » June 13th, 2010, 3:00 pm

Hi ElAzul,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Remove P2P Programs

I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 5.5.8
Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Click on start
Then Run
In the open text entry box please copy/paste appwiz.cpl Then click enter.
Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

by **ElAzul** » June 14th, 2010, 3:58 am

Thank you for the help. I uninstalled limewire. Is there anything else I should do?

by **deltalima** » June 14th, 2010, 4:02 am

Hi ElAzul,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.

Right click on OTL.exe and select Run as Administrator.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.

Right click the .exe file and select Run as Administrator. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Run Gmer again and click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE

Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

by **ElAzul** » June 15th, 2010, 7:55 pm

Here are the results of all of the scans. Thank you again.

OTL.txt

OTL logfile created on: 6/15/2010 6:53:56 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\CASEY\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 222.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 41.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.48 Gb Total Space | 13.60 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NO-PUEDE-SER
Current User Name: CASEY
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\CASEY\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\CASEY\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)

========== Modules (SafeList) ==========

MOD - C:\Users\CASEY\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)

========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. )
DRV - (TsLwWfF) -- C:\Windows\System32\drivers\TsLwWfF.sys (TamoSoft)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SQTECH905C) -- C:\Windows\System32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3324046170-1720674440-2931111238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3324046170-1720674440-2931111238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3324046170-1720674440-2931111238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3324046170-1720674440-2931111238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 94 6F DB BB EF C9 01 [binary data]
IE - HKU\S-1-5-21-3324046170-1720674440-2931111238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3324046170-1720674440-2931111238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/02 19:41:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/15 15:13:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/09 11:57:59 | 000,000,000 | ---D | M]

