Virus stopping my Google Chrome from connecting

Question

HaydenYi 0 Newbie Poster

13 Years Ago

Hey guys,
I've read some other posts and found some similar problems like mine. For some reason, my AVG is detecting a Trojan Horse under the name of Generic18.XUD
It is in my c:\Windows\Temp\lymj\setup.exe (but when I do go into my Temp folder, i dont see any folder named that)
I can't seem to Move to Vault as it is "not there"
It is blocking my Google Chrome from accessing internet so I have to use Firefox to get on

I ran MAM and the results INITIALLY were

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4986

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

29/10/2010 11:14:12 PM
mbam-log-2010-10-29 (23-14-12).txt

Scan type: Quick scan
Objects scanned: 150495
Time elapsed: 7 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\END (Trojan.FakeAlert) -> Quarantined and deleted successfully.

windows-virus

2 Contributors
32 Replies
713 Views
1 Day Discussion Span
Latest Post 13 Years Ago Latest Post by HaydenYi

All 32 Replies

crunchie 990 Most Valuable Poster

13 Years Ago

Hi and welcome to the Daniweb forums :).

==========

Need to see a GMER log too please, as per the sticky thread at the head of the forum.

====

Are you running Norton as well as AVG on your PC? If AVG is your preferred AV, uninstall Norton from Programs and Features, reboot and then run the Norton uninstall tool. Download it from:http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US

====

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files

:OTL

:Commands
[emptyflash]
[emptytemp]
[resethosts]
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post log from this run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

HaydenYi commented: Fast responsive helper +1

crunchie 990 Most Valuable Poster

13 Years Ago

Please download ComboFix by sUBs from HERE or HERE

You must download it to and run it from your Desktop
Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

crunchie 990 Most Valuable Poster

13 Years Ago

You can try, but if it does not work, do the following, then try and run Combofix immediately after.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
*

If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Now download and run exeHelper.

* Please download

exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

=================================================================

crunchie 990 Most Valuable Poster

13 Years Ago

Can try again please. It may have sorted something out on that run that will allow it to run free :).

crunchie 990 Most Valuable Poster

13 Years Ago

And guess what? It worked! It finally fixed it!

Google Chrome can now connect?
Combofix log looks ok to me.

Just check something for me.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

HaydenYi commented: Helpful to the end +1

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

HaydenYi 0 Newbie Poster · Answer 1 · 2010-10-30T13:22:02+00:00

I thought it fixed the problem so I restarted my laptop and now I've got AVG constantly popping up saying that it detects this Trojan that it can't seem to remove. So I ran MAM again and got

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4986

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

29/10/2010 11:35:03 PM
mbam-log-2010-10-29 (23-35-03).txt

Scan type: Quick scan
Objects scanned: 150531
Time elapsed: 9 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HaydenYi 0 Newbie Poster · Answer 2 · 2010-10-30T13:23:50+00:00

Sorry I had to break this up into many posts, but it seems either the virus or something is stopping me from writing a huge load of results in 1 post
I've got my OTL results but i can't paste it all in here without saying my internet is being blocked

HaydenYi 0 Newbie Poster · Answer 3 · 2010-10-30T13:27:48+00:00

OTL logfile created on: 30/10/2010 6:06:34 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Mum\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

========== Processes (SafeList) ==========

PRC - [2010/10/30 18:04:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mum\Desktop\OTL.exe
PRC - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/06 17:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/06 17:24:36 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/06 17:24:08 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/06 17:24:08 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/02 18:13:26 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/02 18:13:26 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/29 01:16:48 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/23 15:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/11/23 15:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/11/23 15:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009/11/23 15:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009/09/10 18:42:13 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/02 20:41:38 | 001,236,992 | ---- | M] (ExpressService) -- C:\Program Files\kdisk.co.kr\Kdisk(fast)\ExpressService.exe
PRC - [2009/04/11 17:28:15 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/04/11 17:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/27 16:37:24 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2008/12/06 01:48:08 | 000,699,392 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe
PRC - [2008/08/12 19:21:11 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/07/19 14:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/07/10 12:09:26 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008/06/18 17:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/06/04 12:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/03/18 15:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/03/10 09:58:18 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/02/22 09:11:02 | 000,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/02/02 10:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2008/01/24 10:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2008/01/24 05:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2008/01/12 17:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe
PRC - [2007/12/05 05:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007/12/01 06:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/11/05 14:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007/10/03 16:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe
PRC - [2007/09/18 11:05:08 | 000,040,960 | ---- | M] ( ) -- C:\Program Files\ASUS\ATK Media\GPSWatch.exe
PRC - [2007/08/17 17:40:29 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/16 06:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 19:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/04 07:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007/07/06 11:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007/05/24 16:06:56 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2005/07/07 10:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe

========== Modules (SafeList) ==========

MOD - [2010/10/30 18:04:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mum\Desktop\OTL.exe
MOD - [2010/09/01 02:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/02 18:13:26 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 22:19:10 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/12/04 10:29:00 | 003,377,880 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/11/23 15:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/11/23 15:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/09/25 12:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/02 20:41:38 | 001,236,992 | ---- | M] (ExpressService) [Auto | Running] -- C:\Program Files\kdisk.co.kr\Kdisk(fast)\ExpressService.exe -- (ExpressService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/03/18 15:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 13:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 16:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007/08/08 19:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/04 07:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\WacomVKHid.sys -- (WacomVKHid)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - [2010/10/08 15:57:54 | 000,143,184 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010/10/08 15:57:54 | 000,111,568 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2010/10/08 15:57:54 | 000,100,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/10/08 15:57:54 | 000,041,936 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2010/10/08 15:57:54 | 000,031,888 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/07/10 09:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/22 09:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/07/09 13:16:04 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/07/04 01:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/05/20 11:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/01/13 10:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/06 12:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/08/28 17:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/08/12 19:09:47 | 002,159,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/22 13:21:07 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/07/08 21:32:51 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/03 17:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/04/01 18:13:57 | 001,807,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/03/21 15:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/21 13:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 13:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 13:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 13:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 13:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 13:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 13:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 13:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 13:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 13:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 13:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 13:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 13:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 13:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 13:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 13:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 13:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 13:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 13:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 13:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 13:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 13:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 13:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 13:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 13:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/08/17 18:12:27 | 000,190,512 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/08/03 15:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007/07/25 06:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007/05/02 16:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsa.sys -- (nmwcdsa)
DRV - [2007/05/02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacm.sys -- (nmwcdsacm)
DRV - [2007/05/02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacj.sys -- (nmwcdsacj)
DRV - [2007/05/02 16:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsac.sys -- (nmwcdsac)
DRV - [2007/02/16 12:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/12/14 18:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/02 20:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 20:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 20:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 20:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 20:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 20:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 20:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 20:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 20:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 20:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 20:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 19:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 19:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 19:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 19:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 19:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 19:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 18:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 18:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 18:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3787611084-2302980398-4238082244-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKU\S-1-5-21-3787611084-2302980398-4238082244-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKU\S-1-5-21-3787611084-2302980398-4238082244-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3787611084-2302980398-4238082244-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://www.unimelb.edu.au/cgi-bin/proxy.pac

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.wolframalpha.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.93
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..network.proxy.autoconfig_url: "http://www.unimelb.edu.au/cgi-bin/proxy.pac"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/27 19:06:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/18 01:48:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/18 01:48:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b2\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 2\components [2010/08/18 01:48:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 2\plugins [2010/08/18 01:48:25 | 000,000,000 | ---D | M]

[2009/09/13 19:10:13 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Mozilla\Extensions
[2010/10/29 23:25:55 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions
[2009/09/13 19:37:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/08 23:33:10 | 000,000,000 | ---D | M] () -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2010/05/04 01:14:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/30 21:51:41 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/03/14 09:03:22 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions\firebug@software.joehewitt.com
[2010/01/30 21:51:41 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions\personas@christopher.beard
[2009/08/28 23:45:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/31 20:05:32 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
[2008/11/19 00:04:58 | 000,189,952 | ---- | M] ((주) 그래텍) -- C:\Program Files\Mozilla Firefox\plugins\NPGomtvx_nie.dll

O1 HOSTS File: ([2006/09/19 08:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Samsung.PCSync] C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Samsung.PCSync] C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3787611084-2302980398-4238082244-1001..\Run: [EPSON TX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBP.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3787611084-2302980398-4238082244-1001..\Run: [S60 PC Suite Tray] C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe ()
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3787611084-2302980398-4238082244-1001\..Trusted Domains: msn.com ([*.contacts] https in Trusted sites)
O15 - HKU\S-1-5-21-3787611084-2302980398-4238082244-1001\..Trusted Domains: msn.com ([*.storage] https in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3777C31D-20BE-4D86-A566-E63D37BD2798} http://www.kdisk.co.kr/mmsv/KdiskWebControl.CAB (Kdisk File Control1)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8C165CC2-E50D-4D99-9D32-DAF6AB15AA32} http://patch.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2_20090923.cab (MnetHelper6 Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mum\Pictures\abstract-art-wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mum\Pictures\abstract-art-wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{19fd33c8-ae59-11de-a63e-0023545f47dc}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{6bc18bc5-741d-11df-8266-0023545f47dc}\Shell - "" = AutoRun
O33 - MountPoints2\{6bc18bc5-741d-11df-8266-0023545f47dc}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/10/30 18:04:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Mum\Desktop\OTL.exe
[2010/10/29 22:42:09 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Roaming\Malwarebytes
[2010/10/29 22:41:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/29 22:41:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/29 22:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/29 22:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/29 22:40:40 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mum\Desktop\mbam-setup-1.46.exe
[2010/10/29 01:14:31 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/10/28 09:13:15 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Roaming\AVG
[2010/10/28 09:10:11 | 000,000,000 | ---D | C] -- C:\Users\Mum\Desktop\AVG PC Tuneup 2011
[2010/10/28 09:08:42 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Roaming\AVG10
[2010/10/27 19:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2010/10/27 19:08:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/10/27 19:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/10/27 19:06:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/10/27 19:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/10/27 18:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/27 17:43:27 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/27 17:43:24 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/27 17:43:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/26 10:17:36 | 000,000,000 | ---D | C] -- C:\Users\Mum\Documents\Sports Interactive
[2010/10/26 10:17:35 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Roaming\Sports Interactive
[2010/10/20 18:07:58 | 000,000,000 | ---D | C] -- C:\Users\Mum\Desktop\Songs
[2010/10/19 02:25:09 | 000,000,000 | ---D | C] -- C:\Users\Mum\Desktop\HyperX
[2010/10/19 02:18:04 | 000,000,000 | ---D | C] -- C:\Users\Mum\.VirtualBox
[2010/10/19 02:15:58 | 000,143,184 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxDrv.sys
[2010/10/19 02:15:51 | 000,041,936 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSBMon.sys
[2010/10/19 02:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2010/10/19 01:57:08 | 078,805,520 | ---- | C] (Oracle Corporation) -- C:\Users\Mum\Desktop\VirtualBox-3.2.10-66523-Win.exe
[2010/10/18 23:12:48 | 000,000,000 | ---D | C] -- C:\Users\Mum\Desktop\Samsung Backup
[2010/10/18 22:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010/10/18 22:55:14 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Roaming\PC Suite
[2010/10/18 22:55:13 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Roaming\Samsung
[2010/10/18 22:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010/10/18 22:52:56 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DIFxAPI.dll
[2010/10/18 22:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/10/18 22:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/10/18 22:41:27 | 000,021,632 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010/10/18 22:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/10/18 22:36:51 | 000,090,624 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2010/10/18 22:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/10/18 22:35:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010/10/18 19:54:12 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Local\Windows Live
[2010/10/14 00:58:17 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/14 00:57:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/14 00:57:05 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/14 00:56:55 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/14 00:56:55 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/14 00:56:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/14 00:56:53 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/14 00:56:53 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/14 00:56:52 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/14 00:56:52 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/14 00:56:51 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/14 00:56:51 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/14 00:56:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/14 00:56:51 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/14 00:56:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/14 00:56:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/14 00:56:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/14 00:56:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/14 00:56:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/14 00:56:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/14 00:56:42 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/14 00:56:41 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/14 00:56:35 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/14 00:56:31 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/14 00:56:28 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/08 15:57:54 | 000,111,568 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxNetFlt.sys
[2010/10/08 15:57:54 | 000,100,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxNetAdp.sys
[2010/10/08 15:57:54 | 000,031,888 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSB.sys
[2010/10/08 15:57:52 | 000,133,648 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\VBoxNetFltNotify.dll
[2010/10/05 09:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2010/10/05 09:11:41 | 010,200,127 | ---- | C] (Igor Pavlov) -- C:\Users\Mum\Desktop\vpnclient-win-msi-5.0.05.0290-student.exe
[2010/10/04 22:27:11 | 000,000,000 | ---D | C] -- C:\Users\Mum\.vplls
[2010/10/04 22:26:17 | 000,000,000 | ---D | C] -- C:\Users\Mum\vpworkspace
[2008/06/03 17:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2010/10/30 18:08:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1B61112F-E66A-477A-AFE2-4191BC20A530}.job
[2010/10/30 18:04:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mum\Desktop\OTL.exe
[2010/10/30 17:34:41 | 000,604,520 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/30 17:34:41 | 000,107,796 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/30 17:34:00 | 098,021,486 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/10/30 17:28:30 | 000,036,725 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/10/30 17:28:30 | 000,036,725 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/10/30 17:28:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/30 17:28:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/30 17:27:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/29 23:19:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3787611084-2302980398-4238082244-1001UA.job
[2010/10/29 23:17:01 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010/10/29 22:41:57 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/29 22:40:55 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mum\Desktop\mbam-setup-1.46.exe
[2010/10/29 22:36:00 | 000,002,039 | ---- | M] () -- C:\Users\Mum\Desktop\Google Chrome.lnk
[2010/10/29 22:36:00 | 000,002,001 | ---- | M] () -- C:\Users\Mum\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/29 22:28:48 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/29 22:19:02 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3787611084-2302980398-4238082244-1001Core.job
[2010/10/29 01:14:36 | 051,852,493 | ---- | M] () -- C:\Users\Mum\Desktop\July Jamz Top 20 2010.rar.crdownload
[2010/10/29 01:14:36 | 046,851,570 | ---- | M] () -- C:\Users\Mum\Desktop\Junes Hottest 2010 Top 20.rar.crdownload
[2010/10/28 09:18:15 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/28 09:06:51 | 000,385,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/27 22:07:46 | 004,803,396 | ---- | M] () -- C:\Users\Mum\Desktop\Lupe Fiasco - Show Goes On (Prod. by Kane Beatz).mp3
[2010/10/27 21:59:25 | 005,008,525 | ---- | M] () -- C:\Users\Mum\Desktop\Nelly Ft. Akon & T-Pain - Move That Body (Mastered).mp3
[2010/10/27 19:39:11 | 000,000,848 | ---- | M] () -- C:\Users\Mum\Desktop\Virtual DJ Home.lnk
[2010/10/27 18:55:40 | 001,597,836 | ---- | M] () -- C:\Users\Mum\Desktop\Far East Movement - 2 is Better.mp3
[2010/10/27 18:54:08 | 004,744,722 | ---- | M] () -- C:\Users\Mum\Desktop\Far East Movement - White Flag (ft. Kayla Kai).mp3
[2010/10/25 19:28:07 | 000,051,475 | ---- | M] () -- C:\Users\Mum\Desktop\Hayden.jpg
[2010/10/24 09:38:48 | 008,376,320 | ---- | M] () -- C:\Users\Mum\Desktop\Usher - OMG.mp3
[2010/10/24 09:35:31 | 005,294,270 | ---- | M] () -- C:\Users\Mum\Desktop\Usher feat Pitbull - DJ Got Us Falling In Love Again.mp3
[2010/10/20 11:46:17 | 000,209,046 | ---- | M] () -- C:\Users\Mum\Desktop\JustinBieber.png
[2010/10/20 01:17:23 | 005,312,479 | ---- | M] () -- C:\Users\Mum\Desktop\Far East Movement ft. Keri Hilson - Don’t Look Now.mp3
[2010/10/19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/19 02:15:59 | 000,000,972 | ---- | M] () -- C:\Users\Mum\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2010/10/19 02:15:59 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2010/10/19 02:06:57 | 000,829,595 | ---- | M] () -- C:\Users\Mum\Desktop\Samsung-I8910_Omnia_HD-flasher-1.50-Symbian_ROM_Flashing_Tool_v1.50.exe
[2010/10/19 02:01:25 | 012,566,499 | ---- | M] () -- C:\Users\Mum\Desktop\HyperX.rar
[2010/10/19 02:01:06 | 078,805,520 | ---- | M] (Oracle Corporation) -- C:\Users\Mum\Desktop\VirtualBox-3.2.10-66523-Win.exe
[2010/10/18 23:12:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/10/18 22:55:12 | 000,002,535 | ---- | M] () -- C:\Users\Public\Desktop\Samsung PC Studio 7.lnk
[2010/10/18 21:42:46 | 000,144,854 | ---- | M] () -- C:\Users\Mum\Desktop\Sona s2 LOL.jpg
[2010/10/18 02:26:04 | 000,180,562 | ---- | M] () -- C:\Users\Mum\Desktop\Akali finished build.jpg
[2010/10/16 21:53:11 | 000,154,104 | ---- | M] () -- C:\Users\Mum\Desktop\Sona s2.jpg
[2010/10/15 14:17:18 | 005,859,883 | ---- | M] () -- C:\Users\Mum\Desktop\Far East Movement Ft. Mohombi - She Owns The Night.mp3
[2010/10/15 14:17:13 | 008,124,379 | ---- | M] () -- C:\Users\Mum\Desktop\Jessica Mauboy Ft. Jay Sean - What Happened To Us.mp3
[2010/10/15 14:14:03 | 004,899,391 | ---- | M] () -- C:\Users\Mum\Desktop\Bruno Mars - Today My Life Begins.mp3
[2010/10/15 14:13:47 | 002,865,648 | ---- | M] () -- C:\Users\Mum\Desktop\Lady Gaga - Nothin On (But The Radio).mp3
[2010/10/15 14:10:35 | 004,797,700 | ---- | M] () -- C:\Users\Mum\Desktop\Francisco - Still My Love (Prod. by Oddz N Endtz).mp3
[2010/10/15 14:08:12 | 002,813,202 | ---- | M] () -- C:\Users\Mum\Desktop\Shay ft. Stevie Hoang - Youre Beautiful (2010).mp3
[2010/10/11 18:12:38 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/10/08 15:57:54 | 000,143,184 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxDrv.sys
[2010/10/08 15:57:54 | 000,111,568 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxNetFlt.sys
[2010/10/08 15:57:54 | 000,100,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxNetAdp.sys
[2010/10/08 15:57:54 | 000,041,936 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSBMon.sys
[2010/10/08 15:57:54 | 000,031,888 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSB.sys
[2010/10/08 15:57:52 | 000,133,648 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\VBoxNetFltNotify.dll
[2010/10/05 15:01:16 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2010/10/05 09:19:36 | 000,001,593 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2010/10/05 09:11:47 | 010,200,127 | ---- | M] (Igor Pavlov) -- C:\Users\Mum\Desktop\vpnclient-win-msi-5.0.05.0290-student.exe
[2010/10/05 09:08:31 | 000,130,560 | ---- | M] () -- C:\Users\Mum\Desktop\Printing from UniWireless.doc
[2010/10/04 22:32:37 | 000,000,602 | ---- | M] () -- C:\Users\Mum\Desktop\vpumlee.zvpl
[2010/10/04 22:27:15 | 000,000,134 | ---- | M] () -- C:\Users\Mum\.vpinstall.properties
[2010/10/04 22:21:28 | 000,000,137 | ---- | M] () -- C:\Users\Mum\.vpsuite_installation.xml
[2010/10/04 19:24:02 | 000,088,659 | ---- | M] () -- C:\Users\Mum\Desktop\Funny Fish.jpg

