1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Rootkit problem causing links redirect

Discussion in 'Virus & Other Malware Removal' started by Dangerous_Dave, Jan 19, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Dangerous_Dave

    Dangerous_Dave Thread Starter

    Joined:
    Feb 27, 2009
    Messages:
    74
    A couple of nights ago I was hit by a virus which immediately told me it was scanning my PC and I needed to download its software to clear it. I didn't panic too much at the time, running MBAM, which cleared 18 infected files, but when I started using the internet I kept getting redirected to other sites. So, I ran another scan using ComboFix (which I know someone's going to tell me off for, but it usually does the trick). That came with its own hassles because apparently you now have to get rid of AVG, not just switch it off. The initial run returned a message saying that ComboFix had detected rootkit activity and needed to start again, so I did, and ComboFix ran again. It doesn't seem to have cleared the problem though i.e. I still keep getting redirected. The last ComboFix log it produced appears to have identified a couple of rootkits but has made no mention of deleting them. Would anyone mind helping me get rid ??? Feel free to reprimand away.

    Latest ComboFix log looked like this:

    ComboFix 11-01-16.04 - Administrator 17/01/2011 22:43:27.7.2 - x86 MINIMAL
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    .
    ((((((((((((((((((((((((( Files Created from 2010-12-18 to 2011-01-18 )))))))))))))))))))))))))))))))
    .
    2011-01-17 21:40 . 2011-01-17 21:40 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2011-01-17 21:39 . 2011-01-17 21:45 -------- d-----w- c:\windows\LastGood
    2011-01-17 21:38 . 2011-01-17 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
    2011-01-17 21:33 . 2011-01-17 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-01-17 18:07 . 2011-01-18 00:03 761344 ----a-w- c:\windows\system32\drivers\junil.sys
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-20 18:09 . 2009-12-01 17:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 18:08 . 2009-12-01 17:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-18 18:12 . 2004-08-10 12:02 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52 . 2004-08-04 10:00 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:34 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:34 . 2004-08-04 10:00 78336 ------w- c:\windows\system32\ieencode.dll
    2010-11-06 00:34 . 2004-08-04 10:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-06 00:34 . 2004-08-04 10:00 17408 ------w- c:\windows\system32\corpol.dll
    2010-11-03 12:25 . 2004-08-04 10:00 389120 ------w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2004-08-04 10:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2004-08-04 10:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 505368]
    "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-05-16 26112]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "MXO Auto Loader"="c:\windows\MXOALDR.EXE" [2003-04-07 118784]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
    "MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 45056]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 18944]
    "CTHelper"="CTHELPER.EXE" [2005-11-08 16384]
    "CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
    "Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http:" [X]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SetDefaultMIDI"="MIDIDEF.EXE" [2005-11-08 25600]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    blueyonder Instant Support Tool.lnk - c:\program files\blueyonder IST\bin\matcli.exe [N/A]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2006-11-11 611064]
    R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 81688]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 135664]
    R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2006-03-27 167808]
    R3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter;c:\windows\system32\DRIVERS\WebSTAR.sys [2001-12-17 15417]
    S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\DRIVERS\tffsport.sys [2008-04-13 149376]

    --- Other Services/Drivers In Memory ---
    *Deregistered* - junil
    .
    Contents of the 'Scheduled Tasks' folder
    2011-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]
    2011-01-17 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-28 03:10]
    2011-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 11:17]
    2011-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 11:17]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} - hxxp://static.photobox.co.uk/sg/common/ImageUploader4.cab
    FF - ProfilePath -
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-18 00:09
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTxfiHlp = CTXFIHLP.EXE?
    CTHelper = CTHELPER.EXE?
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD2500JS-75NCB2 rev.10.02E03 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-17
    device: opened successfully
    user: MBR read successfully
    Disk trace:
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskWDC_WD2500JS-75NCB2_____________________10.02E03#5&2510770d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x87B0739B
    user & kernel MBR OK
    copy of MBR has been found in sector 488263545
    **************************************************************************
    [HKEY_LOCAL_MACHINE\System\ControlSet051\Services\junil]
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'winlogon.exe'(236)
    c:\windows\system32\WININET.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    - - - - - - - > 'lsass.exe'(296)
    c:\windows\system32\WININET.dll
    .
    Completion time: 2011-01-18 00:09:48
    ComboFix-quarantined-files.txt 2011-01-18 00:09
    ComboFix2.txt 2011-01-17 21:21
    Pre-Run: 167,852,187,648 bytes free
    Post-Run: 167,829,233,664 bytes free
    Current=51 Default=51 Failed=0 LastKnownGood=55 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55
    - - End Of File - - 55D69C798654921DE54ABB35F59B8C4F



    ....and latest HJT log looks like this:



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:43:48, on 18/01/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17093)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\MXOALDR.EXE
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
    C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...TzM2KzEtRjlNMTBBKzI"&"prod=90"&"ver=10.0.1187
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
    O4 - Startup: Jacquie Lawson Advent Calendar.lnk = C:\Program Files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe
    O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} (PhotoBox uploader) - http://static.photobox.co.uk/sg/common/ImageUploader4.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271357568160
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148033467500
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
    --
    End of file - 12917 bytes
     
  2. Dangerous_Dave

    Dangerous_Dave Thread Starter

    Joined:
    Feb 27, 2009
    Messages:
    74
    Bump

    I haven't switched my PC on for a week now - just didn't want my post to get forgotten.
     
  3. Dangerous_Dave

    Dangerous_Dave Thread Starter

    Joined:
    Feb 27, 2009
    Messages:
    74
    I've come to the conclusion that I haven't received any replies in nearly two weeks because I hadn't followed the updated instructions (I haven't been on this forum for a while). So, starting afresh, attached are the latest HJT, DDS and GMER results. For the record, GMER didn't actually tell me that it had finished it just stopped scanning with a final message saying that rootkit activity had been detected, so I saved the log as it was. Anyway,

    HJT Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:34:32, on 30/01/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17093)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\MXOALDR.EXE
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...TzM2KzEtRjlNMTBBKzI"&"prod=90"&"ver=10.0.1187
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
    O4 - Startup: Jacquie Lawson Advent Calendar.lnk = C:\Program Files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe
    O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} (PhotoBox uploader) - http://static.photobox.co.uk/sg/common/ImageUploader4.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271357568160
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148033467500
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
    --
    End of file - 12884 bytes
     
  4. Dangerous_Dave

    Dangerous_Dave Thread Starter

    Joined:
    Feb 27, 2009
    Messages:
    74
    DDS Log:


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Tilty at 16:11:08.68 on 30/01/2011
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.409 [GMT 0:00]
    AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: *Disabled*
    ============== Running Processes ===============
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\MXOALDR.EXE
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    svchost.exe
    "C:\WINDOWS\System32\svchost.exe"
    "C:\WINDOWS\System32\svchost.exe"
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
    C:\Documents and Settings\Tilty\Desktop\dds.scr
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.google.com
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>;*.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
    uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
    uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
    mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
    mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [MXO Auto Loader] c:\windows\MXOALDR.EXE
    mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
    mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...TzM2KzEtRjlNMTBBKzI"&"prod=90"&"ver=10.0.1187
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
    dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
    StartupFolder: c:\docume~1\tilty\startm~1\programs\startup\jacqui~1.lnk - c:\program files\jacquie lawson advent calendar\jacquie lawson advent calendar\Jacquie Lawson Advent Calendar.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueyo~1.lnk - c:\program files\blueyonder ist\bin\matcli.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} - hxxp://static.photobox.co.uk/sg/common/ImageUploader4.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271357568160
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148033467500
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - hxxp://secure2.comned.com/signuptemplates/securelogin-devel.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    ================= FIREFOX ===================
    FF - ProfilePath - c:\docume~1\tilty\applic~1\mozilla\firefox\profiles\tpaaj38x.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    ============= SERVICES / DRIVERS ===============
    R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-23 81688]
    S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2004-8-4 149376]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]
    S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-7-29 167808]
    S3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter;c:\windows\system32\drivers\WebSTAR.sys [2006-5-19 15417]
    =============== Created Last 30 ================
    2011-01-17 21:58:21 98816 ----a-w- c:\windows\sed.exe
    2011-01-17 21:58:21 89088 ----a-w- c:\windows\MBR.exe
    2011-01-17 21:58:21 256512 ----a-w- c:\windows\PEV.exe
    2011-01-17 21:58:21 161792 ----a-w- c:\windows\SWREG.exe
    2011-01-17 21:41:55 -------- d-----w- c:\docume~1\tilty\applic~1\AVG10
    2011-01-17 21:40:12 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
    2011-01-17 21:38:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
    2011-01-17 21:33:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
    2011-01-17 18:07:42 761344 ----a-w- c:\windows\system32\drivers\junil.sys
    ==================== Find3M ====================
    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:34:11 78336 ------w- c:\windows\system32\ieencode.dll
    2010-11-06 00:34:11 1830912 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-06 00:34:11 17408 ------w- c:\windows\system32\corpol.dll
    2010-11-03 12:25:53 389120 ------w- c:\windows\system32\html.iec
    =================== ROOTKIT ====================
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD2500JS-75NCB2 rev.10.02E03 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-17
    device: opened successfully
    user: MBR read successfully
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8791F555]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x879257b0]; MOV EAX, [0x8792582c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x87982AB8]
    3 CLASSPNP[0xF7592FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x879CC530]
    \Driver\atapi[0x879C6A08] -> IRP_MJ_CREATE -> 0x8791F555
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskWDC_WD2500JS-75NCB2_____________________10.02E03#5&2510770d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8791F39B
    user & kernel MBR OK
    copy of MBR has been found in sector 488263545
    Warning: possible TDL3 rootkit infection !
    ============= FINISH: 16:13:45.57 ===============
     

    Attached Files:

  5. Dangerous_Dave

    Dangerous_Dave Thread Starter

    Joined:
    Feb 27, 2009
    Messages:
    74
    GMER (ark.txt):

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-30 16:58:33
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 WDC_WD2500JS-75NCB2 rev.10.02E03
    Running: d4z3zv6k.exe; Driver: C:\DOCUME~1\Tilty\LOCALS~1\Temp\pxtdapow.sys