[2009/10/31 14:02:47 | 000,000,000 | ---D | M] -- C:\Users\CASEY\AppData\Roaming\mozilla\Extensions
[2009/05/28 16:53:28 | 000,000,000 | ---D | M] -- C:\Users\CASEY\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/06/08 23:23:24 | 000,000,000 | ---D | M] -- C:\Users\CASEY\AppData\Roaming\mozilla\Firefox\Profiles\vt3iblsg.default\extensions
[2009/10/31 14:02:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\CASEY\AppData\Roaming\mozilla\Firefox\Profiles\vt3iblsg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/02 23:22:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CASEY\AppData\Roaming\mozilla\Firefox\Profiles\vt3iblsg.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/10/31 13:44:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3324046170-1720674440-2931111238-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3324046170-1720674440-2931111238-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3324046170-1720674440-2931111238-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\CASEY\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\CASEY\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3324046170-1720674440-2931111238-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/06/15 18:46:37 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\CASEY\Desktop\OTL.exe
[2010/06/09 15:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/09 12:47:32 | 000,000,000 | ---D | C] -- C:\Users\CASEY\AppData\Roaming\AVG9
[2010/06/09 11:41:58 | 001,924,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\CASEY\Desktop\install_flash_player.exe
[2010/06/02 00:21:30 | 000,029,056 | ---- | C] (Service & Quality Technology.) -- C:\Windows\System32\drivers\Capt905c.sys
[2010/06/02 00:21:30 | 000,025,088 | ---- | C] (Service & Quality Technology.) -- C:\Windows\System32\drivers\Camd905c.sys
[2010/06/02 00:21:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MyDSC2
[2010/06/02 00:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\MyDSC2
[2010/06/02 00:19:40 | 000,000,000 | ---D | C] -- C:\Users\CASEY\AppData\Roaming\InstallShield
[2010/05/30 01:17:43 | 000,000,000 | ---D | C] -- C:\Users\CASEY\AppData\Local\Apps
[2010/05/30 01:17:41 | 000,000,000 | ---D | C] -- C:\Users\CASEY\AppData\Local\Deployment
[2010/05/22 14:39:58 | 024,184,872 | ---- | C] (Lime Wire LLC) -- C:\Users\CASEY\Desktop\LimeWireWin.exe
[2010/05/19 20:29:58 | 006,250,584 | ---- | C] (Intel(R) Corporation) -- C:\Users\CASEY\Desktop\th.exe
[2010/05/19 17:23:33 | 000,000,000 | ---D | C] -- C:\Users\CASEY\Documents\CommView for WiFi
[2010/05/19 17:23:19 | 000,022,632 | ---- | C] (TamoSoft) -- C:\Windows\System32\drivers\TsLwWfF.sys
[2010/05/19 17:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\CommViewWiFi
[2010/05/19 17:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\TamoSoft
[2010/05/19 16:59:43 | 000,047,208 | ---- | C] (TamoSoft) -- C:\Windows\System32\tsnotify.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/15 19:04:39 | 003,670,016 | -HS- | M] () -- C:\Users\CASEY\NTUSER.DAT
[2010/06/15 18:52:24 | 000,293,376 | ---- | M] () -- C:\Users\CASEY\Desktop\533tobu0.exe
[2010/06/15 18:52:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3324046170-1720674440-2931111238-1000UA.job
[2010/06/15 18:46:38 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\CASEY\Desktop\OTL.exe
[2010/06/15 16:40:54 | 061,096,097 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/06/15 16:37:13 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/15 16:37:13 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/15 16:32:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/15 16:31:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/15 16:31:56 | 797,417,472 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/14 16:26:35 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/14 13:52:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3324046170-1720674440-2931111238-1000Core.job