========== Files Created - No Company Name ==========

[2010/10/30 17:34:00 | 098,021,486 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/10/29 22:41:57 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/29 22:36:00 | 000,002,039 | ---- | C] () -- C:\Users\Mum\Desktop\Google Chrome.lnk
[2010/10/29 22:36:00 | 000,002,001 | ---- | C] () -- C:\Users\Mum\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/29 22:28:48 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/29 01:02:39 | 046,851,570 | ---- | C] () -- C:\Users\Mum\Desktop\Junes Hottest 2010 Top 20.rar.crdownload
[2010/10/29 01:00:14 | 051,852,493 | ---- | C] () -- C:\Users\Mum\Desktop\July Jamz Top 20 2010.rar.crdownload
[2010/10/27 22:07:02 | 004,803,396 | ---- | C] () -- C:\Users\Mum\Desktop\Lupe Fiasco - Show Goes On (Prod. by Kane Beatz).mp3
[2010/10/27 21:59:11 | 005,008,525 | ---- | C] () -- C:\Users\Mum\Desktop\Nelly Ft. Akon & T-Pain - Move That Body (Mastered).mp3
[2010/10/27 19:39:11 | 000,000,848 | ---- | C] () -- C:\Users\Mum\Desktop\Virtual DJ Home.lnk
[2010/10/27 19:07:58 | 000,000,837 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/27 18:55:12 | 001,597,836 | ---- | C] () -- C:\Users\Mum\Desktop\Far East Movement - 2 is Better.mp3
[2010/10/27 18:52:10 | 004,744,722 | ---- | C] () -- C:\Users\Mum\Desktop\Far East Movement - White Flag (ft. Kayla Kai).mp3
[2010/10/25 19:28:13 | 000,051,475 | ---- | C] () -- C:\Users\Mum\Desktop\Hayden.jpg
[2010/10/24 09:36:03 | 008,376,320 | ---- | C] () -- C:\Users\Mum\Desktop\Usher - OMG.mp3
[2010/10/24 09:33:06 | 005,294,270 | ---- | C] () -- C:\Users\Mum\Desktop\Usher feat Pitbull - DJ Got Us Falling In Love Again.mp3
[2010/10/20 11:46:17 | 000,209,046 | ---- | C] () -- C:\Users\Mum\Desktop\JustinBieber.png
[2010/10/19 02:16:27 | 005,472,365 | ---- | C] () -- C:\Users\Mum\Desktop\Symbian_ROM_Flashing_Tool_v1.50.exe
[2010/10/19 02:15:59 | 000,000,972 | ---- | C] () -- C:\Users\Mum\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2010/10/19 02:15:59 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2010/10/19 02:06:53 | 000,829,595 | ---- | C] () -- C:\Users\Mum\Desktop\Samsung-I8910_Omnia_HD-flasher-1.50-Symbian_ROM_Flashing_Tool_v1.50.exe
[2010/10/19 01:56:59 | 012,566,499 | ---- | C] () -- C:\Users\Mum\Desktop\HyperX.rar
[2010/10/18 23:12:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/10/18 22:53:49 | 000,002,535 | ---- | C] () -- C:\Users\Public\Desktop\Samsung PC Studio 7.lnk
[2010/10/18 21:42:46 | 000,144,854 | ---- | C] () -- C:\Users\Mum\Desktop\Sona s2 LOL.jpg
[2010/10/18 17:25:19 | 005,312,479 | ---- | C] () -- C:\Users\Mum\Desktop\Far East Movement ft. Keri Hilson - Don’t Look Now.mp3
[2010/10/18 02:26:04 | 000,180,562 | ---- | C] () -- C:\Users\Mum\Desktop\Akali finished build.jpg
[2010/10/16 21:53:11 | 000,154,104 | ---- | C] () -- C:\Users\Mum\Desktop\Sona s2.jpg
[2010/10/15 14:17:17 | 005,859,883 | ---- | C] () -- C:\Users\Mum\Desktop\Far East Movement Ft. Mohombi - She Owns The Night.mp3
[2010/10/15 14:17:13 | 008,124,379 | ---- | C] () -- C:\Users\Mum\Desktop\Jessica Mauboy Ft. Jay Sean - What Happened To Us.mp3
[2010/10/15 14:10:17 | 002,865,648 | ---- | C] () -- C:\Users\Mum\Desktop\Lady Gaga - Nothin On (But The Radio).mp3
[2010/10/15 14:08:56 | 004,899,391 | ---- | C] () -- C:\Users\Mum\Desktop\Bruno Mars - Today My Life Begins.mp3
[2010/10/15 14:05:38 | 002,813,202 | ---- | C] () -- C:\Users\Mum\Desktop\Shay ft. Stevie Hoang - Youre Beautiful (2010).mp3
[2010/10/15 14:04:58 | 004,797,700 | ---- | C] () -- C:\Users\Mum\Desktop\Francisco - Still My Love (Prod. by Oddz N Endtz).mp3
[2010/10/05 14:18:36 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2010/10/05 09:17:18 | 000,001,593 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2010/10/05 09:08:30 | 000,130,560 | ---- | C] () -- C:\Users\Mum\Desktop\Printing from UniWireless.doc
[2010/10/04 22:32:39 | 000,000,602 | ---- | C] () -- C:\Users\Mum\Desktop\vpumlee.zvpl
[2010/10/04 22:21:28 | 000,000,137 | ---- | C] () -- C:\Users\Mum\.vpsuite_installation.xml
[2010/10/04 22:17:43 | 000,000,134 | ---- | C] () -- C:\Users\Mum\.vpinstall.properties
[2010/10/04 19:24:01 | 000,088,659 | ---- | C] () -- C:\Users\Mum\Desktop\Funny Fish.jpg
[2010/07/05 01:17:16 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/02/10 11:49:11 | 000,000,211 | ---- | C] () -- C:\Windows\WinHelp.ini
[2009/11/26 15:57:16 | 000,000,680 | ---- | C] () -- C:\Users\Mum\AppData\Local\d3d9caps.dat
[2009/10/31 20:59:51 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/09/24 13:42:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/15 22:46:20 | 000,000,600 | ---- | C] () -- C:\Users\Mum\AppData\Local\PUTTY.RND
[2009/09/11 13:00:41 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/09/11 13:00:41 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/09/07 12:19:37 | 000,036,725 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/07 12:11:53 | 000,036,725 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/28 17:37:30 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/04/23 17:02:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008/04/01 18:13:57 | 001,807,744 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/05/09 18:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2006/11/02 23:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 13:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/10/06 14:46:41 | 000,000,021

HaydenYi 0 Newbie Poster · Answer 4 · 2010-10-30T13:28:08+00:00

My Extras.txt says

OTL Extras logfile created on: 30/10/2010 6:06:34 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Mum\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3787611084-2302980398-4238082244-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0436399C-E013-4981-B085-4931242D4DE8}" = lport=8377 | protocol=6 | dir=in | name=league of legends launcher |
"{08699530-DD84-462A-B32D-05F535914856}" = lport=139 | protocol=6 | dir=in | app=system |
"{12DC1E8A-401B-43D3-AC1F-EF7C46012B1D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{13A77B50-9F2A-477A-B54C-ACCB8A07409F}" = rport=137 | protocol=17 | dir=out | app=system |
"{2E6F9844-3DA8-4AFC-B7FD-A32ACDA9A72F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3017FEA6-F548-44DB-B01F-2B1AB107D859}" = lport=10243 | protocol=6 | dir=in | app=system |
"{32D7E184-DF6F-43CF-BACC-14C4BB84D96F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3A5812FF-6E67-4FC7-B0E1-6082D8ED93B7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{48045C01-6DA5-4989-92E6-2386D9F8AA99}" = lport=2869 | protocol=6 | dir=in | app=system |
"{481022C0-0B85-44F9-ABC1-895D5F622934}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{589DFA13-BF51-469B-A165-FC027D7CFE90}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E0E1A76-FFEE-4DD3-9321-68F1EED16120}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8B2C8682-600C-4D02-8189-BF9884452B4A}" = lport=138 | protocol=17 | dir=in | app=system |
"{8D71886B-098C-4159-8491-26098F38FC09}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95381D7B-0007-4FDE-8FB6-E948D2A8E776}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9C522868-BB54-4D6F-BB84-1933C65520D3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9C66142A-5A46-40BB-9290-4FCD94AA8136}" = rport=138 | protocol=17 | dir=out | app=system |
"{9F332B25-852D-4251-9780-300546997AB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A1BEC60E-1BDC-4937-AE0D-A2D22D4BCBD5}" = rport=445 | protocol=6 | dir=out | app=system |
"{A563BB28-04B2-4B4C-8AF8-9386009809B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A684B2A0-168C-4F45-81B9-D9EA9B16E07B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{B2312ABC-9BB3-4D73-9108-78D3453F674B}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
"{BCBBE9B0-8FDE-4A2B-A3A9-71AA22E65CB2}" = rport=139 | protocol=6 | dir=out | app=system |
"{C08E7197-3E22-4B56-A56E-112601248E72}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C0C715E9-D909-45EA-A88D-CD2BB2A6FB65}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C41F85E1-5DEB-4409-ACC5-74B315131627}" = lport=8377 | protocol=17 | dir=in | name=league of legends launcher |
"{DCB0373F-0D44-4CF1-AA42-903085BD21B7}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
"{DFF29A46-979D-464F-996A-9E2F40B5A08E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E926F9E9-F5EF-498E-ADB4-6369B5462823}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F21E79-9CFD-4696-B1D6-119557B7CB01}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{058244EA-8037-4B2B-931D-58AA01421A99}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{10964D7C-0A67-47DB-974F-384384B9F1EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{15E6D7EE-30AB-4C96-A251-EB4F23AA5218}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19B7DE8D-004C-49D7-B0A4-6DBDB047B09E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1BAC48B4-0003-450B-8604-E9160AEB88E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1C8200FD-545F-42A3-8BF8-E249CEB2BCF9}" = protocol=6 | dir=in | app=c:\program files\kdisk.co.kr\kdisk(fast)\expressservice.exe |
"{1F1CBF7F-A6B3-4FA1-A54C-13B520A081BB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{236F85A5-8604-4935-AA95-7A92E76C2B8D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2C88AEA8-F9C1-462C-8BF8-B9E729D594D3}" = protocol=6 | dir=in | app=c:\windows\system32\mnetvsvr.exe |
"{2DD28FBF-DF66-408D-8FCE-5EC7E28BD3AD}" = protocol=17 | dir=in | app=c:\program files\kdisk.co.kr\kdisk(fast)\expressservice.exe |
"{3045996C-7245-42FB-B6C5-8BB5161D5693}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{30ABBB14-6DBB-4A3C-AC0E-6E95B4764768}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{32440BE3-3546-4C3E-B3E8-AA7FBF506E37}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{38C72D28-879E-4F16-A164-1DF10F2B3865}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{38CF54C4-231A-4E20-BEF6-5962D19A0BA7}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{3D89E8BB-C1C3-48C6-B1D0-E71F9846BA02}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{3DE9E5B4-9E20-47C8-AB7B-1D7DEE4FB494}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{41914DB7-71CE-485F-B579-FAB0010B70E3}" = protocol=17 | dir=in | app=c:\users\mum\desktop\steam\steam.exe |
"{44D28875-06A4-4736-8759-0EDB18C7711D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{4A61950E-37D6-47F7-9FF9-7229EF760837}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{4FDDF504-C548-4092-A3A7-EB9B86AEC2C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51D6098D-0332-42CC-A147-FFFB967A32C1}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{5CEE15A1-A835-4063-8128-733AF6CE369E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{5EA6C12D-F8E1-40D7-8140-3C8E4CEDC7D5}" = protocol=6 | dir=in | app=c:\users\mum\desktop\steam\steam.exe |
"{5FC702A8-6787-4ADA-A118-15690D5DED98}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65D98D77-1F38-4455-8509-F5BAC5818CE1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{679C1865-DBB2-47A7-AFC0-ED227639F04E}" = protocol=6 | dir=in | app=d:\football manager 2009\fm.exe |
"{67A0076D-91FE-41F4-9524-978D6C8C14DB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6AE9BEAA-0E0C-403E-AF2A-711ABB9C06A9}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{70078D1D-4494-4432-90CD-DF77CE4ED70A}" = protocol=17 | dir=in | app=d:\football manager 2009\fm.exe |
"{7838EF4E-0614-4790-8007-5114C2FEFA29}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E615D15-2B49-4342-8CB2-B08732C3C8D6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7EAF9E9D-6F37-48DD-B39F-8212BBBE3A75}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{813E73CB-5412-47FC-BBA5-02E4299F4F45}" = protocol=6 | dir=out | app=system |
"{8E1BFB3D-726F-4FDD-821F-B153A713A893}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9105332E-F78C-4B62-ABE5-57412A12726C}" = protocol=17 | dir=in | app=c:\windows\system32\mnetasvr.exe |
"{9542A364-5BA8-4E8B-9BCC-67C27D8F9EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9D3F4F18-FC18-4407-92B6-A292AD54AB4B}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{9E1DD8C2-8286-4C4E-8A0A-81ED25088C29}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A34FD581-E67F-4673-AB6A-536D8F16D0A3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A520043D-9928-49B8-9EFA-C8B5E79C64F0}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{A8A9C601-660B-4C60-9BF4-3B7A3A36A0F8}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{B44D6199-C551-4012-88F8-A52CB2EA85B9}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{B4852E94-BAE5-454E-9012-6651F19ED8B0}" = protocol=6 | dir=in | app=c:\windows\system32\mnetasvr.exe |
"{BB7B94BC-CFCE-41F3-BFA5-C20EFF19DE35}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C02DEC23-38E7-4B8B-8BE3-6F9C56B1D1F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5121390-B9F4-4692-8688-694A1C98BC91}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{C72E3489-CB5A-4122-8928-4D8DD7AA276B}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C79CC4C1-5603-4A89-8DAA-08989B719C9C}" = protocol=17 | dir=in | app=c:\windows\system32\mnetvsvr.exe |
"{D78088CB-C57E-4F80-9E2E-B6D30C1273BE}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{E42938A4-64BA-49A6-87F3-E92BAED22520}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F03BE6AF-6FD2-44EB-B1D3-134050745DD5}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{F594C2AD-FE01-4CDC-8253-007C4BAE3A0D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F5F4D3FB-FAFB-4640-B00F-8A3D210BABF6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FB8F03AB-E90F-4843-A482-B61024EE5690}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{FF9BEC00-690A-42BE-9ECD-B8C3963B3D56}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"TCP Query User{0B4BB608-5CA7-449F-9422-EB54965AC644}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4D14667A-A1BF-41BF-B769-CEB1F84C1D5C}C:\users\mum\desktop\hayden\utorrent.exe" = protocol=6 | dir=in | app=c:\users\mum\desktop\hayden\utorrent.exe |
"TCP Query User{6B17FE1D-186E-4F16-A992-A89FF511C1E8}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"TCP Query User{7D2FA7A5-ADDE-4CA7-969B-90BDF4A5EEAF}C:\program files\ijji\ijji reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files\ijji\ijji reactor\reactor.exe |
"TCP Query User{8673174C-CA33-4EFA-A151-36D34D4382AE}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{869EA35D-FAED-40E2-B0CD-5BF1429D32A0}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{8DA1C5EA-BB13-44A5-8E41-064CD22A27C2}C:\users\mum\desktop\steam\steamapps\hardy213\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\users\mum\desktop\steam\steamapps\hardy213\counter-strike source\hl2.exe |
"TCP Query User{97773F1D-2947-495C-871A-091C166F3CB3}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{982A14B1-81AA-455F-8FD6-2CAB6DD8D161}C:\program files\byond\bin\byond.exe" = protocol=6 | dir=in | app=c:\program files\byond\bin\byond.exe |
"TCP Query User{B4FED14D-0400-459A-AEB9-5E5FA69FDD01}C:\program files\kdisk.co.kr\kdisk(fast)\kdiskdown.exe" = protocol=6 | dir=in | app=c:\program files\kdisk.co.kr\kdisk(fast)\kdiskdown.exe |
"UDP Query User{03D6EFC4-91A1-4E19-8184-8C885BA500E8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2FC798BA-3C17-43B6-9896-2485F3F10E9A}C:\program files\kdisk.co.kr\kdisk(fast)\kdiskdown.exe" = protocol=17 | dir=in | app=c:\program files\kdisk.co.kr\kdisk(fast)\kdiskdown.exe |
"UDP Query User{4A55CB59-B52F-4971-A445-B2049FBBDD6E}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"UDP Query User{692E6A85-31B2-46B6-A2AD-DC0CE8E448E4}C:\users\mum\desktop\hayden\utorrent.exe" = protocol=17 | dir=in | app=c:\users\mum\desktop\hayden\utorrent.exe |
"UDP Query User{967B64C7-E488-4CB3-BBFA-8F71EB68E412}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{9DBA6FD8-30A4-4CE1-85AF-15EA3EF8AA74}C:\program files\ijji\ijji reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files\ijji\ijji reactor\reactor.exe |
"UDP Query User{9FA44858-B9E1-4857-9ECA-0FE004F5948D}C:\users\mum\desktop\steam\steamapps\hardy213\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\users\mum\desktop\steam\steamapps\hardy213\counter-strike source\hl2.exe |
"UDP Query User{DC849828-A27C-4BB4-934D-7304DA583D89}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{ECA57932-555F-4731-BCC1-3EE90ED097FB}C:\program files\byond\bin\byond.exe" = protocol=17 | dir=in | app=c:\program files\byond\bin\byond.exe |
"UDP Query User{F1AB9F12-0675-4E98-AB14-5F38ECA808BB}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0323CB96-221A-4042-84A3-93EDE47099FC}" = AVG 2011
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1A258E63-8DF5-4ADB-9832-38A0121D65EB}" = AVG 2011
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}" = Express Gate
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6EBF5C73-D05A-485D-AB60-E557F9947359}" = Oracle VM VirtualBox 3.2.10
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{919F3D91-8374-410F-932B-A126F2C85426}" = e-tax 2009
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A23E5590-6799-437B-9723-2627BA800B6F}" = Dolby Control Center
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB6F6C80-1C35-4672-BDEF-F26FF214C409}" = Samsung PC Studio 7
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE12677C-F7D2-45A8-BBF9-0FC0B972EDC3}" = League of Legends
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"AVG" = AVG 2011
"AviSynth" = AviSynth 2.5
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"DoubleDesktop" = DoubleDesktop
"Dragonica(EU)" = Dragonica(EU)
"DtsFilter" = DTS+AC3 Filter
"EPSON TX110 Series" = EPSON TX110 Series Printer Uninstall
"Football Manager 2009" = Football Manager 2009
"GOM Player" = GOM Player
"Gunz" = ijji - Gunz
"HiDownload_is1" = HiDownload
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.1
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mnet P3Modules" = ÅëÇÕ À¥ÇÃ·¹ÀÌ¾î 2.0
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mozilla Firefox (3.6b2)" = Mozilla Firefox (3.6b2)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Orb" = Winamp Remote
"Pen Tablet Driver" = Pen Tablet
"Picasa2" = Picasa 2
"PROR" = Microsoft Office Professional 2007
"RealPlayer 12.0" = RealPlayer
"Samsung PC Studio 7" = Samsung PC Studio 7
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.2 for Windows
"SopCast" = SopCast 3.2.4
"ST6UNST #1" = Hazard Perception Test Demo
"ST6UNST #2" = Hazard Perception Test Demo (C:\Clt\)
"ST6UNST #3" = Hazard Perception Test Demo (C:\Clt\) #3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"uTorrent" = µTorrent
"Videora iPhone 3G S Converter" = Videora iPhone 3G S Converter 4.08
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VLC media player" = VLC media player 1.0.1
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.9