    ---- Kernel code sections - GMER 1.0.15 ----
    .text junil.sys F7275000 21 Bytes JMP F72A52F5 junil.sys
    .text junil.sys F7275016 21 Bytes [66, 0F, BE, D3, 66, 8B, 55, ...]
    .text junil.sys F727502C 43 Bytes [00, 9C, FF, 74, 24, 3C, 8F, ...]
    .text junil.sys F7275058 18 Bytes [66, 0F, A3, CE, 0F, 83, B6, ...]
    .text junil.sys F727506B 78 Bytes [00, 0F, 8D, 12, 0C, 00, 00, ...]
    .text ...
    ? C:\WINDOWS\system32\drivers\junil.sys A device attached to the system is not functioning.
    PAGE Ntfs.sys F7126E55 4 Bytes CALL 878D61F9
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[108] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[108] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\WINDOWS\system32\CTXFIHLP.EXE[148] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\WINDOWS\system32\CTXFIHLP.EXE[148] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\WINDOWS\CTHELPER.EXE[180] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\WINDOWS\CTHELPER.EXE[180] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE[200] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE[200] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe[232] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe[232] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\WINDOWS\SYSTEM32\CTXFISPI.EXE[360] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\WINDOWS\SYSTEM32\CTXFISPI.EXE[360] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\Program Files\QuickTime\QTTask.exe[424] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\QuickTime\QTTask.exe[424] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\Program Files\iTunes\iTunesHelper.exe[432] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\iTunes\iTunesHelper.exe[432] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[440] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[440] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\Program Files\Dell Support\DSAgnt.exe[488] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\Dell Support\DSAgnt.exe[488] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\Program Files\Skype\Phone\Skype.exe[500] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\Skype\Phone\Skype.exe[500] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\WINDOWS\system32\ctfmon.exe[528] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\WINDOWS\system32\ctfmon.exe[528] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\WINDOWS\system32\Ati2evxx.exe[804] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\WINDOWS\system32\Ati2evxx.exe[804] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\WINDOWS\System32\svchost.exe[980] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DA000A
    .text C:\WINDOWS\System32\svchost.exe[980] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DB000A
    .text C:\WINDOWS\System32\svchost.exe[980] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D9000C
    .text C:\WINDOWS\System32\svchost.exe[980] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00E3000A
    .text C:\PROGRA~1\MICROS~4\rapimgr.exe[1172] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\PROGRA~1\MICROS~4\rapimgr.exe[1172] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe[1492] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe[1492] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\WINDOWS\Explorer.EXE[1576] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CB000A
    .text C:\WINDOWS\Explorer.EXE[1576] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CC000A
    .text C:\WINDOWS\Explorer.EXE[1576] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CA000C
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1612] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1612] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1680] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1680] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1732] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1732] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1840] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1840] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\Documents and Settings\Tilty\Desktop\d4z3zv6k.exe[1868] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Documents and Settings\Tilty\Desktop\d4z3zv6k.exe[1868] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1904] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1904] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1916] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1916] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1924] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1924] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1944] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1944] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\WINDOWS\MXOALDR.EXE[1980] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\WINDOWS\MXOALDR.EXE[1980] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe[2024] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe[2024] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2032] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2032] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2044] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2044] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\Program Files\Virgin Broadband Wireless\ndis_events.exe[2196] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\Virgin Broadband Wireless\ndis_events.exe[2196] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2260] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2260] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    ? C:\WINDOWS\system32\svchost.exe[2280] image checksum mismatch; time/date stamp mismatch;
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2324] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2324] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\WINDOWS\system32\wuauclt.exe[2768] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F9000A
    .text C:\WINDOWS\system32\wuauclt.exe[2768] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FA000A
    .text C:\WINDOWS\system32\wuauclt.exe[2768] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F8000C
    .text C:\WINDOWS\system32\wuauclt.exe[2768] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\WINDOWS\system32\wuauclt.exe[2768] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3372] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3372] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    .text C:\Program Files\iPod\bin\iPodService.exe[3440] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
    .text C:\Program Files\iPod\bin\iPodService.exe[3440] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs 8793CFE0
    AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
    AttachedDevice \Driver\Tcpip \Device\Ip 87556988
    Device \Driver\nltdi \Device\nlctrl 87556988
    AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp 87556988
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8791939B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8791939B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-4 8791939B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8791939B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c 8791939B
    AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
    AttachedDevice \Driver\Tcpip \Device\Udp 87556988
    AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp 87556988
    Device \FileSystem\Fastfat \Fat A62FCD20
    Device \FileSystem\Fastfat \Fat A63009F2
    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
    Device \Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskWDC_WD2500JS-75NCB2_____________________10.02E03#5&2510770d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    ---- Services - GMER 1.0.15 ----
    Service (*** hidden *** ) [BOOT] junil <-- ROOTKIT !!!
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected]h 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet031\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet031\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet031\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet031\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet031\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet031\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet031\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet031\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet031\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet033\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet033\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet033\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet033\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet033\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet033\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet033\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet033\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet033\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet034\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet034\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet034\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet034\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet034\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet034\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet034\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet034\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet034\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet035\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet035\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet035\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet035\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet035\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet035\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet035\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet035\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet035\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet036\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet036\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet036\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet036\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet036\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet036\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet036\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet036\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet036\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet037\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet037\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet037\Services\sptd\Cfg\19659239224E364682FA[email protected] 0
    Reg HKLM\SYSTEM\ControlSet037\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet037\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet037\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet037\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet037\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet037\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet038\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet038\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet038\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet038\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet038\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet038\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet038\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet038\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet038\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet039\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet039\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet039\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet039\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet039\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet039\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet039\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet039\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet039\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet040\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet040\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet040\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet040\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet040\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet040\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet040\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet040\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet040\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet041\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet041\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet041\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet041\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet041\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet041\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet041\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet041\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet041\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet042\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet042\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet042\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet042\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet042\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet042\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet042\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet042\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet042\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet043\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet043\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet043\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet043\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet043\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet043\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet043\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet043\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet043\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet044\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet044\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet044\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet044\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet044\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet044\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet044\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet044\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet044\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet045\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet045\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet045\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet045\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet045\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet045\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet045\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet045\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet045\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet046\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet046\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet046\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet046\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet046\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet046\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet046\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet046\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet046\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet047\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet047\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet047\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet047\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet047\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet047\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet047\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet047\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet047\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet048\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet048\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet048\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet048\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet048\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet048\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet048\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet048\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet048\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet049\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet049\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet049\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet049\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet049\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet049\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet049\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet049\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet049\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet050\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet050\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet050\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet050\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet050\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet050\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet050\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet050\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet050\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] -802382051
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Boot Bus Extender
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet052\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet052\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet052\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet052\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet052\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet052\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet052\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet052\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet052\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet053\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet053\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet053\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet053\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet053\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet053\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet053\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet053\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet053\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet054\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet054\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet054\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet054\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet054\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet054\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet054\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet054\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet054\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    Reg HKLM\SYSTEM\ControlSet055\Services\[email protected] -802382051
    Reg HKLM\SYSTEM\ControlSet055\Services\[email protected] 1
    Reg HKLM\SYSTEM\ControlSet055\Services\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet055\Services\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet055\Services\[email protected] Boot Bus Extender
    Reg HKLM\SYSTEM\ControlSet055\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet055\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet055\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet055\Services\sptd\Cfg\[email protected] 0x27 0xF3 0xCB 0x79 ...
    Reg HKLM\SYSTEM\ControlSet055\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet055\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet055\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xA1 0x1E 0x3E 0x30 ...
    Reg HKLM\SYSTEM\ControlSet055\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet055\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA1 0x69 0x5B 0xE6 ...
    ---- Disk sectors - GMER 1.0.15 ----
    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
    ---- Files - GMER 1.0.15 ----
    File C:\Documents and Settings\Tilty\Local Settings\Temporary Internet Files\Content.IE5\EWDSJN5S\109[1] 0 bytes
    ---- EOF - GMER 1.0.15 ----
     
  6. Dangerous_Dave

    Dangerous_Dave Thread Starter

    Joined:
    Feb 27, 2009
    Messages:
    74
    Bump bump.

    2 weeks without reply so far. If I've done something wrong or forgotten to do something can someone please let me know.

    Thanks
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Dave,

    Proceed as follows please :-

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Kevin
     
  8. Dangerous_Dave

    Dangerous_Dave Thread Starter

    Joined:
    Feb 27, 2009
    Messages:
    74
    Thanks Kevin - almost missed that reply. Sorry for the wait.

    I don't know if it's relevant but I couldn't get an internet connection using full Windows so I downloaded TDSS via safe mode with networking and then ran the file in sfae mode also. Anyway, here's the log:

    2011/02/02 20:28:01.0125 1420 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
    2011/02/02 20:28:01.0421 1420 ================================================================================
    2011/02/02 20:28:01.0421 1420 SystemInfo:
    2011/02/02 20:28:01.0421 1420
    2011/02/02 20:28:01.0421 1420 OS Version: 5.1.2600 ServicePack: 3.0
    2011/02/02 20:28:01.0421 1420 Product type: Workstation
    2011/02/02 20:28:01.0421 1420 ComputerName: DAVE
    2011/02/02 20:28:01.0421 1420 UserName: Administrator
    2011/02/02 20:28:01.0421 1420 Windows directory: C:\WINDOWS
    2011/02/02 20:28:01.0421 1420 System windows directory: C:\WINDOWS
    2011/02/02 20:28:01.0421 1420 Processor architecture: Intel x86
    2011/02/02 20:28:01.0421 1420 Number of processors: 2
    2011/02/02 20:28:01.0421 1420 Page size: 0x1000
    2011/02/02 20:28:01.0421 1420 Boot type: Safe boot with network
    2011/02/02 20:28:01.0421 1420 ================================================================================
    2011/02/02 20:28:01.0765 1420 Initialize success
    2011/02/02 20:28:06.0500 1508 ================================================================================
    2011/02/02 20:28:06.0500 1508 Scan started
    2011/02/02 20:28:06.0500 1508 Mode: Manual;
    2011/02/02 20:28:06.0500 1508 ================================================================================
    2011/02/02 20:28:07.0812 1508 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/02/02 20:28:07.0890 1508 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/02/02 20:28:07.0937 1508 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/02/02 20:28:08.0000 1508 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
    2011/02/02 20:28:08.0078 1508 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/02/02 20:28:08.0125 1508 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/02/02 20:28:08.0187 1508 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/02/02 20:28:08.0265 1508 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
    2011/02/02 20:28:08.0328 1508 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/02/02 20:28:08.0359 1508 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/02/02 20:28:08.0421 1508 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/02/02 20:28:08.0484 1508 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/02/02 20:28:08.0546 1508 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/02/02 20:28:08.0703 1508 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/02/02 20:28:08.0734 1508 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/02/02 20:28:08.0781 1508 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/02/02 20:28:08.0812 1508 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/02/02 20:28:08.0890 1508 AnyDVD (fb9b934889af1fe67100f16738fc6c37) C:\WINDOWS\system32\Drivers\AnyDVD.sys
    2011/02/02 20:28:08.0984 1508 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/02/02 20:28:09.0015 1508 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/02/02 20:28:09.0062 1508 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/02/02 20:28:09.0125 1508 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
    2011/02/02 20:28:09.0203 1508 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
    2011/02/02 20:28:09.0281 1508 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/02/02 20:28:09.0343 1508 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/02/02 20:28:09.0468 1508 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/02/02 20:28:09.0562 1508 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/02/02 20:28:09.0718 1508 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/02/02 20:28:09.0781 1508 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/02/02 20:28:09.0859 1508 BlueletAudio (31ff5b87c1dd907613cc613224b8e303) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
    2011/02/02 20:28:09.0953 1508 BT (9da8abc4885aff4793d4aa420e40bb12) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
    2011/02/02 20:28:10.0046 1508 Btcsrusb (7e99a004329250900818ee0de014f032) C:\WINDOWS\system32\Drivers\btcusb.sys
    2011/02/02 20:28:10.0125 1508 BTHidEnum (0448968ba21acde511c19f3c0296e23b) C:\WINDOWS\system32\DRIVERS\vbtenum.sys
    2011/02/02 20:28:10.0171 1508 BTHidMgr (f408264f6ad1dc7e7bdd4837440f115d) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
    2011/02/02 20:28:10.0406 1508 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/02/02 20:28:10.0437 1508 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/02/02 20:28:10.0515 1508 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/02/02 20:28:10.0578 1508 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/02/02 20:28:10.0625 1508 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/02/02 20:28:10.0671 1508 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/02/02 20:28:10.0734 1508 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/02/02 20:28:10.0875 1508 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
    2011/02/02 20:28:10.0984 1508 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/02/02 20:28:11.0078 1508 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/02/02 20:28:11.0171 1508 ctac32k (8a9c65ce4fe6e8cb24ce06ba28d951a0) C:\WINDOWS\system32\drivers\ctac32k.sys
    2011/02/02 20:28:11.0218 1508 ctaud2k (47236971dfb3e03690b98e41665d0924) C:\WINDOWS\system32\drivers\ctaud2k.sys
    2011/02/02 20:28:11.0296 1508 ctdvda2k (5a0eeb00b02fc78605aa9d3590b24978) C:\WINDOWS\system32\drivers\ctdvda2k.sys
    2011/02/02 20:28:11.0343 1508 ctprxy2k (2381cf056c15271f6b8dab50ff82cf3a) C:\WINDOWS\system32\drivers\ctprxy2k.sys
    2011/02/02 20:28:11.0375 1508 ctsfm2k (da1c530de86c85a701138b30fb145af3) C:\WINDOWS\system32\drivers\ctsfm2k.sys
    2011/02/02 20:28:11.0453 1508 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/02/02 20:28:11.0515 1508 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/02/02 20:28:11.0687 1508 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/02/02 20:28:11.0734 1508 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    2011/02/02 20:28:11.0781 1508 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    2011/02/02 20:28:11.0812 1508 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
    2011/02/02 20:28:11.0843 1508 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    2011/02/02 20:28:11.0890 1508 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    2011/02/02 20:28:11.0921 1508 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    2011/02/02 20:28:11.0984 1508 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    2011/02/02 20:28:12.0015 1508 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    2011/02/02 20:28:12.0062 1508 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    2011/02/02 20:28:12.0171 1508 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/02/02 20:28:12.0234 1508 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/02/02 20:28:12.0281 1508 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/02/02 20:28:12.0343 1508 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/02/02 20:28:12.0421 1508 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/02/02 20:28:12.0453 1508 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/02/02 20:28:12.0531 1508 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    2011/02/02 20:28:12.0578 1508 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    2011/02/02 20:28:12.0625 1508 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2011/02/02 20:28:12.0687 1508 ElbyCDIO (61198bb0fc9d05bc19dc0055e98f24c5) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
    2011/02/02 20:28:12.0843 1508 ElbyDelay (e205c313417da6fa7afe85912a310a65) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
    2011/02/02 20:28:12.0906 1508 emupia (661cf27263f3e0b553be050a42d357db) C:\WINDOWS\system32\drivers\emupia2k.sys
    2011/02/02 20:28:13.0015 1508 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/02/02 20:28:13.0078 1508 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/02/02 20:28:13.0171 1508 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/02/02 20:28:13.0234 1508 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/02/02 20:28:13.0312 1508 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/02/02 20:28:13.0359 1508 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/02/02 20:28:13.0437 1508 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/02/02 20:28:13.0484 1508 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2011/02/02 20:28:13.0625 1508 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/02/02 20:28:13.0734 1508 ha20x2k (862d4185d43128fef7818711f8f30436) C:\WINDOWS\system32\drivers\ha20x2k.sys
    2011/02/02 20:28:13.0828 1508 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/02/02 20:28:13.0890 1508 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/02/02 20:28:13.0937 1508 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/02/02 20:28:14.0015 1508 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/02/02 20:28:14.0062 1508 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/02/02 20:28:14.0156 1508 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/02/02 20:28:14.0234 1508 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/02/02 20:28:14.0312 1508 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/02/02 20:28:14.0359 1508 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/02/02 20:28:14.0515 1508 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/02/02 20:28:14.0578 1508 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/02/02 20:28:14.0625 1508 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/02/02 20:28:14.0687 1508 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/02/02 20:28:14.0750 1508 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/02/02 20:28:14.0812 1508 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/02/02 20:28:14.0875 1508 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/02/02 20:28:14.0937 1508 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/02/02 20:28:15.0015 1508 Jukebox3 (c4d1e49a7d853a6fdfe8ec2906ae5aaa) C:\WINDOWS\system32\DRIVERS\ctpdusb.sys
    2011/02/02 20:28:15.0031 1508 Suspicious service (NoAccess): junil
    2011/02/02 20:28:15.0078 1508 junil (3c77fac81e0e440b51c4979b4164f4ab) C:\WINDOWS\system32\drivers\junil.sys
    2011/02/02 20:28:15.0078 1508 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\junil.sys. md5: 3c77fac81e0e440b51c4979b4164f4ab
    2011/02/02 20:28:15.0093 1508 junil - detected Locked service (1)
    2011/02/02 20:28:15.0156 1508 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/02/02 20:28:15.0187 1508 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/02/02 20:28:15.0312 1508 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/02/02 20:28:15.0390 1508 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/02/02 20:28:15.0609 1508 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
    2011/02/02 20:28:15.0765 1508 LVMVDrv (f52f3e700910518e3eb7a8b493ba2086) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
    2011/02/02 20:28:15.0890 1508 LVPr2Mon (fbb46bc3cd3c7ff063178bf8e8bc7c67) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
    2011/02/02 20:28:16.0062 1508 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/02/02 20:28:16.0125 1508 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/02/02 20:28:16.0171 1508 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/02/02 20:28:16.0218 1508 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/02/02 20:28:16.0250 1508 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/02/02 20:28:16.0296 1508 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/02/02 20:28:16.0359 1508 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/02/02 20:28:16.0531 1508 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/02/02 20:28:16.0625 1508 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/02/02 20:28:16.0687 1508 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/02/02 20:28:16.0718 1508 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/02/02 20:28:16.0765 1508 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/02/02 20:28:16.0812 1508 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/02/02 20:28:16.0859 1508 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/02/02 20:28:16.0921 1508 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/02/02 20:28:16.0984 1508 MXOFX (799a99d21e72023ee5adb28ae424efc8) C:\WINDOWS\system32\DRIVERS\MXOFX.SYS
    2011/02/02 20:28:17.0031 1508 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/02/02 20:28:17.0156 1508 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/02/02 20:28:17.0312 1508 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/02/02 20:28:17.0375 1508 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/02/02 20:28:17.0406 1508 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/02/02 20:28:17.0437 1508 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/02/02 20:28:17.0500 1508 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/02/02 20:28:17.0562 1508 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/02/02 20:28:17.0640 1508 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/02/02 20:28:17.0796 1508 nltdi (19c50a0051fed34cc2544cd45114e4e5) C:\WINDOWS\system32\drivers\nltdi.sys
    2011/02/02 20:28:17.0843 1508 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/02/02 20:28:17.0906 1508 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/02/02 20:28:18.0000 1508 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/02/02 20:28:18.0109 1508 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/02/02 20:28:18.0343 1508 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/02/02 20:28:18.0406 1508 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/02/02 20:28:18.0484 1508 ossrv (99f877a7bb6feb5af1184eafe937c208) C:\WINDOWS\system32\drivers\ctoss2k.sys
    2011/02/02 20:28:18.0546 1508 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/02/02 20:28:18.0593 1508 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/02/02 20:28:18.0640 1508 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/02/02 20:28:18.0703 1508 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/02/02 20:28:18.0765 1508 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/02/02 20:28:18.0828 1508 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/02/02 20:28:19.0015 1508 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/02/02 20:28:19.0078 1508 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/02/02 20:28:19.0203 1508 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/02/02 20:28:19.0250 1508 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/02/02 20:28:19.0296 1508 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/02/02 20:28:19.0359 1508 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/02/02 20:28:19.0390 1508 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/02/02 20:28:19.0421 1508 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/02/02 20:28:19.0468 1508 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/02/02 20:28:19.0609 1508 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/02/02 20:28:19.0671 1508 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/02/02 20:28:19.0734 1508 QV2KUX (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys
    2011/02/02 20:28:19.0796 1508 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/02/02 20:28:19.0859 1508 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/02/02 20:28:19.0906 1508 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/02/02 20:28:19.0937 1508 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/02/02 20:28:20.0031 1508 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/02/02 20:28:20.0078 1508 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/02/02 20:28:20.0140 1508 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/02/02 20:28:20.0187 1508 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/02/02 20:28:20.0265 1508 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/02/02 20:28:20.0312 1508 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2011/02/02 20:28:20.0437 1508 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
    2011/02/02 20:28:20.0640 1508 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/02/02 20:28:20.0703 1508 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/02/02 20:28:20.0812 1508 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/02/02 20:28:20.0906 1508 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/02/02 20:28:21.0031 1508 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2011/02/02 20:28:21.0078 1508 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/02/02 20:28:21.0140 1508 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/02/02 20:28:21.0171 1508 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/02/02 20:28:21.0281 1508 sptd (090adc3d9b5730ac3b20bdd5a54e2d28) C:\WINDOWS\system32\Drivers\sptd.sys
    2011/02/02 20:28:21.0343 1508 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/02/02 20:28:21.0406 1508 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/02/02 20:28:21.0500 1508 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/02/02 20:28:21.0640 1508 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/02/02 20:28:21.0734 1508 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/02/02 20:28:21.0812 1508 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/02/02 20:28:21.0859 1508 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/02/02 20:28:21.0906 1508 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/02/02 20:28:21.0953 1508 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/02/02 20:28:22.0000 1508 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/02/02 20:28:22.0125 1508 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/02/02 20:28:22.0171 1508 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/02/02 20:28:22.0218 1508 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/02/02 20:28:22.0281 1508 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/02/02 20:28:22.0359 1508 tffsport (d9d5e4ca72270e9f3eca97da0983ab87) C:\WINDOWS\system32\DRIVERS\tffsport.sys
    2011/02/02 20:28:22.0515 1508 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/02/02 20:28:22.0625 1508 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/02/02 20:28:22.0671 1508 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/02/02 20:28:22.0718 1508 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/02/02 20:28:22.0828 1508 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/02/02 20:28:22.0875 1508 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/02/02 20:28:22.0906 1508 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/02/02 20:28:22.0968 1508 USBCM (d21cde1c635bcc5053463579eee453cf) C:\WINDOWS\system32\DRIVERS\Sacm1K.sys
    2011/02/02 20:28:23.0031 1508 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/02/02 20:28:23.0046 1508 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/02/02 20:28:23.0093 1508 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/02/02 20:28:23.0140 1508 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/02/02 20:28:23.0171 1508 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/02/02 20:28:23.0234 1508 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/02/02 20:28:23.0281 1508 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    2011/02/02 20:28:23.0343 1508 VComm (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys
    2011/02/02 20:28:23.0375 1508 VcommMgr (ef0d45ed806b0c9ae9756bfeecb077ed) C:\WINDOWS\system32\Drivers\VcommMgr.sys
    2011/02/02 20:28:23.0437 1508 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/02/02 20:28:23.0484 1508 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/02/02 20:28:23.0625 1508 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/02/02 20:28:23.0703 1508 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/02/02 20:28:23.0765 1508 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/02/02 20:28:23.0859 1508 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    2011/02/02 20:28:23.0953 1508 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/02/02 20:28:24.0015 1508 WebSTARNdis (a0a2082f983d05e2ca2435ec3429edea) C:\WINDOWS\system32\DRIVERS\WebSTAR.sys
    2011/02/02 20:28:24.0203 1508 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2011/02/02 20:28:24.0281 1508 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/02/02 20:28:24.0359 1508 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/02/02 20:28:24.0421 1508 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/02/02 20:28:24.0609 1508 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/02/02 20:28:24.0625 1508 ================================================================================
    2011/02/02 20:28:24.0625 1508 Scan finished
    2011/02/02 20:28:24.0625 1508 ================================================================================
    2011/02/02 20:28:24.0671 1408 Detected object count: 2
    2011/02/02 20:29:08.0468 1408 Locked service(junil) - User select action: Skip
    2011/02/02 20:29:08.0468 1408 \HardDisk0 - will be cured after reboot
    2011/02/02 20:29:08.0468 1408 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/02/02 20:29:53.0265 1304 Deinitialize success
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Dave,

    Yep Safe mode with networking is just the ticket, we often have to go that route when dealing with rootkits.

    Looks like TDSSKiller has killed of the rootkit and identified another problem, lets see if we can get that one too,

    As follows:

    Please download OTM by OldTimer.
    Alternative Mirror
    Save it to your desktop.
    Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
    • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      -------------------------------------------------------------------


      :Files
      ipconfig /flushdns /c
      C:\WINDOWS\system32\drivers\junil.sys
      :Commands
      [EmptyTemp]
      [ResetHosts}

      ---------------------------------------------------------------------
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Post the log from OTM and give update on system.

    Kevin
     
  10. Dangerous_Dave

    Dangerous_Dave Thread Starter

    Joined:
    Feb 27, 2009
    Messages:
    74
    That was quick !!!

    I don't seem to be getting any redirects any more and things are looking fine. If you're about to tell me everything's fixed now would you mind not marking this as solved until I've played with the PC for a little bit to make sure - let you know tomorrow perhaps ??? This is only because from years of experience working with computers I've learn not to write off an issue as fixed too quickly - something always goes wrong when the support looks the other way. Anyway, here's the log from OTM:

    All processes killed
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
    File move failed. C:\WINDOWS\system32\drivers\junil.sys scheduled to be moved on reboot.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 96 bytes
    ->Temporary Internet Files folder emptied: 6569795 bytes
    ->Flash cache emptied: 456 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56543 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 452317 bytes
    ->Flash cache emptied: 343 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 19462207 bytes
    ->Flash cache emptied: 6117 bytes

    User: Owner

    User: Tilty
    ->Temp folder emptied: 125893 bytes
    ->Temporary Internet Files folder emptied: 19606379 bytes
    ->Java cache emptied: 126402691 bytes
    ->FireFox cache emptied: 106615010 bytes
    ->Flash cache emptied: 1807023 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2624350 bytes
    %systemroot%\System32 .tmp files removed: 19383825 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 815237 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 290.00 mb


    OTM by OldTimer - Version 3.1.17.2 log created on 02022011_212255
    Files moved on Reboot...
    File move failed. C:\WINDOWS\system32\drivers\junil.sys scheduled to be moved on reboot.
    Registry entries deleted on Reboot...
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Like you i`m not that easily convinced, especially with rootkits. Proceed as follows :-

    Download [​IMG] from any of the following links and save to your Desktop:

    Link 1
    Link 2
    Link 3

    • Double click on the icon to run it. Vista and Windows 7 users right click and select Run as Administrator. Make sure all other windows are closed and to let it run uninterrupted.
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Under the Custom Scan box paste this in
      Code:
            netsvcs
            drivers32
            %SYSTEMDRIVE%\*.*
            %systemroot%\*. /mp /s
            CREATERESTOREPOINT
            %systemroot%\System32\config\*.sav
            HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

    Copy and paste OTL Txt and ExtrasTxt in your reply.

    Kevin
     
  12. Dangerous_Dave

    Dangerous_Dave Thread Starter

    Joined:
    Feb 27, 2009
    Messages:
    74
    Er...you might notice that since I was playing around on the internet again I reinstalled the latest AVG since my last reply. Apologies, I know standard practice is to do nothing of the sort until you give the all clear - I got a bit carried away. Files:

    OTL logfile created on: 02/02/2011 21:57:17 - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Tilty\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1,022.00 Mb Total Physical Memory | 340.00 Mb Available Physical Memory | 33.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 229.77 Gb Total Space | 154.93 Gb Free Space | 67.43% Space Free | Partition Type: NTFS

    Computer Name: DAVE | User Name: Tilty | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/02/02 21:56:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tilty\Desktop\OTL.exe
    PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2008/05/26 15:20:50 | 000,585,728 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
    PRC - [2008/05/26 15:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
    PRC - [2008/05/26 15:09:24 | 000,044,032 | ---- | M] () -- C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
    PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/05/17 09:52:04 | 000,505,368 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    PRC - [2007/05/11 16:30:50 | 000,133,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2007/05/11 16:28:56 | 000,187,168 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    PRC - [2006/06/26 16:13:40 | 001,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    PRC - [2006/06/26 16:13:24 | 000,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
    PRC - [2006/05/16 18:28:47 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
    PRC - [2006/03/02 03:00:18 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
    PRC - [2006/03/02 02:53:36 | 000,717,312 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
    PRC - [2005/11/08 11:30:42 | 000,016,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
    PRC - [2005/11/04 17:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    PRC - [2005/10/14 10:01:06 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    PRC - [2005/09/08 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    PRC - [2005/06/10 09:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    PRC - [2004/07/19 06:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
    PRC - [2003/06/18 00:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
    PRC - [2003/05/21 14:30:52 | 000,045,056 | ---- | M] (Maxtor) -- C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
    PRC - [2003/04/07 17:09:48 | 000,118,784 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE


    ========== Modules (SafeList) ==========

    MOD - [2011/02/02 21:56:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tilty\Desktop\OTL.exe
    MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2007/05/11 16:30:38 | 000,113,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
    MOD - [2005/11/08 11:30:42 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/09/24 17:04:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/05/26 15:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
    SRV - [2007/07/19 23:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
    SRV - [2007/05/11 16:30:50 | 000,133,920 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2007/05/11 16:28:56 | 000,187,168 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
    SRV - [2007/04/23 15:18:44 | 000,491,520 | ---- | M] (Locktime Software) [Disabled | Stopped] -- C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe -- (nlsvc)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/02/02 21:49:57 | 000,761,344 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\junil.sys -- (junil)
    DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2010/08/03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2010/08/03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2010/08/03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2008/12/31 13:59:13 | 000,024,872 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV - [2008/12/30 23:53:28 | 000,103,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\anydvd.sys -- (AnyDVD)
    DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
    DRV - [2008/05/26 15:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
    DRV - [2008/04/13 18:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 18:40:50 | 000,149,376 | ---- | M] (M-Systems) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\tffsport.sys -- (tffsport)
    DRV - [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2007/07/19 23:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
    DRV - [2007/05/11 16:30:16 | 000,025,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2007/05/11 16:29:54 | 002,142,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
    DRV - [2007/04/23 16:08:52 | 000,081,688 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nltdi.sys -- (nltdi)
    DRV - [2007/02/16 00:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
    DRV - [2006/11/11 22:09:08 | 000,611,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2006/05/16 18:28:49 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2006/03/27 23:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
    DRV - [2006/02/15 05:40:24 | 001,096,192 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
    DRV - [2005/11/08 12:15:38 | 000,439,680 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV - [2005/11/08 12:15:38 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV - [2005/11/08 12:14:54 | 000,114,688 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2005/11/08 12:14:46 | 000,143,360 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2005/11/08 12:14:44 | 000,077,824 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
    DRV - [2005/11/08 12:14:40 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
    DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2005/08/04 03:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/07/13 09:18:48 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
    DRV - [2005/01/17 13:48:34 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
    DRV - [2005/01/13 14:20:36 | 000,012,500 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
    DRV - [2004/11/05 10:39:08 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
    DRV - [2004/10/19 12:40:56 | 000,028,207 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
    DRV - [2004/10/19 12:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
    DRV - [2004/10/19 10:39:26 | 000,020,096 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
    DRV - [2004/09/21 17:15:34 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
    DRV - [2004/08/04 10:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2004/08/04 10:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2004/08/04 10:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2004/08/04 10:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2004/08/04 10:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2004/08/04 10:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2004/08/04 10:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2004/08/04 10:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2004/08/04 10:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2004/08/04 10:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2004/08/04 10:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2004/08/04 10:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2004/08/04 10:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2004/08/04 10:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2004/08/04 10:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2004/06/10 20:42:38 | 000,015,429 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sacm1K.sys -- (USBCM)
    DRV - [2004/05/18 00:25:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
    DRV - [2003/04/14 15:00:40 | 000,032,512 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
    DRV - [2001/12/17 10:25:58 | 000,015,417 | R--- | M] (Scientific Atlanta) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WebSTAR.sys -- (WebSTARNdis)
    DRV - [2001/08/17 12:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
    DRV - [1999/09/10 11:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.sys -- (Aspi32)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 5555
    FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"

    FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/02 21:42:06 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/23 14:51:23 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/01 17:03:42 | 000,000,000 | ---D | M]

    [2010/05/03 21:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tilty\Application Data\Mozilla\Extensions
    [2010/05/05 17:05:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tilty\Application Data\Mozilla\Firefox\Profiles\tpaaj38x.default\extensions
    [2010/05/05 17:05:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tilty\Application Data\Mozilla\Firefox\Profiles\tpaaj38x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/05/03 21:12:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2009/09/10 20:24:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010/04/01 16:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/04/01 16:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/04/01 16:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/04/01 16:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2011/01/17 21:13:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - File not found
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
    O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)
    O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
    O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
    O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\blueyonder Instant Support Tool.lnk = File not found
    O4 - Startup: C:\Documents and Settings\Tilty\Start Menu\Programs\Startup\Jacquie Lawson Advent Calendar.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} http://static.photobox.co.uk/sg/common/ImageUploader4.cab (PhotoBox uploader)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271357568160 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148033467500 (MUWebControl Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} http://secure2.comned.com/signuptemplates/securelogin-devel.cab (SecureLogin class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (56308606093492224)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/02 21:56:03 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tilty\Desktop\OTL.exe
    [2011/02/02 21:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
    [2011/02/02 21:41:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
    [2011/02/02 21:24:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/02/02 21:22:55 | 000,000,000 | ---D | C] -- C:\_OTM
    [2011/01/30 16:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2011/01/18 00:09:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/01/17 21:58:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/01/17 21:58:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/01/17 21:58:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/01/17 21:58:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/01/17 21:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tilty\Application Data\AVG10
    [2011/01/17 21:40:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/01/17 21:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2011/01/17 21:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/01/17 19:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2011/01/17 18:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/01/17 18:12:59 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/17 18:07:42 | 000,761,344 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\junil.sys
    [2006/05/22 21:57:05 | 000,015,429 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm1K.sys
    [2005/11/08 12:38:38 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/02/02 21:56:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tilty\Desktop\OTL.exe
    [2011/02/02 21:52:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/02/02 21:51:36 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2011/02/02 21:51:07 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/02/02 21:51:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/02/02 21:50:58 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/02 21:49:57 | 000,761,344 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\junil.sys
    [2011/02/02 21:46:06 | 105,143,951 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011/02/02 21:43:09 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
    [2011/02/02 21:42:04 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/02/02 20:22:28 | 1071,824,896 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
    [2011/02/02 20:16:31 | 000,064,980 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000005-10031102}.rfx
    [2011/02/02 20:16:31 | 000,054,320 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000005-10031102}.rfx
    [2011/02/02 20:16:31 | 000,054,320 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000005-10031102}.rfx
    [2011/02/02 20:16:31 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
    [2011/02/02 20:16:31 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
    [2011/01/30 17:29:46 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/01/30 16:15:44 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Tilty\Desktop\d4z3zv6k.exe
    [2011/01/30 16:10:37 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Tilty\Desktop\dds.scr
    [2011/01/17 21:13:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/01/17 18:07:10 | 000,000,049 | ---- | M] () -- C:\WINDOWS\VYWnuxO
    [2011/01/17 18:07:10 | 000,000,047 | ---- | M] () -- C:\WINDOWS\ja1Fju
    [2011/01/17 18:07:10 | 000,000,047 | ---- | M] () -- C:\WINDOWS\F3KhQsegnb
    [2011/01/17 18:07:10 | 000,000,046 | ---- | M] () -- C:\WINDOWS\yWtCUTMp5
    [2011/01/17 18:07:10 | 000,000,046 | ---- | M] () -- C:\WINDOWS\XfnPNQyC6I
    [2011/01/17 18:07:10 | 000,000,045 | ---- | M] () -- C:\WINDOWS\qakTXKXG
    [2011/01/17 18:07:10 | 000,000,045 | ---- | M] () -- C:\WINDOWS\LIRWAjbJL
    [2011/01/17 18:07:10 | 000,000,045 | ---- | M] () -- C:\WINDOWS\KgkacKvFkr
    [2011/01/17 18:07:10 | 000,000,044 | ---- | M] () -- C:\WINDOWS\2AxueOjfH
    [2011/01/17 18:07:10 | 000,000,043 | ---- | M] () -- C:\WINDOWS\ClG7wDcCA6
    [2011/01/17 18:07:10 | 000,000,042 | ---- | M] () -- C:\WINDOWS\d6VqmEED
    [2011/01/17 18:07:10 | 000,000,041 | ---- | M] () -- C:\WINDOWS\uCKsvH
    [2011/01/17 18:07:10 | 000,000,040 | ---- | M] () -- C:\WINDOWS\yFIlMW
    [2011/01/17 18:07:10 | 000,000,040 | ---- | M] () -- C:\WINDOWS\sMftko7U5
    [2011/01/17 18:07:10 | 000,000,039 | ---- | M] () -- C:\WINDOWS\y3c6NQ
    [2011/01/17 18:07:10 | 000,000,038 | ---- | M] () -- C:\WINDOWS\oFavpHE
    [2011/01/17 18:07:10 | 000,000,038 | ---- | M] () -- C:\WINDOWS\MoUb3
    [2011/01/17 18:07:10 | 000,000,038 | ---- | M] () -- C:\WINDOWS\k5JNwo
    [2011/01/17 18:07:10 | 000,000,037 | ---- | M] () -- C:\WINDOWS\4jVbl
    [2011/01/17 18:07:10 | 000,000,035 | ---- | M] () -- C:\WINDOWS\pWlrBpNrd
    [2011/01/17 18:07:10 | 000,000,035 | ---- | M] () -- C:\WINDOWS\iHWYueYjP
    [2011/01/17 18:07:10 | 000,000,034 | ---- | M] () -- C:\WINDOWS\ITSMsSFxG
    [2011/01/17 18:07:10 | 000,000,033 | ---- | M] () -- C:\WINDOWS\FIYg17O
    [2011/01/17 18:07:10 | 000,000,032 | ---- | M] () -- C:\WINDOWS\pSGex4mkEX
    [2011/01/17 18:07:10 | 000,000,032 | ---- | M] () -- C:\WINDOWS\ldfkLVWd5
    [2011/01/17 18:07:10 | 000,000,032 | ---- | M] () -- C:\WINDOWS\fPpw1wx
    [2011/01/17 18:07:10 | 000,000,032 | ---- | M] () -- C:\WINDOWS\cqT73Kkrqg
    [2011/01/17 18:07:10 | 000,000,032 | ---- | M] () -- C:\WINDOWS\Bvqha
    [2011/01/17 18:07:10 | 000,000,031 | ---- | M] () -- C:\WINDOWS\WOi3DI
    [2011/01/17 18:07:10 | 000,000,031 | ---- | M] () -- C:\WINDOWS\LH8U36Cr
    [2011/01/17 18:07:10 | 000,000,030 | ---- | M] () -- C:\WINDOWS\JtvaSiB
    [2011/01/17 18:07:10 | 000,000,030 | ---- | M] () -- C:\WINDOWS\h5oDwMa6
    [2011/01/17 18:07:10 | 000,000,030 | ---- | M] () -- C:\WINDOWS\5eOexm
    [2011/01/17 18:07:10 | 000,000,029 | ---- | M] () -- C:\WINDOWS\7QQlj78i
    [2011/01/17 18:07:10 | 000,000,029 | ---- | M] () -- C:\WINDOWS\45e6DK5oRi
    [2011/01/17 18:07:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\calmlS6tS
    [2011/01/17 18:07:09 | 000,000,049 | ---- | M] () -- C:\WINDOWS\jPToXpud
    [2011/01/17 18:07:09 | 000,000,047 | ---- | M] () -- C:\WINDOWS\xia5b
    [2011/01/17 18:07:09 | 000,000,047 | ---- | M] () -- C:\WINDOWS\3LaFX
    [2011/01/17 18:07:09 | 000,000,046 | ---- | M] () -- C:\WINDOWS\8KJLK
    [2011/01/17 18:07:09 | 000,000,045 | ---- | M] () -- C:\WINDOWS\aO7CsaqTeE
    [2011/01/17 18:07:09 | 000,000,044 | ---- | M] () -- C:\WINDOWS\WpfC6U
    [2011/01/17 18:07:09 | 000,000,044 | ---- | M] () -- C:\WINDOWS\TvxkqPyhab
    [2011/01/17 18:07:09 | 000,000,044 | ---- | M] () -- C:\WINDOWS\LobYqvG8
    [2011/01/17 18:07:09 | 000,000,044 | ---- | M] () -- C:\WINDOWS\I6hYicJA3S
    [2011/01/17 18:07:09 | 000,000,044 | ---- | M] () -- C:\WINDOWS\Hllw7ED
    [2011/01/17 18:07:09 | 000,000,044 | ---- | M] () -- C:\WINDOWS\excf5
    [2011/01/17 18:07:09 | 000,000,043 | ---- | M] () -- C:\WINDOWS\Y2gCA3R
    [2011/01/17 18:07:09 | 000,000,043 | ---- | M] () -- C:\WINDOWS\XNGUm
    [2011/01/17 18:07:09 | 000,000,043 | ---- | M] () -- C:\WINDOWS\WlMfD4
    [2011/01/17 18:07:09 | 000,000,043 | ---- | M] () -- C:\WINDOWS\Bs2m7
    [2011/01/17 18:07:09 | 000,000,042 | ---- | M] () -- C:\WINDOWS\Y4aRDeKi
    [2011/01/17 18:07:09 | 000,000,042 | ---- | M] () -- C:\WINDOWS\GElIqO
    [2011/01/17 18:07:09 | 000,000,042 | ---- | M] () -- C:\WINDOWS\EgtaGlPSn
    [2011/01/17 18:07:09 | 000,000,042 | ---- | M] () -- C:\WINDOWS\4kLkF
    [2011/01/17 18:07:09 | 000,000,041 | ---- | M] () -- C:\WINDOWS\lF7dA
    [2011/01/17 18:07:09 | 000,000,041 | ---- | M] () -- C:\WINDOWS\hdxUaetJ
    [2011/01/17 18:07:09 | 000,000,040 | ---- | M] () -- C:\WINDOWS\O14OOtm
    [2011/01/17 18:07:09 | 000,000,040 | ---- | M] () -- C:\WINDOWS\nMp6T
    [2011/01/17 18:07:09 | 000,000,040 | ---- | M] () -- C:\WINDOWS\kJnPGuxLa
    [2011/01/17 18:07:09 | 000,000,040 | ---- | M] () -- C:\WINDOWS\ignc5nJmi
    [2011/01/17 18:07:09 | 000,000,040 | ---- | M] () -- C:\WINDOWS\2pvNUHB
    [2011/01/17 18:07:09 | 000,000,039 | ---- | M] () -- C:\WINDOWS\XguGQgm
    [2011/01/17 18:07:09 | 000,000,039 | ---- | M] () -- C:\WINDOWS\nCGp7Inyy8
    [2011/01/17 18:07:09 | 000,000,039 | ---- | M] () -- C:\WINDOWS\lHaxOG
    [2011/01/17 18:07:09 | 000,000,039 | ---- | M] () -- C:\WINDOWS\3PWAT
    [2011/01/17 18:07:09 | 000,000,038 | ---- | M] () -- C:\WINDOWS\p4tFS73C8
    [2011/01/17 18:07:09 | 000,000,037 | ---- | M] () -- C:\WINDOWS\Vuktdt
    [2011/01/17 18:07:09 | 000,000,037 | ---- | M] () -- C:\WINDOWS\aocJOpGaI
    [2011/01/17 18:07:09 | 000,000,037 | ---- | M] () -- C:\WINDOWS\7Ssd7nroKT
    [2011/01/17 18:07:09 | 000,000,036 | ---- | M] () -- C:\WINDOWS\w5L3V8d3G4
    [2011/01/17 18:07:09 | 000,000,036 | ---- | M] () -- C:\WINDOWS\qTKQjvWAk
    [2011/01/17 18:07:09 | 000,000,036 | ---- | M] () -- C:\WINDOWS\nYb8DqV
    [2011/01/17 18:07:09 | 000,000,036 | ---- | M] () -- C:\WINDOWS\5Rtlo
    [2011/01/17 18:07:09 | 000,000,036 | ---- | M] () -- C:\WINDOWS\31c7Dn5c
    [2011/01/17 18:07:09 | 000,000,035 | ---- | M] () -- C:\WINDOWS\NNJWxceg
    [2011/01/17 18:07:09 | 000,000,034 | ---- | M] () -- C:\WINDOWS\Os8NVKnoek
    [2011/01/17 18:07:09 | 000,000,034 | ---- | M] () -- C:\WINDOWS\iPrdtIX
    [2011/01/17 18:07:09 | 000,000,033 | ---- | M] () -- C:\WINDOWS\C4ywfGIdA
    [2011/01/17 18:07:09 | 000,000,032 | ---- | M] () -- C:\WINDOWS\ehfGHeMqmH
    [2011/01/17 18:07:09 | 000,000,031 | ---- | M] () -- C:\WINDOWS\gFKAKt1qF
    [2011/01/17 18:07:09 | 000,000,031 | ---- | M] () -- C:\WINDOWS\8biiMRj
    [2011/01/17 18:07:09 | 000,000,030 | ---- | M] () -- C:\WINDOWS\RaNokcC
    [2011/01/17 18:07:09 | 000,000,030 | ---- | M] () -- C:\WINDOWS\mLx4Q6M
    [2011/01/17 18:07:09 | 000,000,030 | ---- | M] () -- C:\WINDOWS\4I5WGIT
    [2011/01/17 18:07:09 | 000,000,029 | ---- | M] () -- C:\WINDOWS\uLVAps1Np
    [2011/01/17 18:07:09 | 000,000,029 | ---- | M] () -- C:\WINDOWS\CCgPBY1a
    [2011/01/17 18:07:09 | 000,000,028 | ---- | M] () -- C:\WINDOWS\V4jNEIf1oJ
    [2011/01/17 18:07:09 | 000,000,028 | ---- | M] () -- C:\WINDOWS\IgFj75oRh
    [2011/01/17 18:07:09 | 000,000,028 | ---- | M] () -- C:\WINDOWS\GnOJEOW
    [2011/01/17 18:07:09 | 000,000,028 | ---- | M] () -- C:\WINDOWS\FLYkS
    [2011/01/17 18:07:09 | 000,000,028 | ---- | M] () -- C:\WINDOWS\b31Oi1GRP
    [2011/01/17 18:07:09 | 000,000,028 | ---- | M] () -- C:\WINDOWS\3XkypbOv2
    [2011/01/17 18:07:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\DQxjxlU
    [2011/01/17 18:07:09 | 000,000,026 | ---- | M] () -- C:\WINDOWS\LBILmrYc
    [2011/01/17 18:07:09 | 000,000,026 | ---- | M] () -- C:\WINDOWS\2T8esRwaW
    [2011/01/17 18:07:09 | 000,000,025 | ---- | M] () -- C:\WINDOWS\EhPUBO
    [2011/01/14 17:40:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/01/10 20:31:02 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/01/10 20:30:43 | 000,224,256 | ---- | M] () -- C:\Documents and Settings\Tilty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== Files Created - No Company Name ==========