[2010/06/14 04:04:29 | 001,764,268 | -H-- | M] () -- C:\Users\CASEY\AppData\Local\IconCache.db
[2010/06/12 15:29:14 | 001,228,992 | ---- | M] () -- C:\Users\CASEY\Desktop\D630_A17.EXE
[2010/06/09 15:57:23 | 000,002,963 | ---- | M] () -- C:\Users\CASEY\Desktop\HiJackThis.lnk
[2010/06/09 15:52:53 | 000,007,618 | ---- | M] () -- C:\Users\CASEY\AppData\Local\Resmon.ResmonCfg
[2010/06/09 15:50:57 | 001,402,880 | ---- | M] () -- C:\Users\CASEY\Desktop\HiJackThis.msi
[2010/06/09 11:41:58 | 001,924,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\CASEY\Desktop\install_flash_player.exe
[2010/06/09 01:43:48 | 000,008,024 | ---- | M] () -- C:\Users\CASEY\Desktop\cc_20100609_014335.reg
[2010/06/04 22:03:02 | 000,748,740 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/04 22:03:02 | 000,638,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/04 22:03:02 | 000,113,676 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/02 12:18:32 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/06/02 12:18:31 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/06/02 00:21:30 | 000,000,300 | ---- | M] () -- C:\Windows\win.ini
[2010/06/02 00:17:32 | 004,193,940 | ---- | M] () -- C:\Users\CASEY\Desktop\SQ905C_DSC_Driver_V2.004_2007MAY28.zip
[2010/05/24 20:44:57 | 000,032,307 | ---- | M] () -- C:\Users\CASEY\Desktop\Casey Santana Transcript 2010.docx
[2010/05/22 14:45:24 | 024,184,872 | ---- | M] (Lime Wire LLC) -- C:\Users\CASEY\Desktop\LimeWireWin.exe
[2010/05/19 20:31:48 | 006,250,584 | ---- | M] (Intel(R) Corporation) -- C:\Users\CASEY\Desktop\th.exe
[2010/05/19 17:23:26 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\CommView for WiFi.lnk
[2010/05/19 17:20:44 | 010,021,934 | ---- | M] () -- C:\Users\CASEY\Desktop\ca6.zip
[2010/05/19 16:57:00 | 009,490,855 | ---- | M] () -- C:\Users\CASEY\Desktop\cv6.zip
[2010/05/19 15:00:03 | 000,185,420 | ---- | M] () -- C:\Users\CASEY\Desktop\bt4-final-vm.zip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/15 18:52:23 | 000,293,376 | ---- | C] () -- C:\Users\CASEY\Desktop\533tobu0.exe
[2010/06/12 15:29:14 | 001,228,992 | ---- | C] () -- C:\Users\CASEY\Desktop\D630_A17.EXE
[2010/06/09 15:57:23 | 000,002,963 | ---- | C] () -- C:\Users\CASEY\Desktop\HiJackThis.lnk
[2010/06/09 15:52:53 | 000,007,618 | ---- | C] () -- C:\Users\CASEY\AppData\Local\Resmon.ResmonCfg
[2010/06/09 15:50:55 | 001,402,880 | ---- | C] () -- C:\Users\CASEY\Desktop\HiJackThis.msi
[2010/06/09 01:43:43 | 000,008,024 | ---- | C] () -- C:\Users\CASEY\Desktop\cc_20100609_014335.reg
[2010/06/02 00:15:04 | 004,193,940 | ---- | C] () -- C:\Users\CASEY\Desktop\SQ905C_DSC_Driver_V2.004_2007MAY28.zip
[2010/05/24 20:44:55 | 000,032,307 | ---- | C] () -- C:\Users\CASEY\Desktop\Casey Santana Transcript 2010.docx
[2010/05/19 17:23:26 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\CommView for WiFi.lnk
[2010/05/19 17:11:56 | 010,021,934 | ---- | C] () -- C:\Users\CASEY\Desktop\ca6.zip
[2010/05/19 16:44:48 | 009,490,855 | ---- | C] () -- C:\Users\CASEY\Desktop\cv6.zip
[2010/05/19 14:43:43 | 000,185,420 | ---- | C] () -- C:\Users\CASEY\Desktop\bt4-final-vm.zip
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/28 09:11:17 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2009/05/28 08:38:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/28 01:18:41 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2006/04/30 00:34:04 | 000,049,152 | ---- | C] () -- C:\Windows\System32\WbxRMenu.dll
[2006/04/13 23:18:24 | 000,196,608 | ---- | C] () -- C:\Windows\System32\atonres.dll
[2006/04/13 23:18:24 | 000,131,072 | ---- | C] () -- C:\Windows\System32\WbxMSAI.dll
[2006/04/13 23:18:24 | 000,098,304 | ---- | C] () -- C:\Windows\System32\atonecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}
@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
< End of report >