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3787611084-2302980398-4238082244-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/10/2010 7:15:41 AM | Computer Name = DevilFish | Source = Windows Search Service | ID = 3013
Description =

Error - 29/10/2010 8:11:17 AM | Computer Name = DevilFish | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x0004714e, process id 0x55c, application
start time 0x01cb775a39fedd50.

Error - 29/10/2010 8:13:29 AM | Computer Name = DevilFish | Source = WinMgmt | ID = 10
Description =

Error - 29/10/2010 8:17:06 AM | Computer Name = DevilFish | Source = WinMgmt | ID = 10
Description =

Error - 29/10/2010 8:26:51 AM | Computer Name = DevilFish | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x0004714e, process id 0x574, application
start time 0x01cb776311c7ac01.

Error - 29/10/2010 8:28:52 AM | Computer Name = DevilFish | Source = WinMgmt | ID = 10
Description =

Error - 29/10/2010 8:40:20 AM | Computer Name = DevilFish | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x0004714e, process id 0x1134, application
start time 0x01cb7764a4424f31.

Error - 30/10/2010 2:28:58 AM | Computer Name = DevilFish | Source = WinMgmt | ID = 10
Description =

Error - 30/10/2010 3:08:07 AM | Computer Name = DevilFish | Source = SPP | ID = 16387
Description =

Error - 30/10/2010 3:08:07 AM | Computer Name = DevilFish | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 29/10/2010 8:29:06 AM | Computer Name = DevilFish | Source = Service Control Manager | ID = 7032
Description =

Error - 29/10/2010 8:29:06 AM | Computer Name = DevilFish | Source = Service Control Manager | ID = 7032
Description =

Error - 29/10/2010 8:31:09 AM | Computer Name = DevilFish | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 29/10/2010 8:44:33 AM | Computer Name = DevilFish | Source = DCOM | ID = 10005
Description =

Error - 29/10/2010 8:45:03 AM | Computer Name = DevilFish | Source = DCOM | ID = 10005
Description =

Error - 30/10/2010 2:27:53 AM | Computer Name = DevilFish | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:20:10 AM on 30/10/2010 was unexpected.

Error - 30/10/2010 2:28:58 AM | Computer Name = DevilFish | Source = Service Control Manager | ID = 7000
Description =

Error - 30/10/2010 2:28:58 AM | Computer Name = DevilFish | Source = Service Control Manager | ID = 7026
Description =

Error - 30/10/2010 2:30:33 AM | Computer Name = DevilFish | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

< End of report >

HaydenYi 0 Newbie Poster · Answer 5 · 2010-10-30T15:22:48+00:00

Sorry for taking so long, i keep getting blue screen when i run GMER. I think it's the virus kicking in every time

OTL results:

All processes killed
========== FILES ==========
========== OTL ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User

User: Kevin
->Flash cache emptied: 0 bytes

User: Mum
->Flash cache emptied: 543 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User

User: Kevin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mum
->Temp folder emptied: 5883573 bytes
->Temporary Internet Files folder emptied: 34628 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35482687 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 558236 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 41.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.1 log created on 10302010_202924

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

HaydenYi 0 Newbie Poster · Answer 6 · 2010-10-30T15:39:26+00:00

OTL after fix scan

OTL logfile created on: 30/10/2010 8:35:15 PM - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Mum\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

========== Processes (SafeList) ==========

PRC - [2010/10/30 18:04:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mum\Desktop\OTL.exe
PRC - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/06 17:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/06 17:24:36 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/06 17:24:08 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/02 18:13:26 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/02 18:13:26 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/29 01:16:48 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/23 15:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/11/23 15:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/11/23 15:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009/11/23 15:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009/09/10 18:42:13 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/02 20:41:38 | 001,236,992 | ---- | M] (ExpressService) -- C:\Program Files\kdisk.co.kr\Kdisk(fast)\ExpressService.exe
PRC - [2009/04/11 17:28:15 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/04/11 17:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/27 16:37:24 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2008/12/06 01:48:08 | 000,699,392 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe
PRC - [2008/10/15 02:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2008/08/12 19:21:11 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/07/19 14:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/07/10 12:09:26 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008/06/18 17:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/06/04 12:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/03/18 15:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/03/10 09:58:18 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/02/22 09:11:02 | 000,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/02/02 10:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2008/01/24 10:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2008/01/24 05:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2008/01/12 17:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe
PRC - [2007/12/05 05:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007/12/01 06:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/11/05 14:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007/10/03 16:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe
PRC - [2007/09/18 11:05:08 | 000,040,960 | ---- | M] ( ) -- C:\Program Files\ASUS\ATK Media\GPSWatch.exe
PRC - [2007/08/17 17:40:29 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/16 06:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 19:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/04 07:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007/07/06 11:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007/05/24 16:06:56 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2005/07/07 10:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe

========== Modules (SafeList) ==========

MOD - [2010/10/30 18:04:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mum\Desktop\OTL.exe
MOD - [2010/09/01 02:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/02 18:13:26 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 22:19:10 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/12/04 10:29:00 | 003,377,880 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/11/23 15:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/11/23 15:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/09/25 12:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/02 20:41:38 | 001,236,992 | ---- | M] (ExpressService) [Auto | Running] -- C:\Program Files\kdisk.co.kr\Kdisk(fast)\ExpressService.exe -- (ExpressService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/03/18 15:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 13:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 16:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007/08/08 19:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/04 07:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\WacomVKHid.sys -- (WacomVKHid)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - [2010/10/08 15:57:54 | 000,143,184 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010/10/08 15:57:54 | 000,111,568 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2010/10/08 15:57:54 | 000,100,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/10/08 15:57:54 | 000,041,936 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2010/10/08 15:57:54 | 000,031,888 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/07/10 09:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/22 09:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/07/09 13:16:04 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/07/04 01:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/05/20 11:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/01/13 10:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/06 12:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/08/28 17:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/08/12 19:09:47 | 002,159,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/22 13:21:07 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/07/08 21:32:51 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/03 17:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/04/01 18:13:57 | 001,807,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/03/21 15:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/21 13:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 13:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 13:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 13:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 13:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 13:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 13:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 13:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 13:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 13:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 13:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 13:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 13:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 13:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 13:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 13:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 13:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 13:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 13:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 13:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 13:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 13:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 13:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 13:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 13:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/08/17 18:12:27 | 000,190,512 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/08/03 15:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007/07/25 06:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007/05/02 16:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsa.sys -- (nmwcdsa)
DRV - [2007/05/02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacm.sys -- (nmwcdsacm)
DRV - [2007/05/02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacj.sys -- (nmwcdsacj)
DRV - [2007/05/02 16:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsac.sys -- (nmwcdsac)
DRV - [2007/02/16 12:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/12/14 18:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/02 20:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 20:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 20:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 20:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 20:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 20:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 20:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 20:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 20:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 20:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 20:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 19:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 19:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 19:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 19:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 19:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 19:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 18:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 18:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 18:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://www.unimelb.edu.au/cgi-bin/proxy.pac

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.wolframalpha.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.93
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..network.proxy.autoconfig_url: "http://www.unimelb.edu.au/cgi-bin/proxy.pac"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/27 19:06:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/18 01:48:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/18 01:48:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b2\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 2\components [2010/08/18 01:48:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 2\plugins [2010/08/18 01:48:25 | 000,000,000 | ---D | M]

[2009/09/13 19:10:13 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Mozilla\Extensions
[2010/10/29 23:25:55 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions
[2009/09/13 19:37:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/08 23:33:10 | 000,000,000 | ---D | M] () -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2010/05/04 01:14:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/30 21:51:41 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/03/14 09:03:22 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions\firebug@software.joehewitt.com
[2010/01/30 21:51:41 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions\personas@christopher.beard
[2009/08/28 23:45:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/31 20:05:32 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
[2008/11/19 00:04:58 | 000,189,952 | ---- | M] ((주) 그래텍) -- C:\Program Files\Mozilla Firefox\plugins\NPGomtvx_nie.dll