    [2011/02/02 21:46:06 | 105,143,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011/02/02 21:43:09 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
    [2011/02/02 21:26:18 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
    [2011/01/30 16:15:43 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Tilty\Desktop\d4z3zv6k.exe
    [2011/01/30 16:10:34 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Tilty\Desktop\dds.scr
    [2011/01/17 21:58:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/01/17 21:58:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/01/17 21:58:21 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/01/17 21:58:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/01/17 21:58:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/01/17 18:18:34 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/01/17 18:07:09 | 000,000,049 | ---- | C] () -- C:\WINDOWS\VYWnuxO
    [2011/01/17 18:07:09 | 000,000,049 | ---- | C] () -- C:\WINDOWS\jPToXpud
    [2011/01/17 18:07:09 | 000,000,047 | ---- | C] () -- C:\WINDOWS\xia5b
    [2011/01/17 18:07:09 | 000,000,047 | ---- | C] () -- C:\WINDOWS\ja1Fju
    [2011/01/17 18:07:09 | 000,000,047 | ---- | C] () -- C:\WINDOWS\F3KhQsegnb
    [2011/01/17 18:07:09 | 000,000,047 | ---- | C] () -- C:\WINDOWS\3LaFX
    [2011/01/17 18:07:09 | 000,000,046 | ---- | C] () -- C:\WINDOWS\yWtCUTMp5
    [2011/01/17 18:07:09 | 000,000,046 | ---- | C] () -- C:\WINDOWS\XfnPNQyC6I
    [2011/01/17 18:07:09 | 000,000,046 | ---- | C] () -- C:\WINDOWS\8KJLK
    [2011/01/17 18:07:09 | 000,000,045 | ---- | C] () -- C:\WINDOWS\qakTXKXG
    [2011/01/17 18:07:09 | 000,000,045 | ---- | C] () -- C:\WINDOWS\LIRWAjbJL
    [2011/01/17 18:07:09 | 000,000,045 | ---- | C] () -- C:\WINDOWS\KgkacKvFkr
    [2011/01/17 18:07:09 | 000,000,045 | ---- | C] () -- C:\WINDOWS\aO7CsaqTeE
    [2011/01/17 18:07:09 | 000,000,044 | ---- | C] () -- C:\WINDOWS\WpfC6U
    [2011/01/17 18:07:09 | 000,000,044 | ---- | C] () -- C:\WINDOWS\TvxkqPyhab
    [2011/01/17 18:07:09 | 000,000,044 | ---- | C] () -- C:\WINDOWS\LobYqvG8
    [2011/01/17 18:07:09 | 000,000,044 | ---- | C] () -- C:\WINDOWS\I6hYicJA3S
    [2011/01/17 18:07:09 | 000,000,044 | ---- | C] () -- C:\WINDOWS\Hllw7ED
    [2011/01/17 18:07:09 | 000,000,044 | ---- | C] () -- C:\WINDOWS\excf5
    [2011/01/17 18:07:09 | 000,000,044 | ---- | C] () -- C:\WINDOWS\2AxueOjfH
    [2011/01/17 18:07:09 | 000,000,043 | ---- | C] () -- C:\WINDOWS\Y2gCA3R
    [2011/01/17 18:07:09 | 000,000,043 | ---- | C] () -- C:\WINDOWS\XNGUm
    [2011/01/17 18:07:09 | 000,000,043 | ---- | C] () -- C:\WINDOWS\ClG7wDcCA6
    [2011/01/17 18:07:09 | 000,000,043 | ---- | C] () -- C:\WINDOWS\Bs2m7
    [2011/01/17 18:07:09 | 000,000,042 | ---- | C] () -- C:\WINDOWS\Y4aRDeKi
    [2011/01/17 18:07:09 | 000,000,042 | ---- | C] () -- C:\WINDOWS\GElIqO
    [2011/01/17 18:07:09 | 000,000,042 | ---- | C] () -- C:\WINDOWS\EgtaGlPSn
    [2011/01/17 18:07:09 | 000,000,042 | ---- | C] () -- C:\WINDOWS\d6VqmEED
    [2011/01/17 18:07:09 | 000,000,042 | ---- | C] () -- C:\WINDOWS\4kLkF
    [2011/01/17 18:07:09 | 000,000,041 | ---- | C] () -- C:\WINDOWS\uCKsvH
    [2011/01/17 18:07:09 | 000,000,041 | ---- | C] () -- C:\WINDOWS\lF7dA
    [2011/01/17 18:07:09 | 000,000,041 | ---- | C] () -- C:\WINDOWS\hdxUaetJ
    [2011/01/17 18:07:09 | 000,000,040 | ---- | C] () -- C:\WINDOWS\yFIlMW
    [2011/01/17 18:07:09 | 000,000,040 | ---- | C] () -- C:\WINDOWS\sMftko7U5
    [2011/01/17 18:07:09 | 000,000,040 | ---- | C] () -- C:\WINDOWS\O14OOtm
    [2011/01/17 18:07:09 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nMp6T
    [2011/01/17 18:07:09 | 000,000,040 | ---- | C] () -- C:\WINDOWS\kJnPGuxLa
    [2011/01/17 18:07:09 | 000,000,040 | ---- | C] () -- C:\WINDOWS\ignc5nJmi
    [2011/01/17 18:07:09 | 000,000,040 | ---- | C] () -- C:\WINDOWS\2pvNUHB
    [2011/01/17 18:07:09 | 000,000,039 | ---- | C] () -- C:\WINDOWS\y3c6NQ
    [2011/01/17 18:07:09 | 000,000,039 | ---- | C] () -- C:\WINDOWS\XguGQgm
    [2011/01/17 18:07:09 | 000,000,039 | ---- | C] () -- C:\WINDOWS\nCGp7Inyy8
    [2011/01/17 18:07:09 | 000,000,039 | ---- | C] () -- C:\WINDOWS\3PWAT
    [2011/01/17 18:07:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\p4tFS73C8
    [2011/01/17 18:07:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\oFavpHE
    [2011/01/17 18:07:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\MoUb3
    [2011/01/17 18:07:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\k5JNwo
    [2011/01/17 18:07:09 | 000,000,037 | ---- | C] () -- C:\WINDOWS\aocJOpGaI
    [2011/01/17 18:07:09 | 000,000,037 | ---- | C] () -- C:\WINDOWS\7Ssd7nroKT
    [2011/01/17 18:07:09 | 000,000,037 | ---- | C] () -- C:\WINDOWS\4jVbl
    [2011/01/17 18:07:09 | 000,000,036 | ---- | C] () -- C:\WINDOWS\w5L3V8d3G4
    [2011/01/17 18:07:09 | 000,000,036 | ---- | C] () -- C:\WINDOWS\qTKQjvWAk
    [2011/01/17 18:07:09 | 000,000,036 | ---- | C] () -- C:\WINDOWS\nYb8DqV
    [2011/01/17 18:07:09 | 000,000,036 | ---- | C] () -- C:\WINDOWS\5Rtlo
    [2011/01/17 18:07:09 | 000,000,035 | ---- | C] () -- C:\WINDOWS\pWlrBpNrd
    [2011/01/17 18:07:09 | 000,000,035 | ---- | C] () -- C:\WINDOWS\NNJWxceg
    [2011/01/17 18:07:09 | 000,000,035 | ---- | C] () -- C:\WINDOWS\iHWYueYjP
    [2011/01/17 18:07:09 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Os8NVKnoek
    [2011/01/17 18:07:09 | 000,000,034 | ---- | C] () -- C:\WINDOWS\ITSMsSFxG
    [2011/01/17 18:07:09 | 000,000,034 | ---- | C] () -- C:\WINDOWS\iPrdtIX
    [2011/01/17 18:07:09 | 000,000,033 | ---- | C] () -- C:\WINDOWS\FIYg17O
    [2011/01/17 18:07:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\pSGex4mkEX
    [2011/01/17 18:07:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\ldfkLVWd5
    [2011/01/17 18:07:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\fPpw1wx
    [2011/01/17 18:07:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\ehfGHeMqmH
    [2011/01/17 18:07:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\cqT73Kkrqg
    [2011/01/17 18:07:09 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Bvqha
    [2011/01/17 18:07:09 | 000,000,031 | ---- | C] () -- C:\WINDOWS\WOi3DI
    [2011/01/17 18:07:09 | 000,000,031 | ---- | C] () -- C:\WINDOWS\LH8U36Cr
    [2011/01/17 18:07:09 | 000,000,031 | ---- | C] () -- C:\WINDOWS\gFKAKt1qF
    [2011/01/17 18:07:09 | 000,000,031 | ---- | C] () -- C:\WINDOWS\8biiMRj
    [2011/01/17 18:07:09 | 000,000,030 | ---- | C] () -- C:\WINDOWS\RaNokcC
    [2011/01/17 18:07:09 | 000,000,030 | ---- | C] () -- C:\WINDOWS\mLx4Q6M
    [2011/01/17 18:07:09 | 000,000,030 | ---- | C] () -- C:\WINDOWS\JtvaSiB
    [2011/01/17 18:07:09 | 000,000,030 | ---- | C] () -- C:\WINDOWS\h5oDwMa6
    [2011/01/17 18:07:09 | 000,000,030 | ---- | C] () -- C:\WINDOWS\5eOexm
    [2011/01/17 18:07:09 | 000,000,029 | ---- | C] () -- C:\WINDOWS\uLVAps1Np
    [2011/01/17 18:07:09 | 000,000,029 | ---- | C] () -- C:\WINDOWS\CCgPBY1a
    [2011/01/17 18:07:09 | 000,000,029 | ---- | C] () -- C:\WINDOWS\7QQlj78i
    [2011/01/17 18:07:09 | 000,000,029 | ---- | C] () -- C:\WINDOWS\45e6DK5oRi
    [2011/01/17 18:07:09 | 000,000,028 | ---- | C] () -- C:\WINDOWS\V4jNEIf1oJ
    [2011/01/17 18:07:09 | 000,000,028 | ---- | C] () -- C:\WINDOWS\IgFj75oRh
    [2011/01/17 18:07:09 | 000,000,028 | ---- | C] () -- C:\WINDOWS\GnOJEOW
    [2011/01/17 18:07:09 | 000,000,028 | ---- | C] () -- C:\WINDOWS\FLYkS
    [2011/01/17 18:07:09 | 000,000,028 | ---- | C] () -- C:\WINDOWS\b31Oi1GRP
    [2011/01/17 18:07:09 | 000,000,028 | ---- | C] () -- C:\WINDOWS\3XkypbOv2
    [2011/01/17 18:07:09 | 000,000,027 | ---- | C] () -- C:\WINDOWS\calmlS6tS
    [2011/01/17 18:07:09 | 000,000,026 | ---- | C] () -- C:\WINDOWS\LBILmrYc
    [2011/01/17 18:07:09 | 000,000,026 | ---- | C] () -- C:\WINDOWS\2T8esRwaW
    [2011/01/17 18:07:09 | 000,000,025 | ---- | C] () -- C:\WINDOWS\EhPUBO
    [2011/01/17 18:07:08 | 000,000,043 | ---- | C] () -- C:\WINDOWS\WlMfD4
    [2011/01/17 18:07:08 | 000,000,039 | ---- | C] () -- C:\WINDOWS\lHaxOG
    [2011/01/17 18:07:08 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Vuktdt
    [2011/01/17 18:07:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\31c7Dn5c
    [2011/01/17 18:07:08 | 000,000,033 | ---- | C] () -- C:\WINDOWS\C4ywfGIdA
    [2011/01/17 18:07:08 | 000,000,030 | ---- | C] () -- C:\WINDOWS\4I5WGIT
    [2011/01/17 18:07:08 | 000,000,027 | ---- | C] () -- C:\WINDOWS\DQxjxlU
    [2010/04/15 17:17:25 | 000,000,938 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1331231679
    [2010/04/05 00:28:59 | 000,013,598 | -HS- | C] () -- C:\Documents and Settings\Tilty\Local Settings\Application Data\VHx0W
    [2010/04/05 00:28:59 | 000,011,990 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VHx0W
    [2008/03/30 18:51:18 | 000,000,127 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2008/03/30 18:51:18 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\Tilty\Application Data\.zreglib
    [2008/02/29 19:09:29 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
    [2007/07/26 14:56:04 | 000,038,464 | ---- | C] () -- C:\Documents and Settings\Tilty\Application Data\Comma Separated Values (Windows).ADR
    [2007/06/16 11:45:59 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2007/06/16 11:42:23 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX6000EFDG.ini
    [2007/05/11 16:30:16 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2007/05/02 18:09:55 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
    [2007/01/05 23:50:30 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Tilty\Application Data\$_hpcst$.hpc
    [2006/11/15 22:05:32 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2006/06/21 20:43:51 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
    [2006/06/21 20:39:46 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
    [2006/06/21 20:39:46 | 000,012,500 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
    [2006/05/28 14:35:22 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\311A500804.sys
    [2006/05/28 14:02:32 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0408501A31.sys
    [2006/05/28 14:02:23 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2006/05/27 20:36:39 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
    [2006/05/27 17:25:39 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
    [2006/05/22 21:57:05 | 000,053,725 | ---- | C] () -- C:\WINDOWS\UNDPX1K.sys
    [2006/05/19 23:53:04 | 000,224,256 | ---- | C] () -- C:\Documents and Settings\Tilty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/05/19 10:03:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/05/18 20:29:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/05/18 20:22:28 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
    [2006/05/18 20:10:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
    [2006/05/18 20:07:36 | 000,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
    [2006/05/18 20:01:19 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
    [2006/05/16 18:34:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/05/16 18:31:36 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/05/16 18:03:28 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
    [2006/05/16 18:03:28 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
    [2006/05/16 18:03:28 | 000,000,190 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2006/05/16 18:03:26 | 000,050,432 | R--- | C] () -- C:\WINDOWS\System32\claptn.ini
    [2006/05/16 18:01:08 | 000,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2009/07/29 12:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
    [2011/02/02 21:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2011/01/17 20:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2006/06/21 20:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
    [2011/01/17 21:40:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/12/03 14:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    [2008/03/30 18:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
    [2007/03/03 17:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
    [2011/02/02 21:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2007/01/20 18:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2009/03/08 13:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
    [2006/12/04 18:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2008/09/13 09:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2006/05/16 18:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/05/23 14:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/01/30 23:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2006/05/20 21:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\.BitTornado
    [2010/09/30 22:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\Affinegy
    [2011/01/17 21:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\AVG10
    [2007/01/25 21:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\Datalayer
    [2007/03/25 12:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\flightgear.org
    [2010/12/03 13:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\JacquieLawsonAdventCalendar
    [2006/05/21 22:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\Leadertech
    [2007/03/03 17:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\Locktime
    [2007/01/20 18:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\Nokia
    [2007/01/20 19:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\PC Suite
    [2008/03/30 19:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\SlySoft
    [2010/10/04 06:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\Spotify
    [2008/03/09 17:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\Template
    [2011/01/10 20:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\uTorrent
    [2009/02/20 13:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\Viewpoint
    [2009/03/28 10:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\yoclient