Extras.txt

OTL Extras logfile created on: 6/15/2010 6:53:56 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\CASEY\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 222.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 41.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.48 Gb Total Space | 13.60 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NO-PUEDE-SER
Current User Name: CASEY
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3324046170-1720674440-2931111238-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F7E7CEE-54EE-4882-AA16-64F3D84EE27D}" = Tic-Tac-Toe Gadget for Windows SideShow
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel(R) PROSet/Wireless WiFi Software
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6F6594CB-DA1B-4FFB-B397-CACE3D5F668B}" = Windows Live Movie Maker Beta
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFB7485D-A200-33CA-A2E1-E1600CA76484}" = Google Talk Plugin
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC98FBE9-E931-494C-8717-497185371033}" = Nero 7 Premium
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"CommView for WiFi" = CommView for WiFi
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Emicsoft FLV Converter_is1" = Emicsoft FLV Converter
"FLV to WMV Convert_is1" = FLV to WMV Convert 2.7
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"MainApp.exe_is1" = CloneDVD 4.1.0.23
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"PokerStars.net" = PokerStars.net
"ProInst" = Intel PROSet Wireless
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 12.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SystemRequirementsLab" = System Requirements Lab
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 0.9.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3324046170-1720674440-2931111238-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Gmer.txt

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-15 19:51:28
Windows 6.1.7600
Running: 533tobu0.exe; Driver: C:\Users\CASEY\AppData\Local\Temp\pwlcifoc.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83232AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83232104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832323F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8321A634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8321A898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832321DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83232958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832326F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83232F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832331A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E4B5C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E70052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 96816C9D 28 Bytes [55, 1A, 62, DA, F4, FD, 5F, ...]
.text peauth.sys 96816CC1 28 Bytes [55, 1A, 62, DA, F4, FD, 5F, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtCreateFile + 6 77654A16 4 Bytes [28, 00, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtCreateFile + B 77654A1B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtMapViewOfSection + 6 77655076 1 Byte [28]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtMapViewOfSection + 6 77655076 4 Bytes [28, 03, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtMapViewOfSection + B 7765507B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenFile + 6 77655126 4 Bytes [68, 00, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenFile + B 7765512B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcess + 6 776551D6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcess + B 776551DB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcessToken + B 776551EB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcessTokenEx + 6 776551F6 4 Bytes [A8, 02, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcessTokenEx + B 776551FB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThread + 6 77655256 4 Bytes [68, 01, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThread + B 7765525B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThreadToken + 6 77655266 4 Bytes [68, 02, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThreadToken + B 7765526B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThreadTokenEx + B 7765527B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtQueryAttributesFile + 6 77655386 4 Bytes [A8, 00, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtQueryAttributesFile + B 7765538B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtQueryFullAttributesFile + B 7765543B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtSetInformationFile + 6 77655A86 4 Bytes [28, 01, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtSetInformationFile + B 77655A8B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtSetInformationThread + 6 77655AE6 4 Bytes [28, 02, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtSetInformationThread + B 77655AEB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtUnmapViewOfSection + 6 77655E06 1 Byte [68]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtUnmapViewOfSection + 6 77655E06 4 Bytes [68, 03, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtUnmapViewOfSection + B 77655E0B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtCreateFile + 6 77654A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtCreateFile + B 77654A1B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtMapViewOfSection + 6 77655076 1 Byte [28]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtMapViewOfSection + 6 77655076 4 Bytes [28, 03, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtMapViewOfSection + B 7765507B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenFile + 6 77655126 4 Bytes [68, 00, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenFile + B 7765512B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcess + 6 776551D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcess + B 776551DB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcessToken + B 776551EB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcessTokenEx + 6 776551F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcessTokenEx + B 776551FB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThread + 6 77655256 4 Bytes [68, 01, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThread + B 7765525B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThreadToken + 6 77655266 4 Bytes [68, 02, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThreadToken + B 7765526B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThreadTokenEx + B 7765527B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtQueryAttributesFile + 6 77655386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtQueryAttributesFile + B 7765538B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtQueryFullAttributesFile + B 7765543B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtSetInformationFile + 6 77655A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtSetInformationFile + B 77655A8B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtSetInformationThread + 6 77655AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtSetInformationThread + B 77655AEB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtUnmapViewOfSection + 6 77655E06 1 Byte [68]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtUnmapViewOfSection + 6 77655E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtUnmapViewOfSection + B 77655E0B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtCreateFile + 6 77654A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtCreateFile + B 77654A1B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtMapViewOfSection + 6 77655076 1 Byte [28]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtMapViewOfSection + 6 77655076 4 Bytes [28, 03, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtMapViewOfSection + B 7765507B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenFile + 6 77655126 4 Bytes [68, 00, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenFile + B 7765512B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcess + 6 776551D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcess + B 776551DB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessToken + B 776551EB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessTokenEx + 6 776551F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessTokenEx + B 776551FB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThread + 6 77655256 4 Bytes [68, 01, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThread + B 7765525B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadToken + 6 77655266 4 Bytes [68, 02, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadToken + B 7765526B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadTokenEx + B 7765527B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryAttributesFile + 6 77655386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryAttributesFile + B 7765538B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryFullAttributesFile + B 7765543B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationFile + 6 77655A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationFile + B 77655A8B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationThread + 6 77655AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationThread + B 77655AEB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtUnmapViewOfSection + 6 77655E06 1 Byte [68]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtUnmapViewOfSection + 6 77655E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtUnmapViewOfSection + B 77655E0B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtCreateFile + 6 77654A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtCreateFile + B 77654A1B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtMapViewOfSection + 6 77655076 1 Byte [28]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtMapViewOfSection + 6 77655076 4 Bytes [28, 03, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtMapViewOfSection + B 7765507B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenFile + 6 77655126 4 Bytes [68, 00, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenFile + B 7765512B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcess + 6 776551D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcess + B 776551DB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessToken + B 776551EB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessTokenEx + 6 776551F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessTokenEx + B 776551FB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThread + 6 77655256 4 Bytes [68, 01, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThread + B 7765525B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThreadToken + 6 77655266 4 Bytes [68, 02, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThreadToken + B 7765526B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThreadTokenEx + B 7765527B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryAttributesFile + 6 77655386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryAttributesFile + B 7765538B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryFullAttributesFile + B 7765543B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationFile + 6 77655A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationFile + B 77655A8B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationThread + 6 77655AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationThread + B 77655AEB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtUnmapViewOfSection + 6 77655E06 1 Byte [68]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtUnmapViewOfSection + 6 77655E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtUnmapViewOfSection + B 77655E0B 1 Byte [E2]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ?????????????????????????????????????????5????????????0????????????e???????????????????????????????????????????g?9???????????????????????????m?????????????????????????????????e?????????????? ??v???1??pc??????26???????6??????????????????????????????t????e???????????????????????????????????? ??s??????p???????????????p???????????????????????????????*6to4mp?????????????????????????????????Microsoft?????6?????????????16????????????????????:??????5????h?????????????????????????????????????????????????6-21-2006???????????????????????????????????? ???????,???????????????????0?g02???????????D?????eIR????d????????????n??????8???????????h?????*6to4mp???????????????????????????????????????????????????????????:???????????h?????????????? ???????g????????????X??????????t??????p???????????iPod?????????????????????????????????????????????}???}??????? ??????????????t???? ?????????????????????????????????????g????????????????????Microsoft????????????????????????????????????z???????????e????????????????????????????????v????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ?????????????????z?{?????????????????????B????????????8???????????h???????2???????????h?????????????????????????????????disk.inf????system32\drivers\nsiproxy.sys???System32\drivers\partmgr.sys??????????????????????????????????????????????????????????????????????????^????????????n????????????????????????*6to4mp??t????????????:???????????h?????????????????t????????????_??BB???????X???????????????t??????s???????????????????????????????*6to4mp???????????????:???????????h?????????????????t????????????4??t-??system32\DRIVERS\AgileVpn.sys????????r???????????????????B??????????????????????????????????????t????????????_?gtB??WAN Miniport (IKEv2)??????????????????????????????????????????????????????????????????????????????????????????????<???????????h?????????????????????????????????????????????????????????????????????????s?????6??????-????h8EC??system32\DRIVERS\rasl2tp.sys????????????????????????????????????????????????????t?????6???????????h???????????????????????????????????:???????????h?????tunnel??????Microsoft??
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ?????????????????e??? ????????????????????????????????????????????????????????<??????f??????????????????????????????????t????????????d??ma????????????????????????????????????????R????????????????????????????????????????? ??????????????????e????????t???????????????? ????????????????????????.???????????????????s?????? ?????????????????????-????????????????????????????? ?????????????????????-????????N????????r??? ????????????????????N?????????????{8366751f-c91a-11de-adbf-001c23040a00}??????????????????? ???????????????????????????????????????f??????????????? ?????????????????????1??L????????? ???????? ????????????????f_x8??? ?????????????????????1????????????&???????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????J????????????????????o??me??Basic_Install???wpdbusenum\fs?????*?????????????text????? ?????????????????????1????????????&???????????????????????????os??t???? ?????????????????????1????????????????????? ?????????????????????1????????~?????????????8???????????h