O1 HOSTS File: ([2010/10/30 20:29:29 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON TX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBP.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [S60 PC Suite Tray] C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: msn.com ([*.contacts] https in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([*.storage] https in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3777C31D-20BE-4D86-A566-E63D37BD2798} http://www.kdisk.co.kr/mmsv/KdiskWebControl.CAB (Kdisk File Control1)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8C165CC2-E50D-4D99-9D32-DAF6AB15AA32} http://patch.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2_20090923.cab (MnetHelper6 Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mum\Pictures\abstract-art-wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mum\Pictures\abstract-art-wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{19fd33c8-ae59-11de-a63e-0023545f47dc}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{6bc18bc5-741d-11df-8266-0023545f47dc}\Shell - "" = AutoRun
O33 - MountPoints2\{6bc18bc5-741d-11df-8266-0023545f47dc}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/30 18:54:50 | 000,000,000 | ---D | C] -- C:\Users\Mum\Desktop\New Folder
[2010/10/30 18:46:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/30 18:04:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Mum\Desktop\OTL.exe
[2010/10/29 22:42:09 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Roaming\Malwarebytes
[2010/10/29 22:41:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/29 22:41:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/29 22:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/29 22:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/29 22:40:40 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mum\Desktop\mbam-setup-1.46.exe
[2010/10/29 01:14:31 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/10/28 09:13:15 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Roaming\AVG
[2010/10/28 09:10:11 | 000,000,000 | ---D | C] -- C:\Users\Mum\Desktop\AVG PC Tuneup 2011
[2010/10/28 09:08:42 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Roaming\AVG10
[2010/10/27 19:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2010/10/27 19:08:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/10/27 19:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/10/27 19:06:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/10/27 19:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/10/27 18:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/26 10:17:36 | 000,000,000 | ---D | C] -- C:\Users\Mum\Documents\Sports Interactive
[2010/10/26 10:17:35 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Roaming\Sports Interactive
[2010/10/20 18:07:58 | 000,000,000 | ---D | C] -- C:\Users\Mum\Desktop\Songs
[2010/10/19 02:25:09 | 000,000,000 | ---D | C] -- C:\Users\Mum\Desktop\HyperX
[2010/10/19 02:18:04 | 000,000,000 | ---D | C] -- C:\Users\Mum\.VirtualBox
[2010/10/19 02:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2010/10/18 23:12:48 | 000,000,000 | ---D | C] -- C:\Users\Mum\Desktop\Samsung Backup
[2010/10/18 22:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010/10/18 22:55:14 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Roaming\PC Suite
[2010/10/18 22:55:13 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Roaming\Samsung
[2010/10/18 22:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010/10/18 22:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/10/18 22:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/10/18 22:41:27 | 000,021,632 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010/10/18 22:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/10/18 22:36:51 | 000,090,624 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2010/10/18 22:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/10/18 22:35:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010/10/18 19:54:12 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Local\Windows Live
[2010/10/05 09:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2010/10/05 09:11:41 | 010,200,127 | ---- | C] (Igor Pavlov) -- C:\Users\Mum\Desktop\vpnclient-win-msi-5.0.05.0290-student.exe
[2010/10/04 22:27:11 | 000,000,000 | ---D | C] -- C:\Users\Mum\.vplls
[2010/10/04 22:26:17 | 000,000,000 | ---D | C] -- C:\Users\Mum\vpworkspace
[2008/06/03 17:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2010/10/30 20:38:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1B61112F-E66A-477A-AFE2-4191BC20A530}.job
[2010/10/30 20:37:48 | 000,604,520 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/30 20:37:48 | 000,107,796 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/30 20:32:06 | 000,036,725 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/10/30 20:32:05 | 000,036,725 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/10/30 20:31:20 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010/10/30 20:31:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/30 20:31:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/30 20:30:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/30 20:29:29 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/10/30 20:24:34 | 342,437,046 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/30 20:19:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3787611084-2302980398-4238082244-1001UA.job
[2010/10/30 19:28:56 | 000,925,064 | ---- | M] () -- C:\Users\Mum\Desktop\Norton_Removal_Tool.exe
[2010/10/30 19:25:22 | 000,294,912 | ---- | M] () -- C:\Users\Mum\Desktop\k2dl92rj.exe
[2010/10/30 18:04:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mum\Desktop\OTL.exe
[2010/10/30 17:34:00 | 098,021,486 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/10/29 22:41:57 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/29 22:40:55 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mum\Desktop\mbam-setup-1.46.exe
[2010/10/29 22:36:00 | 000,002,039 | ---- | M] () -- C:\Users\Mum\Desktop\Google Chrome.lnk
[2010/10/29 22:36:00 | 000,002,001 | ---- | M] () -- C:\Users\Mum\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/29 22:28:48 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/29 22:19:02 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3787611084-2302980398-4238082244-1001Core.job
[2010/10/28 09:18:15 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/28 09:06:51 | 000,385,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/27 22:07:46 | 004,803,396 | ---- | M] () -- C:\Users\Mum\Desktop\Lupe Fiasco - Show Goes On (Prod. by Kane Beatz).mp3
[2010/10/27 21:59:25 | 005,008,525 | ---- | M] () -- C:\Users\Mum\Desktop\Nelly Ft. Akon & T-Pain - Move That Body (Mastered).mp3
[2010/10/27 19:39:11 | 000,000,848 | ---- | M] () -- C:\Users\Mum\Desktop\Virtual DJ Home.lnk
[2010/10/27 18:55:40 | 001,597,836 | ---- | M] () -- C:\Users\Mum\Desktop\Far East Movement - 2 is Better.mp3
[2010/10/27 18:54:08 | 004,744,722 | ---- | M] () -- C:\Users\Mum\Desktop\Far East Movement - White Flag (ft. Kayla Kai).mp3
[2010/10/25 19:28:07 | 000,051,475 | ---- | M] () -- C:\Users\Mum\Desktop\Hayden.jpg
[2010/10/24 09:38:48 | 008,376,320 | ---- | M] () -- C:\Users\Mum\Desktop\Usher - OMG.mp3
[2010/10/24 09:35:31 | 005,294,270 | ---- | M] () -- C:\Users\Mum\Desktop\Usher feat Pitbull - DJ Got Us Falling In Love Again.mp3
[2010/10/20 11:46:17 | 000,209,046 | ---- | M] () -- C:\Users\Mum\Desktop\JustinBieber.png
[2010/10/20 01:17:23 | 005,312,479 | ---- | M] () -- C:\Users\Mum\Desktop\Far East Movement ft. Keri Hilson - Don’t Look Now.mp3
[2010/10/19 02:15:59 | 000,000,972 | ---- | M] () -- C:\Users\Mum\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2010/10/19 02:15:59 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2010/10/19 02:06:57 | 000,829,595 | ---- | M] () -- C:\Users\Mum\Desktop\Samsung-I8910_Omnia_HD-flasher-1.50-Symbian_ROM_Flashing_Tool_v1.50.exe
[2010/10/19 02:01:25 | 012,566,499 | ---- | M] () -- C:\Users\Mum\Desktop\HyperX.rar
[2010/10/18 23:12:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/10/18 22:55:12 | 000,002,535 | ---- | M] () -- C:\Users\Public\Desktop\Samsung PC Studio 7.lnk
[2010/10/15 14:17:18 | 005,859,883 | ---- | M] () -- C:\Users\Mum\Desktop\Far East Movement Ft. Mohombi - She Owns The Night.mp3
[2010/10/15 14:17:13 | 008,124,379 | ---- | M] () -- C:\Users\Mum\Desktop\Jessica Mauboy Ft. Jay Sean - What Happened To Us.mp3
[2010/10/15 14:14:03 | 004,899,391 | ---- | M] () -- C:\Users\Mum\Desktop\Bruno Mars - Today My Life Begins.mp3
[2010/10/15 14:13:47 | 002,865,648 | ---- | M] () -- C:\Users\Mum\Desktop\Lady Gaga - Nothin On (But The Radio).mp3
[2010/10/15 14:10:35 | 004,797,700 | ---- | M] () -- C:\Users\Mum\Desktop\Francisco - Still My Love (Prod. by Oddz N Endtz).mp3
[2010/10/15 14:08:12 | 002,813,202 | ---- | M] () -- C:\Users\Mum\Desktop\Shay ft. Stevie Hoang - Youre Beautiful (2010).mp3
[2010/10/11 18:12:38 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/10/05 15:01:16 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2010/10/05 09:19:36 | 000,001,593 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2010/10/05 09:11:47 | 010,200,127 | ---- | M] (Igor Pavlov) -- C:\Users\Mum\Desktop\vpnclient-win-msi-5.0.05.0290-student.exe
[2010/10/05 09:08:31 | 000,130,560 | ---- | M] () -- C:\Users\Mum\Desktop\Printing from UniWireless.doc
[2010/10/04 22:32:37 | 000,000,602 | ---- | M] () -- C:\Users\Mum\Desktop\vpumlee.zvpl
[2010/10/04 22:27:15 | 000,000,134 | ---- | M] () -- C:\Users\Mum\.vpinstall.properties
[2010/10/04 22:21:28 | 000,000,137 | ---- | M] () -- C:\Users\Mum\.vpsuite_installation.xml
[2010/10/04 19:24:02 | 000,088,659 | ---- | M] () -- C:\Users\Mum\Desktop\Funny Fish.jpg

========== Files Created - No Company Name ==========

[2010/10/30 19:30:50 | 342,437,046 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/30 19:28:28 | 000,925,064 | ---- | C] () -- C:\Users\Mum\Desktop\Norton_Removal_Tool.exe
[2010/10/30 19:25:18 | 000,294,912 | ---- | C] () -- C:\Users\Mum\Desktop\k2dl92rj.exe
[2010/10/30 17:34:00 | 098,021,486 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/10/29 22:41:57 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/29 22:36:00 | 000,002,039 | ---- | C] () -- C:\Users\Mum\Desktop\Google Chrome.lnk
[2010/10/29 22:36:00 | 000,002,001 | ---- | C] () -- C:\Users\Mum\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/29 22:28:48 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/27 22:07:02 | 004,803,396 | ---- | C] () -- C:\Users\Mum\Desktop\Lupe Fiasco - Show Goes On (Prod. by Kane Beatz).mp3
[2010/10/27 21:59:11 | 005,008,525 | ---- | C] () -- C:\Users\Mum\Desktop\Nelly Ft. Akon & T-Pain - Move That Body (Mastered).mp3
[2010/10/27 19:39:11 | 000,000,848 | ---- | C] () -- C:\Users\Mum\Desktop\Virtual DJ Home.lnk
[2010/10/27 19:07:58 | 000,000,837 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/27 18:55:12 | 001,597,836 | ---- | C] () -- C:\Users\Mum\Desktop\Far East Movement - 2 is Better.mp3
[2010/10/27 18:52:10 | 004,744,722 | ---- | C] () -- C:\Users\Mum\Desktop\Far East Movement - White Flag (ft. Kayla Kai).mp3
[2010/10/25 19:28:13 | 000,051,475 | ---- | C] () -- C:\Users\Mum\Desktop\Hayden.jpg
[2010/10/24 09:36:03 | 008,376,320 | ---- | C] () -- C:\Users\Mum\Desktop\Usher - OMG.mp3
[2010/10/24 09:33:06 | 005,294,270 | ---- | C] () -- C:\Users\Mum\Desktop\Usher feat Pitbull - DJ Got Us Falling In Love Again.mp3
[2010/10/20 11:46:17 | 000,209,046 | ---- | C] () -- C:\Users\Mum\Desktop\JustinBieber.png
[2010/10/19 02:16:27 | 005,472,365 | ---- | C] () -- C:\Users\Mum\Desktop\Symbian_ROM_Flashing_Tool_v1.50.exe
[2010/10/19 02:15:59 | 000,000,972 | ---- | C] () -- C:\Users\Mum\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2010/10/19 02:15:59 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2010/10/19 02:06:53 | 000,829,595 | ---- | C] () -- C:\Users\Mum\Desktop\Samsung-I8910_Omnia_HD-flasher-1.50-Symbian_ROM_Flashing_Tool_v1.50.exe
[2010/10/19 01:56:59 | 012,566,499 | ---- | C] () -- C:\Users\Mum\Desktop\HyperX.rar
[2010/10/18 23:12:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/10/18 22:53:49 | 000,002,535 | ---- | C] () -- C:\Users\Public\Desktop\Samsung PC Studio 7.lnk
[2010/10/18 17:25:19 | 005,312,479 | ---- | C] () -- C:\Users\Mum\Desktop\Far East Movement ft. Keri Hilson - Don’t Look Now.mp3
[2010/10/15 14:17:17 | 005,859,883 | ---- | C] () -- C:\Users\Mum\Desktop\Far East Movement Ft. Mohombi - She Owns The Night.mp3
[2010/10/15 14:17:13 | 008,124,379 | ---- | C] () -- C:\Users\Mum\Desktop\Jessica Mauboy Ft. Jay Sean - What Happened To Us.mp3
[2010/10/15 14:10:17 | 002,865,648 | ---- | C] () -- C:\Users\Mum\Desktop\Lady Gaga - Nothin On (But The Radio).mp3
[2010/10/15 14:08:56 | 004,899,391 | ---- | C] () -- C:\Users\Mum\Desktop\Bruno Mars - Today My Life Begins.mp3
[2010/10/15 14:05:38 | 002,813,202 | ---- | C] () -- C:\Users\Mum\Desktop\Shay ft. Stevie Hoang - Youre Beautiful (2010).mp3
[2010/10/15 14:04:58 | 004,797,700 | ---- | C] () -- C:\Users\Mum\Desktop\Francisco - Still My Love (Prod. by Oddz N Endtz).mp3
[2010/10/05 14:18:36 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2010/10/05 09:17:18 | 000,001,593 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2010/10/05 09:08:30 | 000,130,560 | ---- | C] () -- C:\Users\Mum\Desktop\Printing from UniWireless.doc
[2010/10/04 22:32:39 | 000,000,602 | ---- | C] () -- C:\Users\Mum\Desktop\vpumlee.zvpl
[2010/10/04 22:21:28 | 000,000,137 | ---- | C] () -- C:\Users\Mum\.vpsuite_installation.xml
[2010/10/04 22:17:43 | 000,000,134 | ---- | C] () -- C:\Users\Mum\.vpinstall.properties
[2010/10/04 19:24:01 | 000,088,659 | ---- | C] () -- C:\Users\Mum\Desktop\Funny Fish.jpg
[2010/07/05 01:17:16 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/02/10 11:49:11 | 000,000,211 | ---- | C] () -- C:\Windows\WinHelp.ini
[2009/11/26 15:57:16 | 000,000,680 | ---- | C] () -- C:\Users\Mum\AppData\Local\d3d9caps.dat
[2009/10/31 20:59:51 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/09/24 13:42:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/15 22:46:20 | 000,000,600 | ---- | C] () -- C:\Users\Mum\AppData\Local\PUTTY.RND
[2009/09/11 13:00:41 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/09/11 13:00:41 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/09/07 12:19:37 | 000,036,725 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/07 12:11:53 | 000,036,725 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/28 17:37:30 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/04/23 17:02:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008/04/01 18:13:57 | 001,807,744 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/05/09 18:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2006/11/02 23:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 13:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/10/28 09:44:40 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\AVG
[2010/10/28 09:08:43 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\AVG10
[2010/09/13 20:12:58 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\fizzy
[2010/05/12 20:51:30 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\LolClient
[2010/04/18 19:57:58 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/10/18 23:12:21 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\PC Suite
[2010/10/18 23:13:01 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Samsung
[2010/10/26 10:17:50 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Sports Interactive
[2010/09/07 00:44:50 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Subversion
[2010/10/29 07:12:00 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\uTorrent
[2010/02/22 00:42:57 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\WTouch
[2010/10/11 18:12:38 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/10/30 20:29:49 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/30 20:38:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1B61112F-E66A-477A-AFE2-4191BC20A530}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

HaydenYi 0 Newbie Poster · Answer 7 · 2010-10-30T15:39:43+00:00

OTL after fix scan

OTL logfile created on: 30/10/2010 8:35:15 PM - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Mum\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

========== Processes (SafeList) ==========

PRC - [2010/10/30 18:04:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mum\Desktop\OTL.exe
PRC - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/06 17:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/06 17:24:36 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/06 17:24:08 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/02 18:13:26 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/02 18:13:26 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/29 01:16:48 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/23 15:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/11/23 15:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/11/23 15:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009/11/23 15:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009/09/10 18:42:13 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/02 20:41:38 | 001,236,992 | ---- | M] (ExpressService) -- C:\Program Files\kdisk.co.kr\Kdisk(fast)\ExpressService.exe
PRC - [2009/04/11 17:28:15 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/04/11 17:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/27 16:37:24 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2008/12/06 01:48:08 | 000,699,392 | ---- | M] () -- C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe
PRC - [2008/10/15 02:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2008/08/12 19:21:11 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/07/19 14:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/07/10 12:09:26 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008/06/18 17:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/06/04 12:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/03/18 15:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/03/10 09:58:18 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/02/22 09:11:02 | 000,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/02/02 10:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2008/01/24 10:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2008/01/24 05:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2008/01/12 17:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe
PRC - [2007/12/05 05:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007/12/01 06:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/11/05 14:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007/10/03 16:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe
PRC - [2007/09/18 11:05:08 | 000,040,960 | ---- | M] ( ) -- C:\Program Files\ASUS\ATK Media\GPSWatch.exe
PRC - [2007/08/17 17:40:29 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/16 06:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 19:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/04 07:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007/07/06 11:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007/05/24 16:06:56 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2005/07/07 10:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe

========== Modules (SafeList) ==========

MOD - [2010/10/30 18:04:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mum\Desktop\OTL.exe
MOD - [2010/09/01 02:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/02 18:13:26 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 22:19:10 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/12/04 10:29:00 | 003,377,880 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/11/23 15:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/11/23 15:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/09/25 12:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/02 20:41:38 | 001,236,992 | ---- | M] (ExpressService) [Auto | Running] -- C:\Program Files\kdisk.co.kr\Kdisk(fast)\ExpressService.exe -- (ExpressService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/03/18 15:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 13:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 16:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007/08/08 19:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/04 07:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\WacomVKHid.sys -- (WacomVKHid)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - [2010/10/08 15:57:54 | 000,143,184 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010/10/08 15:57:54 | 000,111,568 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2010/10/08 15:57:54 | 000,100,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/10/08 15:57:54 | 000,041,936 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2010/10/08 15:57:54 | 000,031,888 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/07/10 09:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/22 09:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/07/09 13:16:04 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/07/04 01:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/05/20 11:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/01/13 10:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/06 12:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/08/28 17:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/08/12 19:09:47 | 002,159,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/22 13:21:07 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/07/08 21:32:51 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/03 17:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/04/01 18:13:57 | 001,807,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/03/21 15:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/21 13:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 13:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 13:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 13:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 13:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 13:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 13:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 13:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 13:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 13:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 13:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 13:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 13:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 13:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 13:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 13:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 13:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 13:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 13:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 13:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 13:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 13:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 13:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 13:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 13:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/08/17 18:12:27 | 000,190,512 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/08/03 15:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007/07/25 06:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007/05/02 16:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsa.sys -- (nmwcdsa)
DRV - [2007/05/02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacm.sys -- (nmwcdsacm)
DRV - [2007/05/02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsacj.sys -- (nmwcdsacj)
DRV - [2007/05/02 16:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdsac.sys -- (nmwcdsac)
DRV - [2007/02/16 12:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/12/14 18:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/02 20:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 20:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 20:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 20:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 20:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 20:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 20:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 20:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 20:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 20:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 20:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 19:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 19:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 19:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 19:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 19:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 19:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 18:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 18:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 18:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://www.unimelb.edu.au/cgi-bin/proxy.pac

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.wolframalpha.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.93
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..network.proxy.autoconfig_url: "http://www.unimelb.edu.au/cgi-bin/proxy.pac"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/27 19:06:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/18 01:48:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/18 01:48:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b2\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 2\components [2010/08/18 01:48:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 2\plugins [2010/08/18 01:48:25 | 000,000,000 | ---D | M]