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/05/19 10:13:32 | 000,000,741 | ---- | M] () -- C:\892.cin
    [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/08/10 23:23:43 | 000,000,246 | -HS- | M] () -- C:\Boot.bak
    [2010/04/14 19:50:07 | 000,000,282 | -HS- | M] () -- C:\boot.ini
    [2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2011/01/18 00:09:53 | 000,012,044 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2008/12/06 18:47:28 | 000,000,230 | ---- | M] () -- C:\config.xml
    [2007/02/03 20:59:51 | 000,103,612 | ---- | M] () -- C:\debug.log
    [2006/05/16 18:07:18 | 000,005,252 | RH-- | M] () -- C:\dell.sdr
    [2011/02/02 21:50:58 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
    [2010/04/14 18:35:34 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2006/05/16 18:29:25 | 000,000,910 | -H-- | M] () -- C:\IPH.PH
    [2009/09/10 20:27:30 | 000,019,871 | ---- | M] () -- C:\JavaRa.log
    [2010/05/16 17:30:53 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/04 10:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/06/12 20:56:03 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/02/02 21:50:51 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
    [2006/11/16 22:54:15 | 000,000,000 | ---- | M] () -- C:\tasklist.txt
    [2011/02/02 20:29:53 | 000,058,982 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_02.02.2011_20.28.01_log.txt

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2010/04/14 19:25:21 | 003,919,872 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2010/04/02 13:22:58 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
    [2010/04/14 19:25:21 | 044,302,336 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2010/04/14 19:25:21 | 019,398,656 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-13 03:05:15
    < End of report >




    OTL Extras logfile created on: 02/02/2011 21:57:17 - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Tilty\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1,022.00 Mb Total Physical Memory | 340.00 Mb Available Physical Memory | 33.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 229.77 Gb Total Space | 154.93 Gb Free Space | 67.43% Space Free | Partition Type: NTFS

    Computer Name: DAVE | User Name: Tilty | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
    "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
    "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" = C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe:LocalSubNet:Enabled:Wireless Manager -- (Affinegy, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
    "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
    "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver -- (www.sopcast.com)
    "C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
    "C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
    "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" = C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe:LocalSubNet:Enabled:Wireless Manager -- (Affinegy, Inc.)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
    "{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
    "{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
    "{2C4A5877-21D1-4A15-9D20-24BA54A24093}" = Playlist tool
    "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3EC91FDF-FE9A-43D5-96C4-8A9C24372500}" = Maxtor OneTouch
    "{3F692FA9-348B-4264-B4EA-DE6BFA45D8AE}" = Microsoft WorldWide Telescope
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
    "{544FB392-069D-4BA5-9DC7-FFD47230AEE5}" = Photohands 1.0E
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{70B45586-B51E-4947-A258-A895596C5CED}" = Photo Loader 2.2E
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}" = Iomega Product Registration
    "{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB6E84D0-AA30-11D1-A245-00A024C41DAA}" = Celestron's TheSky (Remove only)
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
    "{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
    "{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
    "{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
    "{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
    "{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
    "{EFA2BBEB-CF93-493B-904B-1B970B8DFAB6}" = Logitech QuickCam
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}" = Nero 7 Ultra Edition
    "{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
    "Acala 3GP Movies Free_is1" = Acala 3GP Movies Free 2.2.9
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "AnyDVD" = AnyDVD
    "ATI Display Driver" = ATI Display Driver
    "AVG" = AVG 2011
    "CloneDVD2" = CloneDVD2
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Creative Jukebox Driver" = Creative Jukebox Driver
    "DellSupport" = Dell Support 5.0.0 (630)
    "EPSON Printer and Utilities" = EPSON Printer Software
    "EPSON Scanner" = EPSON Scan
    "ESDX6000_CX5900 User's Guide" = ESDX6000_CX5900 User's Guide
    "Google Updater" = Google Updater
    "Governor of Poker1.0" = Governor of Poker
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
    "InstallShield_{3EC91FDF-FE9A-43D5-96C4-8A9C24372500}" = Maxtor OneTouch
    "IrfanView" = IrfanView (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
    "MP3 Player Recovery Tool_is1" = MP3 Player Recovery Tool
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MXOFX" = USB Storage Adapter FX (MXO)
    "NetLimiter 2 Monitor" = NetLimiter 2 Monitor (remove only)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NTFS Undelete_is1" = NTFS Undelete v0.94
    "PartyPoker" = PartyPoker
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "Recuva" = Recuva
    "SopCast" = SopCast 3.0.1
    "Spotify" = Spotify
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "SysInfo" = Creative System Information
    "uTorrent" = µTorrent
    "Video Converter 3" = Video Converter 3
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VLC media player" = VideoLAN VLC media player 0.8.5
    "WebSTAR 100 & 200 Series Uninstall" = Scientific Atlanta WebSTAR 100 & 200 series Cable Modem
    "WebSTAR Uninstall" = WebSTAR DPX USB Cable Modem Adapter
    "WinAVIVideoConverter_is1" = WinAVIVideoConverter
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 17/01/2011 17:29:08 | Computer Name = DAVE | Source = ESENT | ID = 490
    Description = wuauclt (3956) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
    for read / write access failed with system error 32 (0x00000020): "The process
    cannot access the file because it is being used by another process. ". The open
    file operation will fail with error -1032 (0xfffffbf8).

    Error - 17/01/2011 17:29:19 | Computer Name = DAVE | Source = ESENT | ID = 490
    Description = wuauclt (684) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
    for read / write access failed with system error 32 (0x00000020): "The process
    cannot access the file because it is being used by another process. ". The open
    file operation will fail with error -1032 (0xfffffbf8).

    Error - 30/01/2011 12:02:32 | Computer Name = DAVE | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 30/01/2011 12:12:44 | Computer Name = DAVE | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 30/01/2011 12:12:44 | Computer Name = DAVE | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 30/01/2011 13:35:41 | Computer Name = DAVE | Source = Application Error | ID = 1000
    Description = Faulting application vooifeh.exe, version 1.0.0.0, faulting module
    advapi32.dll, version 5.1.2600.5755, fault address 0x0000c328.

    Error - 02/02/2011 16:09:33 | Computer Name = DAVE | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 02/02/2011 16:09:42 | Computer Name = DAVE | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The specified server cannot perform the requested operation.

    Error - 02/02/2011 16:27:57 | Computer Name = DAVE | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 02/02/2011 16:27:59 | Computer Name = DAVE | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    [ System Events ]
    Error - 02/02/2011 16:31:08 | Computer Name = DAVE | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 02/02/2011 16:31:27 | Computer Name = DAVE | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 02/02/2011 16:32:16 | Computer Name = DAVE | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    ElbyCDIO Fips intelppm sptd

    Error - 02/02/2011 17:25:29 | Computer Name = DAVE | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 02/02/2011 17:26:36 | Computer Name = DAVE | Source = Service Control Manager | ID = 7000
    Description = The Remote Packet Capture Protocol v.0 (experimental) service failed
    to start due to the following error: %%3

    Error - 02/02/2011 17:26:41 | Computer Name = DAVE | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    sptd tffsport

    Error - 02/02/2011 17:26:50 | Computer Name = DAVE | Source = sptd | ID = 262148
    Description = Driver detected an internal error in its data structures for .