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ????????????????????????????????????????????????WpdFs????????????????e???????e??? ??????????????x????????????????????????????????????t???? ??s??????p????????????????????????????r???d??,-??????????volsnap.inf?????? ??????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege?SeTcbPrivilege???????? ???????????????????s?????????????????????a????????? ????????????????????????????$??????????????????????l?????????-23??????????? ???????F??????dA??WpdFsGroup???????????E??? ??????????????????????????????????????????????????????? ?????????????????????1??L????????? ?????????????????????????al_0??? ?????????????????????1????????????&???????????????????????? ?????????????????????1????????????????????? ???????????????????~?1????????????????????????????????????????9-15-2009???????????????????? ?????????????????????1????????????&???????????????????????2.0.30??????? ?????????????????????1????????????????????? ???????????????????{?1??????????????????????T??????????????d??????????????????????????????? ?????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ??????????????????*????????????n??????????????????????<???????????h?????????????????? ???????????C??23?????a??????????^????????????n??????b????????????n??????:???????????h??????????????B??????????????????????????system32\DRIVERS\rassstp.sys????????????????????????????????????????????????????????????x????????????????????(*?????????????????????????system32\drivers\peauth.sys?????????????????t???????????????????????*ISATAP??0??Video Save??????tunnel??????@%systemroot%\system32\wkssvc.dll,-1001???????????????????????????????????????b????????????e??????N???????????D???????????????????????m?????????????????int?el???????????{????????????????????????????????????????????????????\??????C?????e0???????????????????????????????????6-21-2006???????????????t???????????????????????Compbatt?t????R???????????h?????p???????????????????????????????????11???????????????????????????????????????????|???r??al??????????????????????????????? ??Wa??????????Microsoft??????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ????????????or??????????*6to4mp?73??????????????oem5.inf????SeCreateGlobalPrivilege?SeChangeNotifyPrivilege?SeIncreaseBasePriorityPrivilege?SeIncreaseQuotaPrivilege????%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe??????<????????????n????Microsoft .NET Framework NGEN???????????????????? ??????????????????????????????????????????????????p??????????????g?????????????????????????3????????????????????????????????8???????????h?????@%SystemRoot%\system32\drivers\fileinfo.sys,-100????Keyboard Port????????????l??23??ANY?????tunnel?l????Microsoft???????????????t???@%SystemRoot%\system32\drivers\fileinfo.sys,-101????system32\drivers\fltmgr.sys?????????t???Controls the underlying video driver stacks to provide fully-featured display capabilities.?????@%SystemRoot%\system32\drivers\http.sys,-1?????????????????g??????????????????????????????X??????8???????????????????????????????????????????????????????????????????????????????????{????b????????????n????GEAR ASPI Filter Driver???????<???????????h????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???s?????????r???;???<???s?s?6??????????? ?????s?5??????$???4????? ??????? ????????????????????????? ??????\???????????????]???]???????]??? ???]???????????????]???]???]???????]???????]??????????????????b????]???]???]???????]???]???????????????????????????\???]???]??? ???]???????]???????]??????????? ??? ???????]??? ??? ???]??? ????????????$???4????? ??????? ????t???????????????????????????????????????? ??????????? ???????machine.inf??<??tunnel??????????$???4????? ??????? ????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????(????????????????????????????????????????????????????????????????????????????????????????????????&??????????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ???????D?P??????0?????????????????????????????????????????????????r???????????????r????????????:??u???e?gus???????{??????ma???{?{8b???????????<???e??????????*6to4mp??????t?t?u??????$???4????? ????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???t?????????w???p??MD???????\???7???e????<??z???P?g?????????r????????????N????????????e_0???????w???0??e2???????????t??{00000000-0000-0000-ffff-ffffffffffff}???????????????????????w?x????? ???r???R???????????????????????????????w???????????????????????????x?x???????w?????????w???????????x?x????? ???r???.????????????????????<??{???r?ge\??@system32\DRIVERS\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,28,1)????@system32\DRIVERS\pci.sys,#1540;PCI to PCI Bridge????????????????????x?x????? ???????w?????w?????]????.???&???????????????s??????w?x??????X??????p???t??????????? ???????w?????????????-???????????????????????w????? ???????w???????????w?3??????6??????????????????????????????????????????w?w?w?w????? ???????w???????????w?3??????"???????????????????????????????????????:??x??????????????? ???????w???????????w?3??????$??????????????????????????4?????????evi???w?x?????w??????????????? ??????????????d???????????????????????????????????????????????? ???????w???????????w?3????????????????i??????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ??????????????????????????X??????8???????????????????????????????????????????????????????????????????????????????????{????b????????????n????GEAR ASPI Filter Driver???????<???????????h?????????????Microsoft?????????????????????????????????V????????????e????System Bus Extender?????RpcSs?????????????????????????8???????????h?????System32\drivers\hwpolicy.sys???system32\DRIVERS\i8042prt.sys?8042prt.sys???????or??????????s???.NTx86??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????2346?;????4?????????????????????????????????????????????????????????t???Loopback????????????????????????????LocalSystem?????????????????????????????????????????????????????????????????????????????*6to4mp?mR?????????????g????????????????????????wscsvc??????????-9???????????????????x??????????system32\DRIVERS\intelide.sys???@%systemroot%\system32\wkssvc.dll,-1004????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???|?????}?}???????????????????s?&???|?|???????|????? ???????|?????|???????1????????????????????? ???????|???????????x?1????????(?????????????N??????????????????????v???????????????|??6.1.7600.16385?????????|????? ???????|?????|???????1????????????????????? ???????|???????????y?1?????????????????????????|???????????????????????????????|???????????|?????|????? ???????|?????|???????1???????????????????????|???|???|???|???|???|???|???|??6d??(?????????? ???????|???????????y?1?????????????????????|?|???????|????? ???????{?????|??????????????????Q??????????T??? ???????|?????|?? ???????"?????h???????????\??\USB#ROOT_HUB#4&75387b2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}002???????????*???*?????|?&??usbport.inf:Generic.Section.NTx86:ROOTHUB.Dev:6.1.7600.16385:usb\root_hub???USB\ROOT_HUB20&VID8086&PID2836&REV0002?USB\ROOT_HUB20&VID8086&PID2836?USB\ROOT_HUB20??????B????????g{4????*??|???m?????????n t???????{??????????????????Microsoft????|???????????????????????????????????|??????????{36fc9e60-c465-11cf-8056-4445535400
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ?????????????????????????????????????????????????????{????b????????????n????GEAR ASPI Filter Driver???????<???????????h?????????????Microsoft?????????????????????????????????V????????????e????System Bus Extender?????RpcSs?????????????????????????8???????????h?????System32\drivers\hwpolicy.sys???system32\DRIVERS\i8042prt.sys?8042prt.sys???????or??????????s???.NTx86??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????2346?;????4?????????????????????????????????????????????????????????t???Loopback????????????????????????????LocalSystem?????????????????????????????????????????????????????????????????????????????*6to4mp?mR?????????????g????????????????????????wscsvc??????????-9???????????????????x??????????system32\DRIVERS\intelide.sys???@%systemroot%\system32\wkssvc.dll,-1004???????????????????????????????????????????????????????????????????????????????6????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ??????????????????6????????????e????????????????????6-21-2006???@%SystemRoot%\system32\drivers\fltmgr.sys,-10000????extended base?????b????????????e??????(?????????p??????????????g??????`????????????e????????????????????11??????Microsoft???Intel Processor Driver??????????????????Tcpip??9?9????????????T????????????e??????????????????????????<???????????h?????????????@???os??text????*6to4mp???????????????<???????????h?????????????????t???????????????????system32\drivers\HTTP.sys???mshdc.inf_x86_neutral_f64b9c35a3a5be81??????????????Microsoft UAA Bus Driver for High Definition Audio????????.????????????e????????????????p?????????????????????????????????????4???????????h?????Keyboard Class????????<???????????h???????????????????????????????:???????????h?????????????????????????????????????????????????????????????Microsoft??????????????????????????????????????????g??????????X?????????????@%SystemRoot%\system32\drivers\fvevol.sys,-100????????N??????????????d?????????????????????g?????????????o??????????6-21-2006??