[2009/09/13 19:10:13 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Mozilla\Extensions
[2010/10/29 23:25:55 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions
[2009/09/13 19:37:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/08 23:33:10 | 000,000,000 | ---D | M] () -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2010/05/04 01:14:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/30 21:51:41 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/03/14 09:03:22 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions\firebug@software.joehewitt.com
[2010/01/30 21:51:41 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\uq2mu20r.default\extensions\personas@christopher.beard
[2009/08/28 23:45:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/31 20:05:32 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
[2008/11/19 00:04:58 | 000,189,952 | ---- | M] ((주) 그래텍) -- C:\Program Files\Mozilla Firefox\plugins\NPGomtvx_nie.dll

O1 HOSTS File: ([2010/10/30 20:29:29 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON TX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBP.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [S60 PC Suite Tray] C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: msn.com ([*.contacts] https in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([*.storage] https in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3777C31D-20BE-4D86-A566-E63D37BD2798} http://www.kdisk.co.kr/mmsv/KdiskWebControl.CAB (Kdisk File Control1)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8C165CC2-E50D-4D99-9D32-DAF6AB15AA32} http://patch.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2_20090923.cab (MnetHelper6 Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mum\Pictures\abstract-art-wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mum\Pictures\abstract-art-wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{19fd33c8-ae59-11de-a63e-0023545f47dc}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{6bc18bc5-741d-11df-8266-0023545f47dc}\Shell - "" = AutoRun
O33 - MountPoints2\{6bc18bc5-741d-11df-8266-0023545f47dc}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/30 18:54:50 | 000,000,000 | ---D | C] -- C:\Users\Mum\Desktop\New Folder
[2010/10/30 18:46:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/30 18:04:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Mum\Desktop\OTL.exe
[2010/10/29 22:42:09 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Roaming\Malwarebytes
[2010/10/29 22:41:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/29 22:41:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/29 22:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/29 22:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/29 22:40:40 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mum\Desktop\mbam-setup-1.46.exe
[2010/10/29 01:14:31 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/10/28 09:13:15 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Roaming\AVG
[2010/10/28 09:10:11 | 000,000,000 | ---D | C] -- C:\Users\Mum\Desktop\AVG PC Tuneup 2011
[2010/10/28 09:08:42 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Roaming\AVG10
[2010/10/27 19:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2010/10/27 19:08:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/10/27 19:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/10/27 19:06:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/10/27 19:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/10/27 18:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/26 10:17:36 | 000,000,000 | ---D | C] -- C:\Users\Mum\Documents\Sports Interactive
[2010/10/26 10:17:35 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Roaming\Sports Interactive
[2010/10/20 18:07:58 | 000,000,000 | ---D | C] -- C:\Users\Mum\Desktop\Songs
[2010/10/19 02:25:09 | 000,000,000 | ---D | C] -- C:\Users\Mum\Desktop\HyperX
[2010/10/19 02:18:04 | 000,000,000 | ---D | C] -- C:\Users\Mum\.VirtualBox
[2010/10/19 02:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2010/10/18 23:12:48 | 000,000,000 | ---D | C] -- C:\Users\Mum\Desktop\Samsung Backup
[2010/10/18 22:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010/10/18 22:55:14 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Roaming\PC Suite
[2010/10/18 22:55:13 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Roaming\Samsung
[2010/10/18 22:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010/10/18 22:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/10/18 22:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/10/18 22:41:27 | 000,021,632 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010/10/18 22:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/10/18 22:36:51 | 000,090,624 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2010/10/18 22:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/10/18 22:35:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010/10/18 19:54:12 | 000,000,000 | ---D | C] -- C:\Users\Mum\AppData\Local\Windows Live
[2010/10/05 09:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2010/10/05 09:11:41 | 010,200,127 | ---- | C] (Igor Pavlov) -- C:\Users\Mum\Desktop\vpnclient-win-msi-5.0.05.0290-student.exe
[2010/10/04 22:27:11 | 000,000,000 | ---D | C] -- C:\Users\Mum\.vplls
[2010/10/04 22:26:17 | 000,000,000 | ---D | C] -- C:\Users\Mum\vpworkspace
[2008/06/03 17:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2010/10/30 20:38:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1B61112F-E66A-477A-AFE2-4191BC20A530}.job
[2010/10/30 20:37:48 | 000,604,520 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/30 20:37:48 | 000,107,796 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/30 20:32:06 | 000,036,725 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/10/30 20:32:05 | 000,036,725 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/10/30 20:31:20 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010/10/30 20:31:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/30 20:31:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/30 20:30:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/30 20:29:29 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/10/30 20:24:34 | 342,437,046 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/30 20:19:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3787611084-2302980398-4238082244-1001UA.job
[2010/10/30 19:28:56 | 000,925,064 | ---- | M] () -- C:\Users\Mum\Desktop\Norton_Removal_Tool.exe
[2010/10/30 19:25:22 | 000,294,912 | ---- | M] () -- C:\Users\Mum\Desktop\k2dl92rj.exe
[2010/10/30 18:04:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mum\Desktop\OTL.exe
[2010/10/30 17:34:00 | 098,021,486 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/10/29 22:41:57 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/29 22:40:55 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mum\Desktop\mbam-setup-1.46.exe
[2010/10/29 22:36:00 | 000,002,039 | ---- | M] () -- C:\Users\Mum\Desktop\Google Chrome.lnk
[2010/10/29 22:36:00 | 000,002,001 | ---- | M] () -- C:\Users\Mum\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/29 22:28:48 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/29 22:19:02 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3787611084-2302980398-4238082244-1001Core.job
[2010/10/28 09:18:15 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/28 09:06:51 | 000,385,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/27 22:07:46 | 004,803,396 | ---- | M] () -- C:\Users\Mum\Desktop\Lupe Fiasco - Show Goes On (Prod. by Kane Beatz).mp3
[2010/10/27 21:59:25 | 005,008,525 | ---- | M] () -- C:\Users\Mum\Desktop\Nelly Ft. Akon & T-Pain - Move That Body (Mastered).mp3
[2010/10/27 19:39:11 | 000,000,848 | ---- | M] () -- C:\Users\Mum\Desktop\Virtual DJ Home.lnk
[2010/10/27 18:55:40 | 001,597,836 | ---- | M] () -- C:\Users\Mum\Desktop\Far East Movement - 2 is Better.mp3
[2010/10/27 18:54:08 | 004,744,722 | ---- | M] () -- C:\Users\Mum\Desktop\Far East Movement - White Flag (ft. Kayla Kai).mp3
[2010/10/25 19:28:07 | 000,051,475 | ---- | M] () -- C:\Users\Mum\Desktop\Hayden.jpg
[2010/10/24 09:38:48 | 008,376,320 | ---- | M] () -- C:\Users\Mum\Desktop\Usher - OMG.mp3
[2010/10/24 09:35:31 | 005,294,270 | ---- | M] () -- C:\Users\Mum\Desktop\Usher feat Pitbull - DJ Got Us Falling In Love Again.mp3
[2010/10/20 11:46:17 | 000,209,046 | ---- | M] () -- C:\Users\Mum\Desktop\JustinBieber.png
[2010/10/20 01:17:23 | 005,312,479 | ---- | M] () -- C:\Users\Mum\Desktop\Far East Movement ft. Keri Hilson - Don’t Look Now.mp3
[2010/10/19 02:15:59 | 000,000,972 | ---- | M] () -- C:\Users\Mum\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2010/10/19 02:15:59 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2010/10/19 02:06:57 | 000,829,595 | ---- | M] () -- C:\Users\Mum\Desktop\Samsung-I8910_Omnia_HD-flasher-1.50-Symbian_ROM_Flashing_Tool_v1.50.exe
[2010/10/19 02:01:25 | 012,566,499 | ---- | M] () -- C:\Users\Mum\Desktop\HyperX.rar
[2010/10/18 23:12:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/10/18 22:55:12 | 000,002,535 | ---- | M] () -- C:\Users\Public\Desktop\Samsung PC Studio 7.lnk
[2010/10/15 14:17:18 | 005,859,883 | ---- | M] () -- C:\Users\Mum\Desktop\Far East Movement Ft. Mohombi - She Owns The Night.mp3
[2010/10/15 14:17:13 | 008,124,379 | ---- | M] () -- C:\Users\Mum\Desktop\Jessica Mauboy Ft. Jay Sean - What Happened To Us.mp3
[2010/10/15 14:14:03 | 004,899,391 | ---- | M] () -- C:\Users\Mum\Desktop\Bruno Mars - Today My Life Begins.mp3
[2010/10/15 14:13:47 | 002,865,648 | ---- | M] () -- C:\Users\Mum\Desktop\Lady Gaga - Nothin On (But The Radio).mp3
[2010/10/15 14:10:35 | 004,797,700 | ---- | M] () -- C:\Users\Mum\Desktop\Francisco - Still My Love (Prod. by Oddz N Endtz).mp3
[2010/10/15 14:08:12 | 002,813,202 | ---- | M] () -- C:\Users\Mum\Desktop\Shay ft. Stevie Hoang - Youre Beautiful (2010).mp3
[2010/10/11 18:12:38 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/10/05 15:01:16 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2010/10/05 09:19:36 | 000,001,593 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2010/10/05 09:11:47 | 010,200,127 | ---- | M] (Igor Pavlov) -- C:\Users\Mum\Desktop\vpnclient-win-msi-5.0.05.0290-student.exe
[2010/10/05 09:08:31 | 000,130,560 | ---- | M] () -- C:\Users\Mum\Desktop\Printing from UniWireless.doc
[2010/10/04 22:32:37 | 000,000,602 | ---- | M] () -- C:\Users\Mum\Desktop\vpumlee.zvpl
[2010/10/04 22:27:15 | 000,000,134 | ---- | M] () -- C:\Users\Mum\.vpinstall.properties
[2010/10/04 22:21:28 | 000,000,137 | ---- | M] () -- C:\Users\Mum\.vpsuite_installation.xml
[2010/10/04 19:24:02 | 000,088,659 | ---- | M] () -- C:\Users\Mum\Desktop\Funny Fish.jpg

========== Files Created - No Company Name ==========

[2010/10/30 19:30:50 | 342,437,046 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/30 19:28:28 | 000,925,064 | ---- | C] () -- C:\Users\Mum\Desktop\Norton_Removal_Tool.exe
[2010/10/30 19:25:18 | 000,294,912 | ---- | C] () -- C:\Users\Mum\Desktop\k2dl92rj.exe
[2010/10/30 17:34:00 | 098,021,486 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/10/29 22:41:57 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/29 22:36:00 | 000,002,039 | ---- | C] () -- C:\Users\Mum\Desktop\Google Chrome.lnk
[2010/10/29 22:36:00 | 000,002,001 | ---- | C] () -- C:\Users\Mum\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/29 22:28:48 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/27 22:07:02 | 004,803,396 | ---- | C] () -- C:\Users\Mum\Desktop\Lupe Fiasco - Show Goes On (Prod. by Kane Beatz).mp3
[2010/10/27 21:59:11 | 005,008,525 | ---- | C] () -- C:\Users\Mum\Desktop\Nelly Ft. Akon & T-Pain - Move That Body (Mastered).mp3
[2010/10/27 19:39:11 | 000,000,848 | ---- | C] () -- C:\Users\Mum\Desktop\Virtual DJ Home.lnk
[2010/10/27 19:07:58 | 000,000,837 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/27 18:55:12 | 001,597,836 | ---- | C] () -- C:\Users\Mum\Desktop\Far East Movement - 2 is Better.mp3
[2010/10/27 18:52:10 | 004,744,722 | ---- | C] () -- C:\Users\Mum\Desktop\Far East Movement - White Flag (ft. Kayla Kai).mp3
[2010/10/25 19:28:13 | 000,051,475 | ---- | C] () -- C:\Users\Mum\Desktop\Hayden.jpg
[2010/10/24 09:36:03 | 008,376,320 | ---- | C] () -- C:\Users\Mum\Desktop\Usher - OMG.mp3
[2010/10/24 09:33:06 | 005,294,270 | ---- | C] () -- C:\Users\Mum\Desktop\Usher feat Pitbull - DJ Got Us Falling In Love Again.mp3
[2010/10/20 11:46:17 | 000,209,046 | ---- | C] () -- C:\Users\Mum\Desktop\JustinBieber.png
[2010/10/19 02:16:27 | 005,472,365 | ---- | C] () -- C:\Users\Mum\Desktop\Symbian_ROM_Flashing_Tool_v1.50.exe
[2010/10/19 02:15:59 | 000,000,972 | ---- | C] () -- C:\Users\Mum\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2010/10/19 02:15:59 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2010/10/19 02:06:53 | 000,829,595 | ---- | C] () -- C:\Users\Mum\Desktop\Samsung-I8910_Omnia_HD-flasher-1.50-Symbian_ROM_Flashing_Tool_v1.50.exe
[2010/10/19 01:56:59 | 012,566,499 | ---- | C] () -- C:\Users\Mum\Desktop\HyperX.rar
[2010/10/18 23:12:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/10/18 22:53:49 | 000,002,535 | ---- | C] () -- C:\Users\Public\Desktop\Samsung PC Studio 7.lnk
[2010/10/18 17:25:19 | 005,312,479 | ---- | C] () -- C:\Users\Mum\Desktop\Far East Movement ft. Keri Hilson - Don’t Look Now.mp3
[2010/10/15 14:17:17 | 005,859,883 | ---- | C] () -- C:\Users\Mum\Desktop\Far East Movement Ft. Mohombi - She Owns The Night.mp3
[2010/10/15 14:17:13 | 008,124,379 | ---- | C] () -- C:\Users\Mum\Desktop\Jessica Mauboy Ft. Jay Sean - What Happened To Us.mp3
[2010/10/15 14:10:17 | 002,865,648 | ---- | C] () -- C:\Users\Mum\Desktop\Lady Gaga - Nothin On (But The Radio).mp3
[2010/10/15 14:08:56 | 004,899,391 | ---- | C] () -- C:\Users\Mum\Desktop\Bruno Mars - Today My Life Begins.mp3
[2010/10/15 14:05:38 | 002,813,202 | ---- | C] () -- C:\Users\Mum\Desktop\Shay ft. Stevie Hoang - Youre Beautiful (2010).mp3
[2010/10/15 14:04:58 | 004,797,700 | ---- | C] () -- C:\Users\Mum\Desktop\Francisco - Still My Love (Prod. by Oddz N Endtz).mp3
[2010/10/05 14:18:36 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2010/10/05 09:17:18 | 000,001,593 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2010/10/05 09:08:30 | 000,130,560 | ---- | C] () -- C:\Users\Mum\Desktop\Printing from UniWireless.doc
[2010/10/04 22:32:39 | 000,000,602 | ---- | C] () -- C:\Users\Mum\Desktop\vpumlee.zvpl
[2010/10/04 22:21:28 | 000,000,137 | ---- | C] () -- C:\Users\Mum\.vpsuite_installation.xml
[2010/10/04 22:17:43 | 000,000,134 | ---- | C] () -- C:\Users\Mum\.vpinstall.properties
[2010/10/04 19:24:01 | 000,088,659 | ---- | C] () -- C:\Users\Mum\Desktop\Funny Fish.jpg
[2010/07/05 01:17:16 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/02/10 11:49:11 | 000,000,211 | ---- | C] () -- C:\Windows\WinHelp.ini
[2009/11/26 15:57:16 | 000,000,680 | ---- | C] () -- C:\Users\Mum\AppData\Local\d3d9caps.dat
[2009/10/31 20:59:51 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/09/24 13:42:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/15 22:46:20 | 000,000,600 | ---- | C] () -- C:\Users\Mum\AppData\Local\PUTTY.RND
[2009/09/11 13:00:41 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/09/11 13:00:41 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/09/07 12:19:37 | 000,036,725 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/07 12:11:53 | 000,036,725 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/28 17:37:30 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/04/23 17:02:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008/04/01 18:13:57 | 001,807,744 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/05/09 18:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2006/11/02 23:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 13:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/10/28 09:44:40 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\AVG
[2010/10/28 09:08:43 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\AVG10
[2010/09/13 20:12:58 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\fizzy
[2010/05/12 20:51:30 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\LolClient
[2010/04/18 19:57:58 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/10/18 23:12:21 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\PC Suite
[2010/10/18 23:13:01 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Samsung
[2010/10/26 10:17:50 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Sports Interactive
[2010/09/07 00:44:50 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\Subversion
[2010/10/29 07:12:00 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\uTorrent
[2010/02/22 00:42:57 | 000,000,000 | ---D | M] -- C:\Users\Mum\AppData\Roaming\WTouch
[2010/10/11 18:12:38 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/10/30 20:29:49 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/30 20:38:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1B61112F-E66A-477A-AFE2-4191BC20A530}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

HaydenYi 0 Newbie Poster · Answer 8 · 2010-10-30T15:46:48+00:00

Ok, my GMER finally decided to run a bit longer than a few seconds before blue screen
I managed to capture these before it shut me down

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-30 20:45:39
Windows 6.0.6002 Service Pack 2
Running: k2dl92rj.exe; Driver: C:\Users\Mum\AppData\Local\Temp\uwdyapod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA3E55780]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA3E55830]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA3E558D0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA3E55970]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 871DB292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 871DB292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-1 871DB292

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST9250320AS_____________________________0303____#5&5f44344&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report062a6a85

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 488396912 (+255): rootkit-like behavior;

HaydenYi 0 Newbie Poster · Answer 9 · 2010-10-30T18:28:51+00:00

Thanks Crunchie for helping

I just encountered the blue screen (again) when I reached Stage 6. It said Finished Stage 6 and then went into blue screen. What should I do?