    Error - 02/02/2011 17:51:16 | Computer Name = DAVE | Source = sptd | ID = 262148
    Description = Driver detected an internal error in its data structures for .

    Error - 02/02/2011 17:51:53 | Computer Name = DAVE | Source = Service Control Manager | ID = 7000
    Description = The Remote Packet Capture Protocol v.0 (experimental) service failed
    to start due to the following error: %%3

    Error - 02/02/2011 17:52:00 | Computer Name = DAVE | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    sptd tffsport


    < End of report >
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Dave,

    Still a lot going on in those logs, may take a couple of goes to get them all. As follows please :-

    Re-Run [​IMG] by double left click, Vista and Widows 7 users right click and select Run as Administrator.
    • Under the [​IMG] box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
      SRV - File not found [Disabled | Stopped] -- -- (HidServ)
      SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
      FF - prefs.js..network.proxy.http: "127.0.0.1"
      FF - prefs.js..network.proxy.http_port: 5555
      FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
      O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - File not found
      O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
      O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\blueyonder Instant Support Tool.lnk = File not found
      O4 - Startup: C:\Documents and Settings\Tilty\Start Menu\Programs\Startup\Jacquie Lawson Advent Calendar.lnk = File not found
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - File not found
      :Services
      
      :Reg
      
      :Files
      ipconfig /flushdns /c
      C:\WINDOWS\VYWnuxO
      C:\WINDOWS\jPToXpud
      C:\WINDOWS\xia5b
      C:\WINDOWS\ja1Fju
      C:\WINDOWS\F3KhQsegnb
      C:\WINDOWS\3LaFX
      C:\WINDOWS\yWtCUTMp5
      C:\WINDOWS\XfnPNQyC6I
      C:\WINDOWS\8KJLK
      C:\WINDOWS\qakTXKXG
      C:\WINDOWS\LIRWAjbJL
      C:\WINDOWS\KgkacKvFkr
      C:\WINDOWS\aO7CsaqTeE
      C:\WINDOWS\WpfC6U
      C:\WINDOWS\TvxkqPyhab
      C:\WINDOWS\LobYqvG8
      C:\WINDOWS\I6hYicJA3S
      C:\WINDOWS\Hllw7ED
      C:\WINDOWS\excf5
      C:\WINDOWS\2AxueOjfH
      C:\WINDOWS\Y2gCA3R
      C:\WINDOWS\XNGUm
      C:\WINDOWS\ClG7wDcCA6
      C:\WINDOWS\Bs2m7
      C:\WINDOWS\Y4aRDeKi
      C:\WINDOWS\GElIqO
      C:\WINDOWS\EgtaGlPSn
      C:\WINDOWS\d6VqmEED
      C:\WINDOWS\4kLkF
      C:\WINDOWS\uCKsvH
      C:\WINDOWS\lF7dA
      C:\WINDOWS\hdxUaetJ
      C:\WINDOWS\yFIlMW
      C:\WINDOWS\sMftko7U5
      C:\WINDOWS\O14OOtm
      C:\WINDOWS\nMp6T
      C:\WINDOWS\kJnPGuxLa
      C:\WINDOWS\ignc5nJmi
      C:\WINDOWS\2pvNUHB
      C:\WINDOWS\y3c6NQ
      C:\WINDOWS\XguGQgm
      C:\WINDOWS\nCGp7Inyy8
      C:\WINDOWS\3PWAT
      C:\WINDOWS\p4tFS73C8
      C:\WINDOWS\oFavpHE
      C:\WINDOWS\MoUb3
      C:\WINDOWS\k5JNwo
      C:\WINDOWS\aocJOpGaI
      C:\WINDOWS\7Ssd7nroKT
      C:\WINDOWS\4jVbl
      C:\WINDOWS\w5L3V8d3G4
      C:\WINDOWS\qTKQjvWAk
      C:\WINDOWS\nYb8DqV
      C:\WINDOWS\5Rtlo
      C:\WINDOWS\pWlrBpNrd
      C:\WINDOWS\NNJWxceg
      C:\WINDOWS\iHWYueYjP
      C:\WINDOWS\Os8NVKnoek
      C:\WINDOWS\ITSMsSFxG
      C:\WINDOWS\iPrdtIX
      C:\WINDOWS\FIYg17O
      C:\WINDOWS\pSGex4mkEX
      C:\WINDOWS\ldfkLVWd5
      C:\WINDOWS\fPpw1wx
      C:\WINDOWS\ehfGHeMqmH
      C:\WINDOWS\cqT73Kkrqg
      C:\WINDOWS\Bvqha
      C:\WINDOWS\WOi3DI
      C:\WINDOWS\LH8U36Cr
      C:\WINDOWS\gFKAKt1qF
      C:\WINDOWS\8biiMRj
      C:\WINDOWS\RaNokcC
      C:\WINDOWS\mLx4Q6M
      C:\WINDOWS\JtvaSiB
      C:\WINDOWS\h5oDwMa6
      C:\WINDOWS\5eOexm
      C:\WINDOWS\uLVAps1Np
      C:\WINDOWS\CCgPBY1a
      C:\WINDOWS\7QQlj78i
      C:\WINDOWS\45e6DK5oRi
      C:\WINDOWS\V4jNEIf1oJ
      C:\WINDOWS\IgFj75oRh
      C:\WINDOWS\GnOJEOW
      C:\WINDOWS\FLYkS
      C:\WINDOWS\b31Oi1GRP
      C:\WINDOWS\3XkypbOv2
      C:\WINDOWS\calmlS6tS
      C:\WINDOWS\LBILmrYc
      C:\WINDOWS\2T8esRwaW
      C:\WINDOWS\EhPUBO
      C:\WINDOWS\WlMfD4
      C:\WINDOWS\lHaxOG
      C:\WINDOWS\Vuktdt
      C:\WINDOWS\31c7Dn5c
      C:\WINDOWS\C4ywfGIdA
      C:\WINDOWS\4I5WGIT
      C:\WINDOWS\DQxjxlU
      :Commands
      [emptytemp]
      [EMPTYFLASH]
      [CREATERESTOREPOINT]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

    Post the two logs OTL Fix and OTL quick scan.

    Kevin
     
  14. Dangerous_Dave

    Dangerous_Dave Thread Starter

    Joined:
    Feb 27, 2009
    Messages:
    74
    Evening Kevin

    Two logs as follows:

    OTL Fix

    All processes killed
    ========== OTL ==========
    Error: No service named rpcapd) Remote Packet Capture Protocol v.0 (experimental was found to stop!
    Service\Driver key rpcapd) Remote Packet Capture Protocol v.0 (experimental not found.
    Service HidServ stopped successfully!
    Service HidServ deleted successfully!
    Service AppMgmt stopped successfully!
    Service AppMgmt deleted successfully!
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Prefs.js: "127.0.0.1" removed from network.proxy.http
    Prefs.js: 5555 removed from network.proxy.http_port
    Prefs.js: "localho,t,127.0.0.1,*.local" removed from network.proxy.no_proxies_on
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\ deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\blueyonder Instant Support Tool.lnk moved successfully.
    C:\Documents and Settings\Tilty\Start Menu\Programs\Startup\Jacquie Lawson Advent Calendar.lnk moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Tilty\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Tilty\Desktop\cmd.txt deleted successfully.
    C:\WINDOWS\VYWnuxO moved successfully.
    C:\WINDOWS\jPToXpud moved successfully.
    C:\WINDOWS\xia5b moved successfully.
    C:\WINDOWS\ja1Fju moved successfully.
    C:\WINDOWS\F3KhQsegnb moved successfully.
    C:\WINDOWS\3LaFX moved successfully.
    C:\WINDOWS\yWtCUTMp5 moved successfully.
    C:\WINDOWS\XfnPNQyC6I moved successfully.
    C:\WINDOWS\8KJLK moved successfully.
    C:\WINDOWS\qakTXKXG moved successfully.
    C:\WINDOWS\LIRWAjbJL moved successfully.
    C:\WINDOWS\KgkacKvFkr moved successfully.
    C:\WINDOWS\aO7CsaqTeE moved successfully.
    C:\WINDOWS\WpfC6U moved successfully.
    C:\WINDOWS\TvxkqPyhab moved successfully.
    C:\WINDOWS\LobYqvG8 moved successfully.
    C:\WINDOWS\I6hYicJA3S moved successfully.
    C:\WINDOWS\Hllw7ED moved successfully.
    C:\WINDOWS\excf5 moved successfully.
    C:\WINDOWS\2AxueOjfH moved successfully.
    C:\WINDOWS\Y2gCA3R moved successfully.
    C:\WINDOWS\XNGUm moved successfully.
    C:\WINDOWS\ClG7wDcCA6 moved successfully.
    C:\WINDOWS\Bs2m7 moved successfully.
    C:\WINDOWS\Y4aRDeKi moved successfully.
    C:\WINDOWS\GElIqO moved successfully.
    C:\WINDOWS\EgtaGlPSn moved successfully.
    C:\WINDOWS\d6VqmEED moved successfully.
    C:\WINDOWS\4kLkF moved successfully.
    C:\WINDOWS\uCKsvH moved successfully.
    C:\WINDOWS\lF7dA moved successfully.
    C:\WINDOWS\hdxUaetJ moved successfully.
    C:\WINDOWS\yFIlMW moved successfully.
    C:\WINDOWS\sMftko7U5 moved successfully.
    C:\WINDOWS\O14OOtm moved successfully.
    C:\WINDOWS\nMp6T moved successfully.
    C:\WINDOWS\kJnPGuxLa moved successfully.
    C:\WINDOWS\ignc5nJmi moved successfully.
    C:\WINDOWS\2pvNUHB moved successfully.
    C:\WINDOWS\y3c6NQ moved successfully.
    C:\WINDOWS\XguGQgm moved successfully.
    C:\WINDOWS\nCGp7Inyy8 moved successfully.
    C:\WINDOWS\3PWAT moved successfully.
    C:\WINDOWS\p4tFS73C8 moved successfully.
    C:\WINDOWS\oFavpHE moved successfully.
    C:\WINDOWS\MoUb3 moved successfully.
    C:\WINDOWS\k5JNwo moved successfully.
    C:\WINDOWS\aocJOpGaI moved successfully.
    C:\WINDOWS\7Ssd7nroKT moved successfully.
    C:\WINDOWS\4jVbl moved successfully.
    C:\WINDOWS\w5L3V8d3G4 moved successfully.
    C:\WINDOWS\qTKQjvWAk moved successfully.
    C:\WINDOWS\nYb8DqV moved successfully.
    C:\WINDOWS\5Rtlo moved successfully.
    C:\WINDOWS\pWlrBpNrd moved successfully.
    C:\WINDOWS\NNJWxceg moved successfully.
    C:\WINDOWS\iHWYueYjP moved successfully.
    C:\WINDOWS\Os8NVKnoek moved successfully.
    C:\WINDOWS\ITSMsSFxG moved successfully.
    C:\WINDOWS\iPrdtIX moved successfully.
    C:\WINDOWS\FIYg17O moved successfully.
    C:\WINDOWS\pSGex4mkEX moved successfully.
    C:\WINDOWS\ldfkLVWd5 moved successfully.
    C:\WINDOWS\fPpw1wx moved successfully.
    C:\WINDOWS\ehfGHeMqmH moved successfully.
    C:\WINDOWS\cqT73Kkrqg moved successfully.
    C:\WINDOWS\Bvqha moved successfully.
    C:\WINDOWS\WOi3DI moved successfully.
    C:\WINDOWS\LH8U36Cr moved successfully.
    C:\WINDOWS\gFKAKt1qF moved successfully.
    C:\WINDOWS\8biiMRj moved successfully.
    C:\WINDOWS\RaNokcC moved successfully.
    C:\WINDOWS\mLx4Q6M moved successfully.
    C:\WINDOWS\JtvaSiB moved successfully.
    C:\WINDOWS\h5oDwMa6 moved successfully.
    C:\WINDOWS\5eOexm moved successfully.
    C:\WINDOWS\uLVAps1Np moved successfully.
    C:\WINDOWS\CCgPBY1a moved successfully.
    C:\WINDOWS\7QQlj78i moved successfully.
    C:\WINDOWS\45e6DK5oRi moved successfully.
    C:\WINDOWS\V4jNEIf1oJ moved successfully.
    C:\WINDOWS\IgFj75oRh moved successfully.
    C:\WINDOWS\GnOJEOW moved successfully.
    C:\WINDOWS\FLYkS moved successfully.
    C:\WINDOWS\b31Oi1GRP moved successfully.
    C:\WINDOWS\3XkypbOv2 moved successfully.
    C:\WINDOWS\calmlS6tS moved successfully.
    C:\WINDOWS\LBILmrYc moved successfully.
    C:\WINDOWS\2T8esRwaW moved successfully.
    C:\WINDOWS\EhPUBO moved successfully.
    C:\WINDOWS\WlMfD4 moved successfully.
    C:\WINDOWS\lHaxOG moved successfully.
    C:\WINDOWS\Vuktdt moved successfully.
    C:\WINDOWS\31c7Dn5c moved successfully.
    C:\WINDOWS\C4ywfGIdA moved successfully.
    C:\WINDOWS\4I5WGIT moved successfully.
    C:\WINDOWS\DQxjxlU moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: Owner

    User: Tilty
    ->Temp folder emptied: 195354 bytes
    ->Temporary Internet Files folder emptied: 15315903 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 997 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 314315 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 15.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Owner

    User: Tilty
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Error starting restore point: The function was called in safe mode.
    Error closing restore point: The sequence number is invalid.