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

by **deltalima** » June 16th, 2010, 3:46 am

Hi ElAzul,

Please remove the following programs as they may interfere with our checks and can be reinstalled later if still required.

Spybot - Search & Destroy
Ad-Aware

TDSSKiller

Please Download TDSSKiller.zip and save it on your desktop.
Extract (unzip) its contents to your Desktop.
Double-click the TDSSKiller Folder on your desktop.
Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
Important!: only run this fix once.
Right-click on TDSSKiller.exe on the desktop and select Run as Administrator.
If malicious services or files have been detected, the utility will prompt to reboot the PC in order to complete the disinfection procedure. Please reboot when prompted.
After reboot, the driver will delete malicious registry keys and files as well as remove itself from the services list.
a log file should be created on your C: drive named something like TDSSKiller.2.3.2.0 13.06.2010
To find the log click Start > Computer > C:.
Please post the contents of that log in your next reply.

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and select then follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please post that log in your next reply.

The log can also be found here:

Launch Malwarebytes' Anti-Malware
Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

by **ElAzul** » June 16th, 2010, 11:06 am

TDSSKiller

10:30:39:708 3656 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
10:30:39:708 3656 ================================================================================
10:30:39:708 3656 SystemInfo:

10:30:39:708 3656 OS Version: 6.1.7600 ServicePack: 0.0
10:30:39:708 3656 Product type: Workstation
10:30:39:708 3656 ComputerName: NO-PUEDE-SER
10:30:39:709 3656 UserName: CASEY
10:30:39:710 3656 Windows directory: C:\Windows
10:30:39:710 3656 Processor architecture: Intel x86
10:30:39:710 3656 Number of processors: 2
10:30:39:710 3656 Page size: 0x1000
10:30:39:711 3656 Boot type: Normal boot
10:30:39:711 3656 ================================================================================
10:30:44:924 3656 Initialize success
10:30:44:925 3656
10:30:44:926 3656 Scanning Services ...
10:30:46:880 3656 Raw services enum returned 469 services
10:30:46:889 3656
10:30:46:889 3656 Scanning Drivers ...
10:30:48:306 3656 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
10:30:48:362 3656 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
10:30:48:412 3656 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
10:30:48:502 3656 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:30:48:593 3656 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:30:48:722 3656 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:30:48:792 3656 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
10:30:48:879 3656 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
10:30:48:949 3656 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:30:49:066 3656 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
10:30:49:118 3656 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
10:30:49:163 3656 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
10:30:49:221 3656 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:30:49:285 3656 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:30:49:407 3656 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
10:30:49:461 3656 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:30:49:513 3656 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
10:30:49:603 3656 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
10:30:49:718 3656 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
10:30:49:766 3656 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:30:49:832 3656 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:30:49:902 3656 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:30:49:950 3656 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
10:30:50:073 3656 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) C:\Windows\system32\Drivers\avgldx86.sys
10:30:50:130 3656 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
10:30:50:227 3656 AvgTdiX (6e11bbc8dc5af836adc9c5f682fa3186) C:\Windows\system32\Drivers\avgtdix.sys
10:30:50:309 3656 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:30:50:419 3656 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:30:50:476 3656 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
10:30:50:546 3656 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:30:50:607 3656 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:30:50:699 3656 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
10:30:50:751 3656 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:30:50:801 3656 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:30:50:875 3656 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:30:51:028 3656 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:30:51:079 3656 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:30:51:121 3656 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:30:51:170 3656 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:30:51:260 3656 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:30:51:370 3656 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
10:30:51:415 3656 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:30:51:493 3656 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:30:51:576 3656 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:30:51:665 3656 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
10:30:51:732 3656 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
10:30:51:780 3656 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:30:51:821 3656 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:30:51:915 3656 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:30:52:010 3656 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
10:30:52:099 3656 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
10:30:52:144 3656 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:30:52:242 3656 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:30:52:352 3656 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:30:52:447 3656 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
10:30:52:603 3656 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:30:52:873 3656 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:30:52:944 3656 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
10:30:52:998 3656 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:30:53:073 3656 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:30:53:129 3656 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:30:53:236 3656 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:30:53:293 3656 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:30:53:358 3656 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:30:53:412 3656 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:30:53:518 3656 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:30:53:591 3656 fssfltr (574cea4d3510ec905c0163c42d305ba5) C:\Windows\system32\DRIVERS\fssfltr.sys
10:30:53:669 3656 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
10:30:53:724 3656 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
10:30:53:841 3656 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:30:53:932 3656 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:30:53:987 3656 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:30:54:067 3656 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
10:30:54:180 3656 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:30:54:238 3656 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:30:54:308 3656 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:30:54:361 3656 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:30:54:409 3656 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
10:30:54:526 3656 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
10:30:54:625 3656 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
10:30:54:670 3656 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
10:30:54:713 3656 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
10:30:54:771 3656 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
10:30:55:033 3656 igfx (c4097c4f60b7603b77e36715663d56eb) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:30:55:265 3656 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:30:55:308 3656 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
10:30:55:391 3656 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:30:55:509 3656 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:30:55:554 3656 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:30:55:631 3656 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:30:55:670 3656 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:30:55:716 3656 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
10:30:55:836 3656 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
10:30:55:890 3656 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:30:55:984 3656 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
10:30:56:051 3656 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
10:30:56:155 3656 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
10:30:56:204 3656 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
10:30:56:272 3656 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\Windows\system32\DRIVERS\Lbd.sys
10:30:56:326 3656 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:30:56:372 3656 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:30:56:487 3656 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:30:56:545 3656 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:30:56:619 3656 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:30:56:665 3656 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:30:56:717 3656 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:30:56:830 3656 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:30:56:916 3656 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:30:56:955 3656 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:30:56:997 3656 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
10:30:57:042 3656 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:30:57:197 3656 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
10:30:57:247 3656 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
10:30:57:300 3656 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:30:57:349 3656 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
10:30:57:515 3656 mrxsmb (9e5dd4ef01aed723abf5342ef23ff012) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:30:57:572 3656 mrxsmb10 (6532acbf612a8d340ef9e25e4fef21ee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:30:57:647 3656 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:30:57:693 3656 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
10:30:57:824 3656 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
10:30:57:879 3656 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:30:57:943 3656 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:30:57:983 3656 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
10:30:58:081 3656 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:30:58:157 3656 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:30:58:212 3656 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:30:58:263 3656 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:30:58:307 3656 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
10:30:58:374 3656 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:30:58:457 3656 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:30:58:520 3656 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:30:58:588 3656 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:30:58:654 3656 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
10:30:58:772 3656 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:30:58:840 3656 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:30:58:914 3656 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
10:30:58:951 3656 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
10:30:59:005 3656 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
10:30:59:065 3656 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:30:59:134 3656 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
10:30:59:272 3656 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
10:30:59:610 3656 netw5v32 (39cba1ae2a400ef99c3dec9f9f601876) C:\Windows\system32\DRIVERS\netw5v32.sys
10:30:59:895 3656 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:30:59:957 3656 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:30:59:996 3656 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:31:00:088 3656 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
10:31:00:192 3656 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:31:00:288 3656 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
10:31:00:398 3656 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
10:31:00:447 3656 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
10:31:00:514 3656 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
10:31:00:584 3656 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:31:00:686 3656 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
10:31:00:733 3656 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:31:00:778 3656 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
10:31:00:848 3656 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
10:31:00:919 3656 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:31:01:025 3656 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:31:01:082 3656 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:31:01:141 3656 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:31:01:202 3656 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:31:01:280 3656 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:31:01:470 3656 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:31:01:559 3656 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:31:01:613 3656 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:31:01:705 3656 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:31:01:791 3656 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:31:01:871 3656 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:31:01:910 3656 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:31:01:955 3656 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:31:02:074 3656 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
10:31:02:121 3656 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:31:02:198 3656 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:31:02:255 3656 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
10:31:02:302 3656 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:31:02:411 3656 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:31:02:461 3656 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
10:31:02:551 3656 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
10:31:02:600 3656 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:31:02:751 3656 RTL8187B (b6b3c4259d514f10b458ca6c2e50bc2e) C:\Windows\system32\DRIVERS\wg111v3.sys
10:31:02:814 3656 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
10:31:02:885 3656 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
10:31:02:929 3656 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
10:31:02:984 3656 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:31:03:061 3656 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:31:03:103 3656 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:31:03:154 3656 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:31:03:231 3656 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
10:31:03:278 3656 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:31:03:322 3656 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:31:03:416 3656 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:31:03:477 3656 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
10:31:03:554 3656 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:31:03:617 3656 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:31:03:672 3656 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:31:03:783 3656 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:31:03:830 3656 SQTECH905C (5e8bd271747d43bc2d656c1f956fddaf) C:\Windows\system32\Drivers\Capt905c.sys
10:31:03:897 3656 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
10:31:04:004 3656 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
10:31:04:120 3656 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
10:31:04:212 3656 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
10:31:04:345 3656 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
10:31:04:446 3656 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
10:31:04:555 3656 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:31:04:601 3656 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
10:31:04:661 3656 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
10:31:04:712 3656 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
10:31:04:808 3656 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
10:31:04:985 3656 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
10:31:05:075 3656 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
10:31:05:126 3656 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
10:31:05:195 3656 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
10:31:05:302 3656 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
10:31:05:369 3656 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
10:31:05:443 3656 TsLwWfF (d61b3fc65e4dd1fd78229800406831a5) C:\Windows\system32\DRIVERS\TsLwWfF.sys
10:31:05:479 3656 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:31:05:532 3656 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
10:31:05:637 3656 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:31:05:704 3656 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
10:31:05:752 3656 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
10:31:05:799 3656 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
10:31:05:858 3656 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:31:05:963 3656 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
10:31:06:046 3656 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
10:31:06:091 3656 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
10:31:06:140 3656 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
10:31:06:199 3656 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
10:31:06:289 3656 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
10:31:06:360 3656 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:31:06:416 3656 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:31:06:471 3656 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
10:31:06:524 3656 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
10:31:06:585 3656 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:31:06:652 3656 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:31:06:728 3656 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
10:31:06:785 3656 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
10:31:06:838 3656 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:31:06:911 3656 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
10:31:07:012 3656 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
10:31:07:104 3656 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
10:31:07:155 3656 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
10:31:07:224 3656 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:31:07:312 3656 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
10:31:07:406 3656 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:31:07:458 3656 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
10:31:07:519 3656 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
10:31:07:602 3656 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:31:07:693 3656 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
10:31:07:697 3656 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
10:31:07:752 3656 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:31:07:811 3656 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:31:07:872 3656 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:31:07:956 3656 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:31:08:046 3656 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
10:31:08:152 3656 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:31:08:176 3656 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:31:08:203 3656 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
10:31:08:248 3656 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:31:08:260 3656
10:31:08:261 3656 Completed
10:31:08:261 3656
10:31:08:262 3656 Results:
10:31:08:262 3656 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
10:31:08:262 3656 File objects infected / cured / cured on reboot: 0 / 0 / 0
10:31:08:263 3656
10:31:08:266 3656 KLMD(ARK) unloaded successfully

mbam-log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4204

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/16/2010 11:03:38 AM
mbam-log-2010-06-16 (11-03-38).txt

Scan type: Quick scan
Objects scanned: 124560
Time elapsed: 28 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\CASEY\Local Settings\Application Data\Windows Server\rhhlty.dll (Trojan.Agent) -> Quarantined and deleted successfully.

by **deltalima** » June 16th, 2010, 1:51 pm

Hi ElAzul,

Please re-open HijackThis and select Scan. Check the boxes next to all the entries listed below (if present):

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Now close all other open windows and then click on Fix Checked. Close HijackThis.

Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply and also let me know how your computer is running now.

by **Dakeyras** » June 19th, 2010, 3:48 pm

Due to lack of activity, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.

Free Malware Removal Forum

Video Card problems... Hijack this info posted.

Video Card problems... Hijack this info posted.

Re: Video Card problems... Hijack this info posted.

Re: Video Card problems... Hijack this info posted.

Re: Video Card problems... Hijack this info posted.

Re: Video Card problems... Hijack this info posted.

Re: Video Card problems... Hijack this info posted.

Re: Video Card problems... Hijack this info posted.

Re: Video Card problems... Hijack this info posted.

Re: Video Card problems... Hijack this info posted.

Who is online