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 10 · 2010-10-30T18:35:26+00:00

Please try in safe mode. To get safe mode, continuously tap F8 after pushing the power on button of the PC.
Select Safe Mode from the menu that comes up.

HaydenYi 0 Newbie Poster · Answer 11 · 2010-10-30T19:33:12+00:00

Just tried it in Safemode. It wouldn't even let me start for a few seconds. It goes into blue screen immediately when i run ComboFix in Safemode

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 12 · 2010-10-30T19:40:49+00:00

Try combofix like this:

1. Please open Notepad

Click Start , then Run
Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

[IMG]http://i5.photobucket.com/albums/y153/crunchie1/CFScript.gif[/IMG]

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

HaydenYi 0 Newbie Poster · Answer 13 · 2010-10-31T12:06:49+00:00

Sorry for the late reply, had work this morning

Ok, I tried what you said and it gave me a blue screen with the message that something tried to write in the Read-Only memory. Should I do this in safe mode?

HaydenYi 0 Newbie Poster · Answer 14 · 2010-10-31T12:21:55+00:00

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Mum on 31/10/2010 at 17:21:19.

Services Stopped:

Processes terminated by Rkill or while it was running:

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mum\Desktop\rkill.exe

Rkill completed on 31/10/2010 at 17:21:31.

HaydenYi 0 Newbie Poster · Answer 15 · 2010-10-31T12:22:46+00:00

exeHelper by Raktor
Build 20100414
Run at 17:22:06 on 10/31/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 16 · 2010-10-31T13:02:35+00:00

crunchie 990 Most Valuable Poster

13 Years Ago

No combofix?

HaydenYi 0 Newbie Poster · Answer 17 · 2010-10-31T13:56:43+00:00

I just ran combofix, which was why I couldnt reply till now

This time, it was more successful. I ran all the stages, but when it said Deleting Folders, it sort of froze
It deleted 1 file, and then 1 folder, and did nothing for an hour and a half. Should I try re-running it or what do you suggest?

Yet again, thank you VERY much for helping!

HaydenYi 0 Newbie Poster · Answer 18 · 2010-10-31T16:31:41+00:00

I tried running it again only to be blocked by more and more blue screen of death
But never fear! I went to safety mode, ran all the programs you've told me to run (rkill and exeHelper) and then ran ComboFix
And guess what? It worked! It finally fixed it! Log is

ComboFix 10-10-30.04 - Mum 31/10/2010 21:13:49.3.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3070.2531 [GMT 11:00]
Running from: c:\users\Mum\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Kevin\AppData\Local\TempDIR
c:\windows\winhelp.ini

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.

2010-10-31 10:22 . 2010-10-31 10:22 -------- d-----w- c:\users\Mum\AppData\Local\temp
2010-10-31 10:22 . 2010-10-31 10:22 -------- d-----w- c:\users\Kevin\AppData\Local\temp
2010-10-31 10:22 . 2010-10-31 10:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-30 07:46 . 2010-10-30 07:46 -------- d-----w- C:\_OTL
2010-10-29 11:42 . 2010-10-29 11:42 -------- d-----w- c:\users\Mum\AppData\Roaming\Malwarebytes
2010-10-29 11:41 . 2010-04-29 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-29 11:41 . 2010-10-29 11:41 -------- d-----w- c:\programdata\Malwarebytes
2010-10-29 11:41 . 2010-04-29 04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-29 11:41 . 2010-10-29 11:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-28 14:14 . 2010-10-28 14:14 -------- d-----w- C:\$AVG
2010-10-27 22:13 . 2010-10-27 22:44 -------- d-----w- c:\users\Mum\AppData\Roaming\AVG
2010-10-27 09:25 . 2010-10-27 09:54 -------- d-----w- c:\users\Kevin\AppData\Roaming\AVG
2010-10-27 08:38 . 2010-10-27 08:39 -------- d-----w- c:\program files\VirtualDJ
2010-10-27 08:08 . 2010-10-27 08:08 -------- d--h--w- c:\programdata\Common Files
2010-10-27 08:06 . 2010-10-31 06:08 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-27 08:06 . 2010-10-29 11:13 -------- d-----w- c:\programdata\AVG10
2010-10-27 08:05 . 2010-10-27 08:54 -------- d-----w- c:\program files\AVG
2010-10-27 07:49 . 2010-10-27 08:05 -------- d-----w- c:\programdata\MFAData
2010-10-27 06:43 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 06:43 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 06:43 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-26 12:34 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323E292-6428-4AA6-AF16-34DAB6D76CFD}\mpengine.dll
2010-10-25 23:17 . 2010-10-25 23:17 -------- d-----w- c:\users\Mum\AppData\Roaming\Sports Interactive
2010-10-18 15:18 . 2010-10-18 15:37 -------- d-----w- c:\users\Mum\.VirtualBox
2010-10-18 15:15 . 2010-10-08 04:57 143184 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-10-18 15:15 . 2010-10-08 04:57 41936 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-10-18 15:15 . 2010-10-18 15:15 -------- d-----w- c:\program files\Oracle
2010-10-18 11:55 . 2010-10-18 12:12 -------- d-----w- c:\programdata\PC Suite
2010-10-18 11:55 . 2010-10-18 12:12 -------- d-----w- c:\users\Mum\AppData\Roaming\PC Suite
2010-10-18 11:55 . 2010-10-18 12:13 -------- d-----w- c:\users\Mum\AppData\Roaming\Samsung
2010-10-18 11:54 . 2010-10-18 11:54 -------- d-----w- c:\users\Kevin\AppData\Roaming\Samsung
2010-10-18 11:53 . 2010-10-18 11:53 -------- d-----w- c:\program files\Common Files\PCSuite
2010-10-18 11:52 . 2008-07-03 00:48 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2010-10-18 11:41 . 2010-10-18 11:41 -------- d-----w- c:\program files\MSXML 4.0
2010-10-18 11:41 . 2010-10-18 11:41 -------- d-----w- c:\program files\DIFX
2010-10-18 11:41 . 2007-09-17 04:53 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-10-18 11:39 . 2010-10-18 11:39 -------- d-----w- c:\program files\PC Connectivity Solution
2010-10-18 11:36 . 2007-05-02 05:31 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-10-18 11:36 . 2010-10-18 11:53 -------- d-----w- c:\program files\Samsung
2010-10-18 11:35 . 2010-10-18 11:35 -------- d-----w- c:\programdata\Installations
2010-10-18 08:54 . 2010-10-31 06:09 -------- d-----w- c:\users\Mum\AppData\Local\Windows Live
2010-10-18 08:34 . 2010-10-31 10:03 -------- d-----w- c:\users\Kevin\AppData\Local\Windows Live
2010-10-13 13:58 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 13:58 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 13:57 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 13:57 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 13:57 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 13:57 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 13:57 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-13 13:57 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 13:57 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 13:57 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 13:57 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-08 04:57 . 2010-10-08 04:57 31888 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2010-10-08 04:57 . 2010-10-08 04:57 111568 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-10-08 04:57 . 2010-10-08 04:57 100560 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-10-08 04:57 . 2010-10-08 04:57 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-10-04 22:17 . 2010-10-04 22:17 -------- d-----w- c:\program files\Cisco Systems
2010-10-04 11:27 . 2010-10-04 11:36 -------- d-----w- c:\users\Mum\.vplls
2010-10-04 11:26 . 2010-10-04 23:12 -------- d-----w- c:\users\Mum\vpworkspace

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-31 10:02 . 2009-02-27 05:43 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-10-19 00:41 . 2009-10-02 16:50 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 13:47 . 2010-09-22 13:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-13 05:27 . 2010-09-13 05:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-06 16:49 . 2010-09-06 16:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-06 16:48 . 2010-09-06 16:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-06 16:48 . 2010-09-06 16:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-06 16:48 . 2010-09-06 16:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-09-01 11:28 . 2010-09-01 11:28 341256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-08-26 16:33 . 2010-10-27 06:43 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 06:43 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 06:43 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 06:43 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-19 10:42 . 2010-08-19 10:42 27216 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2010-08-19 10:42 . 2010-08-19 10:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-19 10:42 . 2010-08-19 10:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-17 14:11 . 2010-09-15 07:08 128000 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"Google Update"="c:\users\Mum\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-23 136176]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"S60 PC Suite Tray"="c:\program files\Samsung\Samsung PC Studio 7\PCSuite.exe" [2008-12-05 699392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-02-27 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-02-27 47672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"Skytel"="Skytel.exe" [2008-08-12 1833504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-28 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-14 2745696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Samsung.PCSync"="c:\program files\Samsung\Samsung PC Studio 7\PcSync2.exe" [2008-09-17 1294336]

c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-8-28 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2010-09-06 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2010-09-06 298448]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-10-08 143184]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-10-08 41936]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2010-09-09 265400]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ExpressService;ExpressService;c:\program files\Kdisk.co.kr\Kdisk(fast)\ExpressService.exe [2009-09-02 1236992]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 4497704]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 113448]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-19 27216]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-07-09 17408]
R3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [2007-05-02 135680]
R3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [2007-05-02 8320]
R3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [2007-05-02 12288]
R3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [2007-05-02 12288]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-12-03 3377880]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 100560]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-10-08 111568]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-10-08 31888]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2010-09-06 26064]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-02 1029456]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 07:13]

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3787611084-2302980398-4238082244-1001Core.job
- c:\users\Mum\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-23 11:03]

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3787611084-2302980398-4238082244-1001UA.job
- c:\users\Mum\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-23 11:03]

2010-10-31 c:\windows\Tasks\User_Feed_Synchronization-{1B61112F-E66A-477A-AFE2-4191BC20A530}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: msn.com\*.contacts
Trusted Zone: msn.com\*.storage
DPF: {3777C31D-20BE-4D86-A566-E63D37BD2798} - hxxp://www.kdisk.co.kr/mmsv/KdiskWebControl.CAB
DPF: {8C165CC2-E50D-4D99-9D32-DAF6AB15AA32} - hxxp://patch.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2_20090923.cab
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\az27ioei.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\BYOND\bin\npbyond.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGomtvx_nie.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - plugin: c:\users\Kevin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Kevin\AppData\Roaming\Mozilla\plugins\npAbacast.dll
FF - plugin: c:\users\Kevin\AppData\Roaming\Mozilla\plugins\NPAbacheck.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-31 21:22
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-31 21:24:27
ComboFix-quarantined-files.txt 2010-10-31 10:24

Pre-Run: 48,371,986,432 bytes free
Post-Run: 48,260,415,488 bytes free

- - End Of File - - DF27203B25EEE4153FFFD3ED1A16D510

Not sure if I still have anything left, but please check it for me! Thank you sooooo much! You've been a great help!

HaydenYi 0 Newbie Poster · Answer 19 · 2010-10-31T16:45:28+00:00

Yeah google chrome loads perfectly

BUT

Your MBR check produced something -wails-

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: F5GL
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 169):
0x82840000 \SystemRoot\system32\ntkrnlpa.exe
0x8280D000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x8060F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8068B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80698000 \SystemRoot\system32\drivers\acpi.sys
0x806DE000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E7000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EF000 \SystemRoot\system32\drivers\pci.sys
0x80716000 \SystemRoot\System32\drivers\partmgr.sys
0x80725000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80728000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80732000 \SystemRoot\system32\drivers\volmgr.sys
0x80741000 \SystemRoot\System32\drivers\volmgrx.sys
0x8078B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8079B000 \SystemRoot\system32\drivers\atapi.sys
0x807A3000 \SystemRoot\system32\drivers\ataport.SYS
0x807C1000 \SystemRoot\system32\drivers\msahci.sys
0x807CB000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x805BE000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D9000 \SystemRoot\system32\drivers\fileinfo.sys
0x807E9000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x80600000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82E06000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82E77000 \SystemRoot\system32\drivers\ndis.sys
0x82F82000 \SystemRoot\system32\drivers\msrpc.sys
0x82FAD000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AA0F000 \SystemRoot\System32\drivers\tcpip.sys
0x8AAF9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AC09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AD19000 \SystemRoot\system32\drivers\wd.sys
0x8AD21000 \SystemRoot\system32\drivers\volsnap.sys
0x8AD5A000 \SystemRoot\System32\Drivers\spldr.sys
0x8AD62000 \SystemRoot\System32\Drivers\mup.sys
0x8AD71000 \SystemRoot\System32\drivers\ecache.sys
0x8AD98000 \SystemRoot\system32\drivers\disk.sys
0x8ADA9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ADCA000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ADD3000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8ADD8000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8AB1E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AC00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8AB29000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8AB38000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8AB4B000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x8AB53000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AB5E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8ADF9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8AB8B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8AB96000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8AB9F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8ABA9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8ABE7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E40C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E499000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8E598000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E5B0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E806000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F284000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8F286000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F327000 \SystemRoot\System32\drivers\watchdog.sys
0x8F40D000 \SystemRoot\system32\DRIVERS\athr.sys
0x8F4FD000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F506000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F50A000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0x8F512000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x8F515000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F525000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F52C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F55B000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F59C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F5A7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F5BE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F5C9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F5EC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F333000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F347000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F35C000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
0x8F373000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F383000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x8F3A0000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8F3C6000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0x8F5FB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E5B6000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F400000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F3E0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F805000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F83A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F842000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x8F84A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8FE0A000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x90018000 \SystemRoot\system32\drivers\portcls.sys
0x90045000 \SystemRoot\system32\drivers\drmk.sys
0x9006A000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x90190000 \SystemRoot\system32\drivers\modem.sys
0x9019D000 \SystemRoot\system32\drivers\nvhda32v.sys
0x901BA000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x901C4000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x901D0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x901D9000 \SystemRoot\System32\Drivers\Null.SYS
0x901E0000 \SystemRoot\System32\Drivers\Beep.SYS
0x901F0000 \SystemRoot\System32\drivers\vga.sys
0x8F85B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FE00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x901E7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F87C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F887000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F895000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F89E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F8B4000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F8C8000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8F910000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F942000 \SystemRoot\system32\drivers\afd.sys
0x8F98A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F9A0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F9AE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F9C1000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
0x8F9CA000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
0x9060B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90647000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90651000 \SystemRoot\System32\Drivers\dfsc.sys
0x90668000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x906A4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x906AD000 \SystemRoot\system32\DRIVERS\wacmoumonitor.sys
0x906B5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90C03000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x90DBD000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x90DCA000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x906CC000 \SystemRoot\system32\DRIVERS\udfs.sys
0x90DD1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90DDE000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x90DE9000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x99C40000 \SystemRoot\System32\win32k.sys
0x90DF3000 \SystemRoot\System32\drivers\Dxapi.sys
0x90707000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99E60000 \SystemRoot\System32\TSDDD.dll
0x99E80000 \SystemRoot\System32\cdd.dll
0x90716000 \SystemRoot\system32\drivers\luafv.sys
0x90731000 \SystemRoot\system32\drivers\spsys.sys
0x907E1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81203000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8122D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x81237000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8124A000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
0x81251000 \SystemRoot\system32\drivers\HTTP.sys
0x812BE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x812DB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x812F4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x81309000 \SystemRoot\system32\drivers\mrxdav.sys
0x8132A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x81349000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x81382000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8139A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA1E02000 \SystemRoot\System32\DRIVERS\srv.sys
0xA1E50000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xA1E5B000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0xA1E5E000 \SystemRoot\system32\drivers\peauth.sys
0xA1F3C000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA1F46000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA1F6E000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA1F7A000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xA1F84000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xA1FAC000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x779D0000 \Windows\System32\ntdll.dll

Processes (total 110):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
504 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
760 csrss.exe
816 C:\Windows\System32\wininit.exe
828 csrss.exe
860 C:\Windows\System32\services.exe
872 C:\Windows\System32\lsass.exe
880 C:\Windows\System32\lsm.exe
1032 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\nvvsvc.exe
1108 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\audiodg.exe
1352 C:\Windows\System32\winlogon.exe
1392 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\SLsvc.exe
1444 C:\Windows\System32\svchost.exe
1612 C:\Program Files\WTouch\WTouchService.exe
1696 C:\Windows\System32\nvvsvc.exe
1744 C:\Windows\System32\wisptis.exe
1764 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
1836 C:\Windows\System32\svchost.exe
292 C:\Program Files\ATK Hotkey\AsLdrSrv.exe
328 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
332 C:\Windows\System32\wlanext.exe
488 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
904 C:\Windows\System32\taskeng.exe
2100 C:\Windows\System32\spoolsv.exe
2132 C:\Windows\System32\svchost.exe
2392 C:\Windows\System32\dwm.exe
2428 C:\Windows\System32\taskeng.exe
2440 C:\Windows\explorer.exe
2448 C:\Windows\System32\wisptis.exe
2460 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
2556 C:\Program Files\WTouch\WTouchUser.exe
2592 C:\Windows\System32\taskeng.exe
2712 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
2728 C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
2952 C:\Program Files\ATK Hotkey\HControl.exe
2960 C:\Program Files\ATK Hotkey\MsgTranAgt.exe
2968 C:\Program Files\Wireless Console 2\wcourier.exe
2976 C:\Program Files\ASUS\ATK Media\DMedia.exe
2984 C:\Program Files\ASUS\ATK Media\GPSWatch.exe
2992 C:\Program Files\P4G\BatteryLife.exe
3000 C:\Program Files\ASUS\Splendid\ACMON.exe
3044 ACEngSvr.exe
3100 C:\Program Files\ATK Hotkey\ATKOSD.exe
3132 C:\Program Files\ATK Hotkey\KBFiltr.exe
3140 C:\Program Files\ATK Hotkey\WDC.exe
3188 C:\Windows\System32\agrsmsvc.exe
3200 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
3220 C:\Program Files\AVG\AVG10\avgwdsvc.exe
3240 C:\Program Files\Bonjour\mDNSResponder.exe
3264 C:\Program Files\kdisk.co.kr\Kdisk(fast)\ExpressService.exe
3388 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3464 C:\Windows\System32\svchost.exe
3480 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
3512 C:\Windows\System32\svchost.exe
3556 C:\Windows\System32\Pen_Tablet.exe
3624 C:\Windows\System32\svchost.exe
3648 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3720 C:\Windows\System32\SearchIndexer.exe
3796 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3856 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
4080 C:\Windows\System32\WTablet\Pen_TabletUser.exe
724 C:\Windows\System32\Pen_Tablet.exe
2828 C:\Program Files\AVG\AVG10\avgnsx.exe
1536 C:\Program Files\AVG\AVG10\avgemcx.exe
2936 unsecapp.exe
4332 WmiPrvSE.exe
4496 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
4512 C:\Program Files\ATK Hotkey\HControlUser.exe
4528 C:\Program Files\ATKOSD2\ATKOSD2.exe
4544 C:\Windows\RtHDVCpl.exe
4556 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
4568 C:\Windows\AsScrPro.exe
4640 C:\Program Files\Java\jre6\bin\jusched.exe
4712 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
4752 C:\Program Files\iTunes\iTunesHelper.exe
4764 C:\Program Files\AVG\AVG10\avgtray.exe
4796 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
4820 C:\Windows\ehome\ehtray.exe
4832 C:\Program Files\Windows Media Player\wmpnscfg.exe
4884 C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe
5048 C:\Program Files\Windows Media Player\wmpnetwk.exe
5076 C:\Windows\ehome\ehmsas.exe
5388 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2572 C:\Program Files\iPod\bin\iPodService.exe
4412 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
4296 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
1860 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
4676 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
5652 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
5356 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
2292 C:\Windows\System32\wuauclt.exe
5852 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
1628 C:\Program Files\AVG\AVG10\avgcsrvx.exe
6044 C:\Riot Games\League of Legends\lol.launcher.exe
4476 C:\Windows\System32\wsqmcons.exe
4724 C:\Program Files\Mozilla Firefox\firefox.exe
996 C:\Riot Games\League of Legends\air\LolClient.exe
1756 taskeng.exe
5892 C:\Windows\System32\SearchProtocolHost.exe
5744 C:\Windows\System32\SearchFilterHost.exe
5172 C:\Users\Mum\Desktop\MBRCheck.exe
1600 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee1af400 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000020`0a223200 (NTFS)

PhysicalDrive0 Model Number: ST9250320AS, Rev: 0303

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

There's something wrong, and i didnt want to touch anything so i pressed 3

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 20 · 2010-10-31T16:54:58+00:00

Yeah google chrome loads perfectly

Great :)

BUT
Your MBR check produced something -wails-

Exactly why I had you run it :).

Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Press the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 3 for Windows VISTA, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot and run MBRCheck again and post that log.

HaydenYi 0 Newbie Poster · Answer 21 · 2010-10-31T17:00:20+00:00

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: F5GL
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 169):
0x82840000 \SystemRoot\system32\ntkrnlpa.exe
0x8280D000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x8060F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8068B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80698000 \SystemRoot\system32\drivers\acpi.sys
0x806DE000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E7000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EF000 \SystemRoot\system32\drivers\pci.sys
0x80716000 \SystemRoot\System32\drivers\partmgr.sys
0x80725000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80728000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80732000 \SystemRoot\system32\drivers\volmgr.sys
0x80741000 \SystemRoot\System32\drivers\volmgrx.sys
0x8078B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8079B000 \SystemRoot\system32\drivers\atapi.sys
0x807A3000 \SystemRoot\system32\drivers\ataport.SYS
0x807C1000 \SystemRoot\system32\drivers\msahci.sys
0x807CB000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x805BE000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D9000 \SystemRoot\system32\drivers\fileinfo.sys
0x807E9000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x80600000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82E06000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82E77000 \SystemRoot\system32\drivers\ndis.sys
0x82F82000 \SystemRoot\system32\drivers\msrpc.sys
0x82FAD000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AA0F000 \SystemRoot\System32\drivers\tcpip.sys
0x8AAF9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AC09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AD19000 \SystemRoot\system32\drivers\wd.sys
0x8AD21000 \SystemRoot\system32\drivers\volsnap.sys
0x8AD5A000 \SystemRoot\System32\Drivers\spldr.sys
0x8AD62000 \SystemRoot\System32\Drivers\mup.sys
0x8AD71000 \SystemRoot\System32\drivers\ecache.sys
0x8AD98000 \SystemRoot\system32\drivers\disk.sys
0x8ADA9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ADCA000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ADD3000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8ADD8000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8AB1E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AC00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8AB29000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8AB38000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8AB4B000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x8AB53000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AB5E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8ADF9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8AB8B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8AB96000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8AB9F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8ABA9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8ABE7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E40C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E499000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8E598000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E5B0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E806000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F284000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8F286000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F327000 \SystemRoot\System32\drivers\watchdog.sys
0x8F40D000 \SystemRoot\system32\DRIVERS\athr.sys
0x8F4FD000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F506000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F50A000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0x8F512000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x8F515000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F525000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F52C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F55B000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F59C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F5A7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F5BE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F5C9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F5EC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F333000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F347000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F35C000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
0x8F373000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F383000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x8F3A0000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8F3C6000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0x8F5FB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E5B6000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F400000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F3E0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F805000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F83A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F842000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x8F84A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8FE0A000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x90018000 \SystemRoot\system32\drivers\portcls.sys
0x90045000 \SystemRoot\system32\drivers\drmk.sys
0x9006A000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x90190000 \SystemRoot\system32\drivers\modem.sys
0x9019D000 \SystemRoot\system32\drivers\nvhda32v.sys
0x901BA000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x901C4000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x901D0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x901D9000 \SystemRoot\System32\Drivers\Null.SYS
0x901E0000 \SystemRoot\System32\Drivers\Beep.SYS
0x901F0000 \SystemRoot\System32\drivers\vga.sys
0x8F85B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FE00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x901E7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F87C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F887000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F895000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F89E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F8B4000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F8C8000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8F910000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F942000 \SystemRoot\system32\drivers\afd.sys
0x8F98A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F9A0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F9AE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F9C1000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
0x8F9CA000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
0x9060B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90647000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90651000 \SystemRoot\System32\Drivers\dfsc.sys
0x90668000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x906A4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x906AD000 \SystemRoot\system32\DRIVERS\wacmoumonitor.sys
0x906B5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90C03000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x90DBD000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x90DCA000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x906CC000 \SystemRoot\system32\DRIVERS\udfs.sys
0x90DD1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90DDE000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x90DE9000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x99C40000 \SystemRoot\System32\win32k.sys
0x90DF3000 \SystemRoot\System32\drivers\Dxapi.sys
0x90707000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99E60000 \SystemRoot\System32\TSDDD.dll
0x99E80000 \SystemRoot\System32\cdd.dll
0x90716000 \SystemRoot\system32\drivers\luafv.sys
0x90731000 \SystemRoot\system32\drivers\spsys.sys
0x907E1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81203000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8122D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x81237000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8124A000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
0x81251000 \SystemRoot\system32\drivers\HTTP.sys
0x812BE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x812DB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x812F4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x81309000 \SystemRoot\system32\drivers\mrxdav.sys
0x8132A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x81349000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x81382000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8139A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA1E02000 \SystemRoot\System32\DRIVERS\srv.sys
0xA1E50000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xA1E5B000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0xA1E5E000 \SystemRoot\system32\drivers\peauth.sys
0xA1F3C000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA1F46000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA1F6E000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA1F7A000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xA1F84000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xA1FAC000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x779D0000 \Windows\System32\ntdll.dll

Processes (total 107):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
504 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
760 csrss.exe
816 C:\Windows\System32\wininit.exe
828 csrss.exe
860 C:\Windows\System32\services.exe
872 C:\Windows\System32\lsass.exe
880 C:\Windows\System32\lsm.exe
1032 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\nvvsvc.exe
1108 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\audiodg.exe
1352 C:\Windows\System32\winlogon.exe
1392 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\SLsvc.exe
1444 C:\Windows\System32\svchost.exe
1612 C:\Program Files\WTouch\WTouchService.exe
1696 C:\Windows\System32\nvvsvc.exe
1744 C:\Windows\System32\wisptis.exe
1764 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
1836 C:\Windows\System32\svchost.exe
292 C:\Program Files\ATK Hotkey\AsLdrSrv.exe
328 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
332 C:\Windows\System32\wlanext.exe
488 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
904 C:\Windows\System32\taskeng.exe
2100 C:\Windows\System32\spoolsv.exe
2132 C:\Windows\System32\svchost.exe
2392 C:\Windows\System32\dwm.exe
2428 C:\Windows\System32\taskeng.exe
2440 C:\Windows\explorer.exe
2448 C:\Windows\System32\wisptis.exe
2460 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
2556 C:\Program Files\WTouch\WTouchUser.exe
2592 C:\Windows\System32\taskeng.exe
2712 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
2728 C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
2952 C:\Program Files\ATK Hotkey\HControl.exe
2960 C:\Program Files\ATK Hotkey\MsgTranAgt.exe
2968 C:\Program Files\Wireless Console 2\wcourier.exe
2976 C:\Program Files\ASUS\ATK Media\DMedia.exe
2984 C:\Program Files\ASUS\ATK Media\GPSWatch.exe
2992 C:\Program Files\P4G\BatteryLife.exe
3000 C:\Program Files\ASUS\Splendid\ACMON.exe
3044 ACEngSvr.exe
3100 C:\Program Files\ATK Hotkey\ATKOSD.exe
3132 C:\Program Files\ATK Hotkey\KBFiltr.exe
3140 C:\Program Files\ATK Hotkey\WDC.exe
3188 C:\Windows\System32\agrsmsvc.exe
3200 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
3220 C:\Program Files\AVG\AVG10\avgwdsvc.exe
3240 C:\Program Files\Bonjour\mDNSResponder.exe
3264 C:\Program Files\kdisk.co.kr\Kdisk(fast)\ExpressService.exe
3388 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3464 C:\Windows\System32\svchost.exe
3480 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
3512 C:\Windows\System32\svchost.exe
3556 C:\Windows\System32\Pen_Tablet.exe
3624 C:\Windows\System32\svchost.exe
3648 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3720 C:\Windows\System32\SearchIndexer.exe
3796 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3856 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
4080 C:\Windows\System32\WTablet\Pen_TabletUser.exe
724 C:\Windows\System32\Pen_Tablet.exe
2828 C:\Program Files\AVG\AVG10\avgnsx.exe
1536 C:\Program Files\AVG\AVG10\avgemcx.exe
2936 unsecapp.exe
4332 WmiPrvSE.exe
4496 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
4512 C:\Program Files\ATK Hotkey\HControlUser.exe
4528 C:\Program Files\ATKOSD2\ATKOSD2.exe
4544 C:\Windows\RtHDVCpl.exe
4556 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
4568 C:\Windows\AsScrPro.exe
4640 C:\Program Files\Java\jre6\bin\jusched.exe
4712 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
4752 C:\Program Files\iTunes\iTunesHelper.exe
4764 C:\Program Files\AVG\AVG10\avgtray.exe
4796 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
4820 C:\Windows\ehome\ehtray.exe
4832 C:\Program Files\Windows Media Player\wmpnscfg.exe
4884 C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe
5048 C:\Program Files\Windows Media Player\wmpnetwk.exe
5076 C:\Windows\ehome\ehmsas.exe
5388 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2572 C:\Program Files\iPod\bin\iPodService.exe
4412 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
4296 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
1860 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
4676 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
5652 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
5356 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
2292 C:\Windows\System32\wuauclt.exe
5852 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
1628 C:\Program Files\AVG\AVG10\avgcsrvx.exe
6044 C:\Riot Games\League of Legends\lol.launcher.exe
4476 C:\Windows\System32\wsqmcons.exe
4724 C:\Program Files\Mozilla Firefox\firefox.exe
996 C:\Riot Games\League of Legends\air\LolClient.exe
1600 C:\Windows\System32\conime.exe
1312 C:\Users\Mum\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee1af400 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000020`0a223200 (NTFS)

PhysicalDrive0 Model Number: ST9250320AS, Rev: 0303

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.

Done!

HaydenYi 0 Newbie Poster · Answer 22 · 2010-10-31T17:01:51+00:00

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: F5GL
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 169):
0x82840000 \SystemRoot\system32\ntkrnlpa.exe
0x8280D000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x8060F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8068B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80698000 \SystemRoot\system32\drivers\acpi.sys
0x806DE000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E7000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EF000 \SystemRoot\system32\drivers\pci.sys
0x80716000 \SystemRoot\System32\drivers\partmgr.sys
0x80725000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80728000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80732000 \SystemRoot\system32\drivers\volmgr.sys
0x80741000 \SystemRoot\System32\drivers\volmgrx.sys
0x8078B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8079B000 \SystemRoot\system32\drivers\atapi.sys
0x807A3000 \SystemRoot\system32\drivers\ataport.SYS
0x807C1000 \SystemRoot\system32\drivers\msahci.sys
0x807CB000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x805BE000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D9000 \SystemRoot\system32\drivers\fileinfo.sys
0x807E9000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x80600000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82E06000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82E77000 \SystemRoot\system32\drivers\ndis.sys
0x82F82000 \SystemRoot\system32\drivers\msrpc.sys
0x82FAD000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AA0F000 \SystemRoot\System32\drivers\tcpip.sys
0x8AAF9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AC09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AD19000 \SystemRoot\system32\drivers\wd.sys
0x8AD21000 \SystemRoot\system32\drivers\volsnap.sys
0x8AD5A000 \SystemRoot\System32\Drivers\spldr.sys
0x8AD62000 \SystemRoot\System32\Drivers\mup.sys
0x8AD71000 \SystemRoot\System32\drivers\ecache.sys
0x8AD98000 \SystemRoot\system32\drivers\disk.sys
0x8ADA9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ADCA000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ADD3000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8ADD8000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8AB1E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AC00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8AB29000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8AB38000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8AB4B000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x8AB53000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AB5E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8ADF9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8AB8B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8AB96000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8AB9F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8ABA9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8ABE7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E40C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E499000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8E598000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E5B0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E806000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F284000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8F286000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F327000 \SystemRoot\System32\drivers\watchdog.sys
0x8F40D000 \SystemRoot\system32\DRIVERS\athr.sys
0x8F4FD000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F506000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F50A000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0x8F512000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x8F515000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F525000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F52C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F55B000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F59C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F5A7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F5BE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F5C9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F5EC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F333000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F347000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F35C000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
0x8F373000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F383000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x8F3A0000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8F3C6000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0x8F5FB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E5B6000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F400000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F3E0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F805000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F83A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F842000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x8F84A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8FE0A000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x90018000 \SystemRoot\system32\drivers\portcls.sys
0x90045000 \SystemRoot\system32\drivers\drmk.sys
0x9006A000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x90190000 \SystemRoot\system32\drivers\modem.sys
0x9019D000 \SystemRoot\system32\drivers\nvhda32v.sys
0x901BA000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x901C4000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x901D0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x901D9000 \SystemRoot\System32\Drivers\Null.SYS
0x901E0000 \SystemRoot\System32\Drivers\Beep.SYS
0x901F0000 \SystemRoot\System32\drivers\vga.sys
0x8F85B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FE00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x901E7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F87C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F887000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F895000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F89E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F8B4000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F8C8000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8F910000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F942000 \SystemRoot\system32\drivers\afd.sys
0x8F98A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F9A0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F9AE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F9C1000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
0x8F9CA000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
0x9060B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90647000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90651000 \SystemRoot\System32\Drivers\dfsc.sys
0x90668000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x906A4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x906AD000 \SystemRoot\system32\DRIVERS\wacmoumonitor.sys
0x906B5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90C03000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x90DBD000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x90DCA000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x906CC000 \SystemRoot\system32\DRIVERS\udfs.sys
0x90DD1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90DDE000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x90DE9000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x99C40000 \SystemRoot\System32\win32k.sys
0x90DF3000 \SystemRoot\System32\drivers\Dxapi.sys
0x90707000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99E60000 \SystemRoot\System32\TSDDD.dll
0x99E80000 \SystemRoot\System32\cdd.dll
0x90716000 \SystemRoot\system32\drivers\luafv.sys
0x90731000 \SystemRoot\system32\drivers\spsys.sys
0x907E1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81203000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8122D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x81237000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8124A000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
0x81251000 \SystemRoot\system32\drivers\HTTP.sys
0x812BE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x812DB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x812F4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x81309000 \SystemRoot\system32\drivers\mrxdav.sys
0x8132A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x81349000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x81382000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8139A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA1E02000 \SystemRoot\System32\DRIVERS\srv.sys
0xA1E50000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xA1E5B000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0xA1E5E000 \SystemRoot\system32\drivers\peauth.sys
0xA1F3C000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA1F46000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA1F6E000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA1F7A000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xA1F84000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xA1FAC000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x779D0000 \Windows\System32\ntdll.dll

Processes (total 111):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
504 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
760 csrss.exe
816 C:\Windows\System32\wininit.exe
828 csrss.exe
860 C:\Windows\System32\services.exe
872 C:\Windows\System32\lsass.exe
880 C:\Windows\System32\lsm.exe
1032 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\nvvsvc.exe
1108 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\audiodg.exe
1352 C:\Windows\System32\winlogon.exe
1392 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\SLsvc.exe
1444 C:\Windows\System32\svchost.exe
1612 C:\Program Files\WTouch\WTouchService.exe
1696 C:\Windows\System32\nvvsvc.exe
1744 C:\Windows\System32\wisptis.exe
1764 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
1836 C:\Windows\System32\svchost.exe
292 C:\Program Files\ATK Hotkey\AsLdrSrv.exe
328 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
332 C:\Windows\System32\wlanext.exe
488 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
904 C:\Windows\System32\taskeng.exe
2100 C:\Windows\System32\spoolsv.exe
2132 C:\Windows\System32\svchost.exe
2392 C:\Windows\System32\dwm.exe
2428 C:\Windows\System32\taskeng.exe
2440 C:\Windows\explorer.exe
2448 C:\Windows\System32\wisptis.exe
2460 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
2556 C:\Program Files\WTouch\WTouchUser.exe
2592 C:\Windows\System32\taskeng.exe
2712 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
2728 C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
2952 C:\Program Files\ATK Hotkey\HControl.exe
2960 C:\Program Files\ATK Hotkey\MsgTranAgt.exe
2968 C:\Program Files\Wireless Console 2\wcourier.exe
2976 C:\Program Files\ASUS\ATK Media\DMedia.exe
2984 C:\Program Files\ASUS\ATK Media\GPSWatch.exe
2992 C:\Program Files\P4G\BatteryLife.exe
3000 C:\Program Files\ASUS\Splendid\ACMON.exe
3044 ACEngSvr.exe
3100 C:\Program Files\ATK Hotkey\ATKOSD.exe
3132 C:\Program Files\ATK Hotkey\KBFiltr.exe
3140 C:\Program Files\ATK Hotkey\WDC.exe
3188 C:\Windows\System32\agrsmsvc.exe
3200 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
3220 C:\Program Files\AVG\AVG10\avgwdsvc.exe
3240 C:\Program Files\Bonjour\mDNSResponder.exe
3264 C:\Program Files\kdisk.co.kr\Kdisk(fast)\ExpressService.exe
3388 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3464 C:\Windows\System32\svchost.exe
3480 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
3512 C:\Windows\System32\svchost.exe
3556 C:\Windows\System32\Pen_Tablet.exe
3624 C:\Windows\System32\svchost.exe
3648 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3720 C:\Windows\System32\SearchIndexer.exe
3796 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3856 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
4080 C:\Windows\System32\WTablet\Pen_TabletUser.exe
724 C:\Windows\System32\Pen_Tablet.exe
2828 C:\Program Files\AVG\AVG10\avgnsx.exe
1536 C:\Program Files\AVG\AVG10\avgemcx.exe
2936 unsecapp.exe
4332 WmiPrvSE.exe
4496 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
4512 C:\Program Files\ATK Hotkey\HControlUser.exe
4528 C:\Program Files\ATKOSD2\ATKOSD2.exe
4544 C:\Windows\RtHDVCpl.exe
4556 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
4568 C:\Windows\AsScrPro.exe
4640 C:\Program Files\Java\jre6\bin\jusched.exe
4712 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
4752 C:\Program Files\iTunes\iTunesHelper.exe
4764 C:\Program Files\AVG\AVG10\avgtray.exe
4796 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
4820 C:\Windows\ehome\ehtray.exe
4832 C:\Program Files\Windows Media Player\wmpnscfg.exe
4884 C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe
5048 C:\Program Files\Windows Media Player\wmpnetwk.exe
5076 C:\Windows\ehome\ehmsas.exe
5388 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2572 C:\Program Files\iPod\bin\iPodService.exe
4412 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
4296 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
1860 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
4676 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
5652 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
5356 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
2292 C:\Windows\System32\wuauclt.exe
5852 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
1628 C:\Program Files\AVG\AVG10\avgcsrvx.exe
6044 C:\Riot Games\League of Legends\lol.launcher.exe
4476 C:\Windows\System32\wsqmcons.exe
4724 C:\Program Files\Mozilla Firefox\firefox.exe
996 C:\Riot Games\League of Legends\air\LolClient.exe
1600 C:\Windows\System32\conime.exe
5796 C:\Windows\servicing\TrustedInstaller.exe
2488 <unknown>
5412 <unknown>
4280 WmiPrvSE.exe
5124 C:\Users\Mum\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee1af400 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000020`0a223200 (NTFS)

PhysicalDrive0 Model Number: ST9250320AS, Rev: 0303

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Am thinking of restarting and then re-running this

HaydenYi 0 Newbie Poster · Answer 23 · 2010-10-31T17:11:33+00:00

Ah no~ It's not replacing the old file with the new one... The log goes like this again

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: F5GL
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 169):
0x82842000 \SystemRoot\system32\ntkrnlpa.exe
0x8280F000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047A000 \SystemRoot\system32\PSHED.dll
0x8048B000 \SystemRoot\system32\BOOTVID.dll
0x80493000 \SystemRoot\system32\CLFS.SYS
0x804D4000 \SystemRoot\system32\CI.dll
0x80607000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80683000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80690000 \SystemRoot\system32\drivers\acpi.sys
0x806D6000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DF000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E7000 \SystemRoot\system32\drivers\pci.sys
0x8070E000 \SystemRoot\System32\drivers\partmgr.sys
0x8071D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80720000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072A000 \SystemRoot\system32\drivers\volmgr.sys
0x80739000 \SystemRoot\System32\drivers\volmgrx.sys
0x80783000 \SystemRoot\System32\drivers\mountmgr.sys
0x80793000 \SystemRoot\system32\drivers\atapi.sys
0x8079B000 \SystemRoot\system32\drivers\ataport.SYS
0x807B9000 \SystemRoot\system32\drivers\msahci.sys
0x807C3000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x805B4000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D1000 \SystemRoot\system32\drivers\fileinfo.sys
0x807E1000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x807F0000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82E05000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82E76000 \SystemRoot\system32\drivers\ndis.sys
0x82F81000 \SystemRoot\system32\drivers\msrpc.sys
0x82FAC000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AA02000 \SystemRoot\System32\drivers\tcpip.sys
0x8AAEC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AC0E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AD1E000 \SystemRoot\system32\drivers\wd.sys
0x8AD26000 \SystemRoot\system32\drivers\volsnap.sys
0x8AD5F000 \SystemRoot\System32\Drivers\spldr.sys
0x8AD67000 \SystemRoot\System32\Drivers\mup.sys
0x8AD76000 \SystemRoot\System32\drivers\ecache.sys
0x8AD9D000 \SystemRoot\system32\drivers\disk.sys
0x8ADAE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ADCF000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ADD8000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8ADDD000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8AB07000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AB12000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8AB1B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8AB2A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8AB3D000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x8AB45000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AB50000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8AC0A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8AB7D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8AB88000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8AB91000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8AB9B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8ABD9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EA0A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EA97000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8EB96000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EBAE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8F00D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8FA8B000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8FA8D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FB2E000 \SystemRoot\System32\drivers\watchdog.sys
0x8EC0E000 \SystemRoot\system32\DRIVERS\athr.sys
0x8ECFE000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8ED07000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8ED0B000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0x8ED13000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x8ED16000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8ED26000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8ED2D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8ED5C000 \SystemRoot\system32\DRIVERS\storport.sys
0x8ED9D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EDA8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EDBF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EDCA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EDED000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FB3A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8FB4E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8FB63000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
0x8FB7A000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FB8A000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x8FBA7000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8FBCD000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0x8EDFC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EBB4000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EC00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FBE7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FE09000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FE3E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8FE46000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x8FE4E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90608000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x90816000 \SystemRoot\system32\drivers\portcls.sys
0x90843000 \SystemRoot\system32\drivers\drmk.sys
0x90868000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x9098E000 \SystemRoot\system32\drivers\modem.sys
0x9099B000 \SystemRoot\system32\drivers\nvhda32v.sys
0x909B8000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x909C2000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x909CE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x909D7000 \SystemRoot\System32\Drivers\Null.SYS
0x909DE000 \SystemRoot\System32\Drivers\Beep.SYS
0x909EE000 \SystemRoot\System32\drivers\vga.sys
0x8FE5F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90600000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x909E5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FE80000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FE8B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FE99000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FEA2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FEB8000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FECC000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8FF14000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FF46000 \SystemRoot\system32\drivers\afd.sys
0x8FF8E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FFA4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FFB2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FFC5000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
0x8FFCE000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
0x90C0E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90C4A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90C54000 \SystemRoot\System32\Drivers\dfsc.sys
0x90C6B000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x90CA7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90CB0000 \SystemRoot\system32\DRIVERS\wacmoumonitor.sys
0x90CB8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91207000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x913C1000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x913CE000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x90CCF000 \SystemRoot\system32\DRIVERS\udfs.sys
0x913D5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x913E2000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x913ED000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x9A090000 \SystemRoot\System32\win32k.sys
0x90D0A000 \SystemRoot\System32\drivers\Dxapi.sys
0x90D14000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A2B0000 \SystemRoot\System32\TSDDD.dll
0x9A2D0000 \SystemRoot\System32\cdd.dll
0x90D23000 \SystemRoot\system32\drivers\luafv.sys
0x90D3E000 \SystemRoot\system32\drivers\spsys.sys
0x90DEE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x82205000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8222F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x82239000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8224C000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
0x82253000 \SystemRoot\system32\drivers\HTTP.sys
0x822C0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x822DD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x822F6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8230B000 \SystemRoot\system32\drivers\mrxdav.sys
0x8232C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8234B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x82384000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8239C000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA2A0B000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2A59000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xA2A64000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0xA2A67000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA2A8F000 \SystemRoot\system32\drivers\peauth.sys
0xA2B6D000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA2B77000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2B83000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xA2B8D000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xA2BB5000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77210000 \Windows\System32\ntdll.dll

Processes (total 105):
0 System Idle Process
4 System
536 C:\Windows\System32\smss.exe
568 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
624 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
760 csrss.exe
816 C:\Windows\System32\wininit.exe
828 csrss.exe
860 C:\Windows\System32\services.exe
876 C:\Windows\System32\lsass.exe
884 C:\Windows\System32\lsm.exe
1032 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\nvvsvc.exe
1120 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\audiodg.exe
1364 C:\Windows\System32\svchost.exe
1380 C:\Windows\System32\SLsvc.exe
1388 C:\Windows\System32\winlogon.exe
1440 C:\Windows\System32\svchost.exe
1616 C:\Program Files\WTouch\WTouchService.exe
1692 C:\Windows\System32\nvvsvc.exe
1716 C:\Windows\System32\wisptis.exe
1724 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
1848 C:\Windows\System32\svchost.exe
1920 C:\Program Files\ASUS\SmartLogon\smartlogon.exe
396 C:\Program Files\ATK Hotkey\AsLdrSrv.exe
544 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
620 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
12 C:\Windows\System32\wlanext.exe
972 C:\Windows\System32\taskeng.exe
1420 C:\Windows\System32\lpksetup.exe
2120 C:\Windows\System32\dwm.exe
2128 C:\Windows\System32\taskeng.exe
2136 C:\Windows\System32\wisptis.exe
2144 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
2252 C:\Program Files\WTouch\WTouchUser.exe
2332 C:\Windows\System32\taskeng.exe
2400 C:\Windows\System32\spoolsv.exe
2452 C:\Windows\explorer.exe
2464 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
2476 C:\Windows\System32\svchost.exe
2596 C:\Program Files\ATK Hotkey\HControl.exe
2604 C:\Program Files\ATK Hotkey\MsgTranAgt.exe
2616 C:\Program Files\Wireless Console 2\wcourier.exe
2656 C:\Program Files\ASUS\ATK Media\DMedia.exe
2664 C:\Program Files\ASUS\ATK Media\GPSWatch.exe
2672 C:\Program Files\P4G\BatteryLife.exe
2680 C:\Program Files\ASUS\Splendid\ACMON.exe
2704 C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
2736 ACEngSvr.exe
3052 C:\Program Files\ATK Hotkey\ATKOSD.exe
3104 C:\Program Files\ATK Hotkey\KBFiltr.exe
3112 C:\Program Files\ATK Hotkey\WDC.exe
3252 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
3276 C:\Program Files\ATK Hotkey\HControlUser.exe
3284 C:\Program Files\ATKOSD2\ATKOSD2.exe
3292 C:\Windows\RtHDVCpl.exe
3300 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
3312 C:\Windows\AsScrPro.exe
3336 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
3392 C:\Windows\System32\agrsmsvc.exe
3424 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
3444 C:\Program Files\AVG\AVG10\avgwdsvc.exe
3464 C:\Program Files\Bonjour\mDNSResponder.exe
3488 C:\Program Files\kdisk.co.kr\Kdisk(fast)\ExpressService.exe
3624 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3680 C:\Windows\System32\svchost.exe
3712 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
3772 C:\Windows\System32\svchost.exe
3832 C:\Windows\System32\Pen_Tablet.exe
3912 C:\Windows\System32\svchost.exe
3940 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3980 C:\Windows\System32\SearchIndexer.exe
4064 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
1708 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3004 C:\Windows\System32\WTablet\Pen_TabletUser.exe
3136 C:\Windows\System32\Pen_Tablet.exe
2924 C:\Program Files\Java\jre6\bin\jusched.exe
1504 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2540 C:\Program Files\iTunes\iTunesHelper.exe
3212 C:\Program Files\AVG\AVG10\avgtray.exe
4100 C:\Program Files\AVG\AVG10\avgnsx.exe
4116 C:\Program Files\AVG\AVG10\avgemcx.exe
4320 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
4444 C:\Windows\ehome\ehtray.exe
4456 C:\Program Files\Windows Media Player\wmpnscfg.exe
4464 C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe
4580 C:\Windows\ehome\ehmsas.exe
4896 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
5052 C:\Windows\servicing\TrustedInstaller.exe
5124 unsecapp.exe
5132 C:\Program Files\iPod\bin\iPodService.exe
5244 WmiPrvSE.exe
5284 C:\Program Files\Windows Media Player\wmpnetwk.exe
5436 WmiPrvSE.exe
6052 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
6100 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
4304 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
3164 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
4564 C:\Users\Mum\Desktop\MBRCheck.exe
4852 C:\Windows\System32\conime.exe
5900 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee1af400 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000020`0a223200 (NTFS)

PhysicalDrive0 Model Number: ST9250320AS, Rev: 0303

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 24 · 2010-10-31T17:15:18+00:00

Going to have to do it another way.

Download site listed below seems to be down, so use this link: HERE

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.
Double click on NTBR_CD.exe file and a folder of the same name will appear.
Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.
Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
Read the warning and then continue as prompted.
You first need to select your keyboard layout - press Enter for English.
Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
On the following screen enter 5 to select Install Standard MBR code.
Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
When asked to confirm please do so.
Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

Virus stopping my Google Chrome from connecting

Recommended Answers Collapse Answers

All 32 Replies

Recommended Answers