    OTL by OldTimer - Version 3.2.20.6 log created on 02032011_172532
    Files\Folders moved on Reboot...
    C:\Documents and Settings\Tilty\Local Settings\Temporary Internet Files\Content.IE5\VU8HT5EZ\975562-rootkit-problem-causing-links-redirect[2].htm moved successfully.
    C:\Documents and Settings\Tilty\Local Settings\Temporary Internet Files\Content.IE5\FNMND4DY\01[1].htm moved successfully.
    C:\Documents and Settings\Tilty\Local Settings\Temporary Internet Files\Content.IE5\FNMND4DY\iframe3[1].htm moved successfully.
    C:\Documents and Settings\Tilty\Local Settings\Temporary Internet Files\Content.IE5\6HKWK49E\937893[2].htm moved successfully.
    C:\Documents and Settings\Tilty\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
    Registry entries deleted on Reboot...


    OTL txt

    OTL logfile created on: 03/02/2011 17:28:47 - Run 2
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Tilty\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1,022.00 Mb Total Physical Memory | 374.00 Mb Available Physical Memory | 37.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 229.77 Gb Total Space | 154.91 Gb Free Space | 67.42% Space Free | Partition Type: NTFS

    Computer Name: DAVE | User Name: Tilty | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/02/02 21:56:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tilty\Desktop\OTL.exe
    PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2008/05/26 15:20:50 | 000,585,728 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
    PRC - [2008/05/26 15:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
    PRC - [2008/05/26 15:09:24 | 000,044,032 | ---- | M] () -- C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
    PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/05/17 09:52:04 | 000,505,368 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    PRC - [2007/05/11 16:30:50 | 000,133,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2007/05/11 16:28:56 | 000,187,168 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    PRC - [2006/06/26 16:13:40 | 001,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    PRC - [2006/06/26 16:13:24 | 000,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
    PRC - [2006/05/16 18:28:47 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
    PRC - [2006/03/02 03:00:18 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
    PRC - [2006/03/02 02:53:36 | 000,717,312 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
    PRC - [2005/11/08 11:30:42 | 000,016,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
    PRC - [2005/11/04 17:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    PRC - [2005/10/14 10:01:06 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    PRC - [2005/09/08 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    PRC - [2005/06/10 09:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    PRC - [2004/07/19 06:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
    PRC - [2003/06/18 00:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
    PRC - [2003/05/21 14:30:52 | 000,045,056 | ---- | M] (Maxtor) -- C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
    PRC - [2003/04/07 17:09:48 | 000,118,784 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE


    ========== Modules (SafeList) ==========

    MOD - [2011/02/02 21:56:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tilty\Desktop\OTL.exe
    MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2007/05/11 16:30:38 | 000,113,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
    MOD - [2005/11/08 11:30:42 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/09/24 17:04:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/05/26 15:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
    SRV - [2007/07/19 23:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
    SRV - [2007/05/11 16:30:50 | 000,133,920 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2007/05/11 16:28:56 | 000,187,168 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
    SRV - [2007/04/23 15:18:44 | 000,491,520 | ---- | M] (Locktime Software) [Disabled | Stopped] -- C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe -- (nlsvc)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2010/08/03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2010/08/03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2010/08/03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2008/12/31 13:59:13 | 000,024,872 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV - [2008/12/30 23:53:28 | 000,103,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\anydvd.sys -- (AnyDVD)
    DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
    DRV - [2008/05/26 15:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
    DRV - [2008/04/13 18:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 18:40:50 | 000,149,376 | ---- | M] (M-Systems) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\tffsport.sys -- (tffsport)
    DRV - [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2007/07/19 23:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
    DRV - [2007/05/11 16:30:16 | 000,025,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2007/05/11 16:29:54 | 002,142,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
    DRV - [2007/04/23 16:08:52 | 000,081,688 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nltdi.sys -- (nltdi)
    DRV - [2007/02/16 00:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
    DRV - [2006/11/11 22:09:08 | 000,611,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2006/05/16 18:28:49 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2006/03/27 23:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
    DRV - [2006/02/15 05:40:24 | 001,096,192 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
    DRV - [2005/11/08 12:15:38 | 000,439,680 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV - [2005/11/08 12:15:38 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV - [2005/11/08 12:14:54 | 000,114,688 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2005/11/08 12:14:46 | 000,143,360 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2005/11/08 12:14:44 | 000,077,824 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
    DRV - [2005/11/08 12:14:40 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
    DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2005/08/04 03:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/07/13 09:18:48 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
    DRV - [2005/01/17 13:48:34 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
    DRV - [2005/01/13 14:20:36 | 000,012,500 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
    DRV - [2004/11/05 10:39:08 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
    DRV - [2004/10/19 12:40:56 | 000,028,207 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
    DRV - [2004/10/19 12:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
    DRV - [2004/10/19 10:39:26 | 000,020,096 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
    DRV - [2004/09/21 17:15:34 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
    DRV - [2004/08/04 10:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2004/08/04 10:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2004/08/04 10:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2004/08/04 10:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2004/08/04 10:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2004/08/04 10:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2004/08/04 10:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2004/08/04 10:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2004/08/04 10:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2004/08/04 10:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2004/08/04 10:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2004/08/04 10:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2004/08/04 10:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2004/08/04 10:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2004/08/04 10:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2004/06/10 20:42:38 | 000,015,429 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sacm1K.sys -- (USBCM)
    DRV - [2004/05/18 00:25:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
    DRV - [2003/04/14 15:00:40 | 000,032,512 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
    DRV - [2001/12/17 10:25:58 | 000,015,417 | R--- | M] (Scientific Atlanta) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WebSTAR.sys -- (WebSTARNdis)
    DRV - [2001/08/17 12:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
    DRV - [1999/09/10 11:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.sys -- (Aspi32)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..network.proxy.http: ""
    FF - prefs.js..network.proxy.http_port: ""
    FF - prefs.js..network.proxy.no_proxies_on: ""

    FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/02 21:42:06 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/23 14:51:23 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/01 17:03:42 | 000,000,000 | ---D | M]

    [2010/05/03 21:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tilty\Application Data\Mozilla\Extensions
    [2010/05/05 17:05:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tilty\Application Data\Mozilla\Firefox\Profiles\tpaaj38x.default\extensions
    [2010/05/05 17:05:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tilty\Application Data\Mozilla\Firefox\Profiles\tpaaj38x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/05/03 21:12:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2009/09/10 20:24:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010/04/01 16:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/04/01 16:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/04/01 16:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/04/01 16:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2011/01/17 21:13:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
    O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)
    O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
    O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
    O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} http://static.photobox.co.uk/sg/common/ImageUploader4.cab (PhotoBox uploader)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271357568160 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148033467500 (MUWebControl Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} http://secure2.comned.com/signuptemplates/securelogin-devel.cab (SecureLogin class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/03 17:25:32 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/02/02 21:56:03 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tilty\Desktop\OTL.exe
    [2011/02/02 21:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
    [2011/02/02 21:41:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
    [2011/02/02 21:24:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/02/02 21:22:55 | 000,000,000 | ---D | C] -- C:\_OTM
    [2011/01/18 00:09:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/01/17 21:58:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/01/17 21:58:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/01/17 21:58:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/01/17 21:58:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/01/17 21:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tilty\Application Data\AVG10
    [2011/01/17 21:40:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/01/17 21:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2011/01/17 21:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/01/17 19:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2011/01/17 18:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/01/17 18:12:59 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2006/05/22 21:57:05 | 000,015,429 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm1K.sys
    [2005/11/08 12:38:38 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/02/03 17:33:23 | 000,761,344 | ---- | M] () -- C:\WINDOWS\System32\drivers\junil.sys
    [2011/02/03 17:28:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/02/03 17:27:45 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2011/02/03 17:27:20 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/02/03 17:27:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/02/03 17:27:13 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/03 17:21:50 | 1071,824,896 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
    [2011/02/03 00:16:51 | 000,064,980 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000005-10031102}.rfx
    [2011/02/03 00:16:51 | 000,054,320 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000005-10031102}.rfx
    [2011/02/03 00:16:51 | 000,054,320 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000005-10031102}.rfx
    [2011/02/03 00:16:51 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
    [2011/02/03 00:16:51 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
    [2011/02/02 23:42:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/02/02 21:56:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tilty\Desktop\OTL.exe
    [2011/02/02 21:46:06 | 105,143,951 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011/02/02 21:43:09 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
    [2011/01/30 17:29:46 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/01/30 16:15:44 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Tilty\Desktop\d4z3zv6k.exe
    [2011/01/30 16:10:37 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Tilty\Desktop\dds.scr
    [2011/01/17 21:13:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/01/14 17:40:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/01/10 20:31:02 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

    ========== Files Created - No Company Name ==========

    [2011/02/03 17:27:13 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
    [2011/02/02 21:46:06 | 105,143,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011/02/02 21:43:09 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
    [2011/01/30 16:15:43 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Tilty\Desktop\d4z3zv6k.exe
    [2011/01/30 16:10:34 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Tilty\Desktop\dds.scr
    [2011/01/17 21:58:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/01/17 21:58:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/01/17 21:58:21 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/01/17 21:58:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/01/17 21:58:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/01/17 18:18:34 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/01/17 18:07:42 | 000,761,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\junil.sys
    [2010/04/15 17:17:25 | 000,000,938 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1331231679
    [2010/04/05 00:28:59 | 000,011,990 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VHx0W
    [2008/03/30 18:51:18 | 000,000,127 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2008/03/30 18:51:18 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\Tilty\Application Data\.zreglib
    [2008/02/29 19:09:29 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
    [2007/07/26 14:56:04 | 000,038,464 | ---- | C] () -- C:\Documents and Settings\Tilty\Application Data\Comma Separated Values (Windows).ADR
    [2007/06/16 11:45:59 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2007/06/16 11:42:23 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX6000EFDG.ini
    [2007/05/11 16:30:16 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2007/05/02 18:09:55 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
    [2007/01/05 23:50:30 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Tilty\Application Data\$_hpcst$.hpc
    [2006/11/15 22:05:32 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2006/06/21 20:43:51 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
    [2006/06/21 20:39:46 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
    [2006/06/21 20:39:46 | 000,012,500 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
    [2006/05/28 14:35:22 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\311A500804.sys
    [2006/05/28 14:02:32 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0408501A31.sys
    [2006/05/28 14:02:23 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2006/05/27 20:36:39 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
    [2006/05/27 17:25:39 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
    [2006/05/22 21:57:05 | 000,053,725 | ---- | C] () -- C:\WINDOWS\UNDPX1K.sys
    [2006/05/19 10:03:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/05/18 20:29:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/05/18 20:22:28 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
    [2006/05/18 20:10:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
    [2006/05/18 20:07:36 | 000,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
    [2006/05/18 20:01:19 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
    [2006/05/16 18:34:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/05/16 18:31:36 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/05/16 18:03:28 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
    [2006/05/16 18:03:28 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
    [2006/05/16 18:03:28 | 000,000,190 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2006/05/16 18:03:26 | 000,050,432 | R--- | C] () -- C:\WINDOWS\System32\claptn.ini
    [2006/05/16 18:01:08 | 000,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2009/07/29 12:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
    [2011/02/02 21:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2011/01/17 20:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2006/06/21 20:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
    [2011/01/17 21:40:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/12/03 14:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    [2008/03/30 18:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
    [2007/03/03 17:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
    [2011/02/02 21:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2007/01/20 18:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2009/03/08 13:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
    [2006/12/04 18:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2008/09/13 09:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2006/05/16 18:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/05/23 14:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/01/30 23:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2006/05/20 21:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\.BitTornado
    [2010/09/30 22:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\Affinegy
    [2011/01/17 21:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\AVG10
    [2007/01/25 21:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\Datalayer
    [2007/03/25 12:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\flightgear.org
    [2010/12/03 13:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\JacquieLawsonAdventCalendar
    [2006/05/21 22:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\Leadertech
    [2007/03/03 17:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\Locktime
    [2007/01/20 18:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\Nokia
    [2007/01/20 19:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\PC Suite
    [2008/03/30 19:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\SlySoft
    [2010/10/04 06:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\Spotify
    [2008/03/09 17:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\Template
    [2011/01/10 20:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\uTorrent
    [2009/02/20 13:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\Viewpoint
    [2009/03/28 10:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tilty\Application Data\yoclient

    ========== Purity Check ==========


    < End of report >
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Dave,

    Logs look OK, how is your system responding? Run the following scan please and post the log. It willgive overview of your security, Java, Adobe etc

    Download Security Check by screen317 from HERE or HERE.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    We also need to clean up all tools etc if you have no issues...

    Kevin
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/975562

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice