Application cannot be executed. The file *** is infected

[carltonsos]

Hi,

I'm looking some assistance has I have a trogan/rogue which has affected my system.
It keeps flashing me virus alert and whenever i try to run any program it says "Application cannot be executed. The file  **** is infected......."

I have started a new topic to receive some assistance from SuperDave, as seen in the post below.

http://www.computerhope.com/forum/index.php?topic=95177.0

[Sneakyone]

Hi, Welcome to Computerhope!

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

• Save it to your Desktop.
• Double click the RKill desktop icon.
• It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
• Please post its log in your next reply.
• After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

========

Please download OTL  to your Desktop. (If you already have it downloaded, then just follow the instructions below).

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

[carltonsos]

This is the result of the OTL notepad


OTL logfile created on: 21/07/2010 2:30:54 PM - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\scaturchio\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 31.70 Gb Free Space | 27.22% Space Free | Partition Type: NTFS
Drive D: | 108.63 Gb Total Space | 84.70 Gb Free Space | 77.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 954.12 Mb Total Space | 542.42 Mb Free Space | 56.85% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SCATURCHIO-PC
Current User Name: scaturchio
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010/07/18 20:24:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\scaturchio\Desktop\OTL.exe
PRC - [2009/12/15 23:56:43 | 000,020,360 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2009/12/15 10:09:10 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/12/10 19:16:10 | 002,748,416 | ---- | M] (Mikogo) -- C:\Users\scaturchio\AppData\Roaming\Mikogo\Mikogo-Host.exe
PRC - [2009/08/20 09:37:40 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/20 09:37:32 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/20 09:37:18 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/03 10:40:40 | 002,328,576 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2009/07/03 10:40:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009/03/27 14:54:06 | 000,165,160 | ---- | M] (Seagate Technology LLC) -- C:\Users\scaturchio\Documents\General homework\Sync\FreeAgentService.exe
PRC - [2009/03/27 14:53:28 | 000,181,544 | ---- | M] (Seagate LLC) -- C:\Users\scaturchio\Documents\General homework\FreeAgent Status\stxmenumgr.exe
PRC - [2008/10/29 16:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/19 16:40:35 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2007/12/27 07:38:32 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2007/12/01 04:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/11/14 03:17:14 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007/10/17 09:24:32 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007/10/03 14:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe
PRC - [2007/09/27 04:24:12 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
PRC - [2007/09/03 20:39:21 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/09/01 10:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007/08/16 04:38:30 | 000,147,456 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007/08/16 04:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/09 04:03:42 | 002,441,216 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007/08/08 17:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/04 05:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007/08/03 13:52:40 | 000,778,240 | ---- | M] () -- C:\Program Files\P4P\P4P.exe
PRC - [2007/07/06 09:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007/02/23 00:32:29 | 000,140,832 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\IfxPsdSv.exe
PRC - [2007/02/07 03:29:59 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
PRC - [2006/11/03 01:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006/11/02 22:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2005/07/07 08:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/07/18 20:24:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\scaturchio\Desktop\OTL.exe
MOD - [2009/08/20 09:37:40 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/04/19 14:27:35 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
MOD - [2006/11/02 19:46:14 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
MOD - [2006/11/02 19:46:05 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
MOD - [2006/11/02 19:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 19:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
MOD - [2006/07/12 18:54:59 | 000,056,832 | R--- | M] (Cognizance Corporation) -- C:\Windows\System32\APSHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2009/12/15 23:56:43 | 000,020,360 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2009/10/26 19:10:12 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Users\scaturchio\Downloads\B-Service.exe -- (B-Service)
SRV - [2009/08/20 09:37:18 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/03 10:40:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009/03/27 14:54:06 | 000,165,160 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Users\scaturchio\Documents\General homework\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/10/14 09:42:54 | 002,164,088 | ---- | M] (RealVNC Ltd.) [On_Demand | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2008/04/19 14:17:52 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/26 08:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/19 04:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/10/03 14:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007/08/08 17:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/04 05:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007/02/23 00:32:29 | 000,140,832 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Windows\System32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2007/02/07 03:29:59 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006/06/21 20:13:59 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/08/20 09:37:40 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/20 09:37:40 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/29 16:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/06/29 16:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009/05/03 12:59:52 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/04/09 12:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/12/09 19:55:41 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/10/14 00:03:46 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2007/12/06 20:12:47 | 000,196,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/12/05 20:17:59 | 008,241,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/31 21:55:59 | 000,046,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2007/10/01 16:59:45 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/09/30 01:03:11 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/09/27 08:03:42 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby)
DRV - [2007/09/05 19:36:25 | 001,953,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/28 13:53:47 | 001,019,136 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007/08/08 22:42:07 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/08/03 14:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007/07/30 13:54:01 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 12:42:57 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/25 04:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007/06/21 06:51:27 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/06/17 14:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/01/24 20:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007/01/23 22:07:29 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2006/12/14 17:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/02 19:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 19:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 19:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 19:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 19:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 19:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 19:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 19:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 19:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 19:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 19:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 19:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 19:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 19:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006/11/02 19:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 19:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 19:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 19:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 19:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 19:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 19:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 19:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 19:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 19:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 19:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 19:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 19:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 19:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 19:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 19:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 19:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 19:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 19:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 19:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 18:58:52 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2006/11/02 18:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 18:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 18:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 18:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 18:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 18:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 17:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 17:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 17:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/11/02 17:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/19 12:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/05/17 03:13:59 | 000,023,232 | R--- | M] (Cognizance Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\itsdisk.sys -- (ItSDisk)
DRV - [2005/05/04 01:34:02 | 000,027,392 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005/04/21 21:40:36 | 000,010,624 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P_.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: *{7c5c0f58-e061-457d-9033-77307f5ed00c} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{bc4be15d-6a34-4356-9e97-79e43da32b1d} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginen ame: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www14.yoog.com/search.php?q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..keyword.URL: "http://www14.yoog.com/search.php?q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4
 
FF - user.js..browser.search.defaultenginena me: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www14.yoog.com/search.php?q="
FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www14.yoog.com/search.php?q="
FF - user.js..keyword.enabled: true
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/26 19:56:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010/01/04 09:34:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/31 13:43:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 13:43:25 | 000,000,000 | ---D | M]
 
[2008/08/21 11:00:13 | 000,000,000 | ---D | M] -- C:\Users\scaturchio\AppData\Roaming\Mozilla\Extensions
[2010/07/13 23:25:30 | 000,000,000 | ---D | M] -- C:\Users\scaturchio\AppData\Roaming\Mozilla\Firefox\Profiles\h90jr4dm.default\extensions
[2009/09/02 19:39:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\scaturchio\AppData\Roaming\Mozilla\Firefox\Profiles\h90jr4dm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/16 18:08:07 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\scaturchio\AppData\Roaming\Mozilla\Firefox\Profiles\h90jr4dm.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/04/25 10:09:53 | 000,000,682 | ---- | M] () -- C:\Users\scaturchio\AppData\Roaming\Mozilla\Firefox\Profiles\h90jr4dm.default\searchplugins\ask.xml
[2010/07/14 09:22:36 | 000,000,247 | ---- | M] () -- C:\Users\scaturchio\AppData\Roaming\Mozilla\Firefox\Profiles\h90jr4dm.default\searchplugins\Yoog Search.xml
[2008/08/21 10:59:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/05 01:19:34 | 000,623,616 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\components\9b21fc47-3d6f-5167-2aa3-b63963bd2216.dll
[2008/09/04 10:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/04/01 19:08:46 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/04/01 19:08:46 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/04/01 19:08:46 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/04/01 19:08:46 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
 
O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (C:\Windows\system32\jsdf8j3dgf.dll) - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\System32\jsdf8j3dgf.dll File not found
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (ECO Bar) - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (P2P Torrent Toolbar) - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (P2P Torrent Toolbar) - {BC4BE15D-6A34-4356-9E97-79E43DA32B1D} - C:\Program Files\P2P_Torrent\tbP2P_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (TorrentMan Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files\TorrentMan\tbTorr.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (P2P Torrent Toolbar) - {BC4BE15D-6A34-4356-9E97-79E43DA32B1D} - C:\Program Files\P2P_Torrent\tbP2P_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Users\scaturchio\Documents\General homework\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\P4P\P4P.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ijgmeuex] C:\Users\scaturchio\AppData\Local\emwcfptyx\gexhjqrtssd.exe ()
O4 - HKCU..\Run: [JDK5SWFMZY] C:\Users\scaturchio\AppData\Local\Temp\Clh.exe (Electronic Arts)
O4 - HKCU..\Run: [Mikogo] C:\Users\scaturchio\AppData\Roaming\Mikogo\Mikogo-Host.exe (Mikogo)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.)
O9 - Extra 'Tools' menuitem : ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: iress.com.au ([xplan] https in Trusted sites)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-au.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1217808275949&h=0073d465d7fb3cd6b9db6c431751fb43/&filename=jinstall-6u7-windows-i586-jc.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.162.61,93.188.161.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.61,93.188.161.201
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {C5BF49A2-94F3-42BD-F434-3604812C897D} - mcb7uehuj3n8weuhejsw - C:\Windows\System32\jsdf8j3dgf.dll File not found
O24 - Desktop WallPaper: C:\Users\scaturchio\Desktop\Franca's photo\IMG_2184.JPG
O24 - Desktop BackupWallPaper: C:\Users\scaturchio\Desktop\Franca's photo\IMG_2184.JPG
O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\Windows\System32\yaywtUmM.dll File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{382e4c40-6978-11df-a602-8ea863392e96}\Shell - "" = AutoRun
O33 - MountPoints2\{382e4c40-6978-11df-a602-8ea863392e96}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{705a717b-e8cc-11de-ab04-bbe119049866}\Shell - "" = AutoRun
O33 - MountPoints2\{705a717b-e8cc-11de-ab04-bbe119049866}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{80fbb08f-79ba-11de-9c7f-001fc675c2ed}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{880c97ff-df06-11de-a4d3-001fc675c2ed}\Shell - "" = AutoRun
O33 - MountPoints2\{880c97ff-df06-11de-a4d3-001fc675c2ed}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{880c980c-df06-11de-a4d3-001fc675c2ed}\Shell - "" = AutoRun
O33 - MountPoints2\{880c980c-df06-11de-a4d3-001fc675c2ed}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{cff9a9f6-aed6-11de-85ba-001fc675c2ed}\Shell - "" = AutoRun
O33 - MountPoints2\{cff9a9f6-aed6-11de-85ba-001fc675c2ed}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f4a28d43-b8b1-11de-b86b-001fc675c2ed}\Shell - "" = AutoRun
O33 - MountPoints2\{f4a28d43-b8b1-11de-b86b-001fc675c2ed}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f6d87531-1e6e-11df-9fff-001e101fbb72}\Shell - "" = AutoRun
O33 - MountPoints2\{f6d87531-1e6e-11df-9fff-001e101fbb72}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: ATKOSD2 - hkey= - key= - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: CloneCDTray - hkey= - key= - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
MsConfig - StartUpReg: Easy-PrintToolBox - hkey= - key= - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: IFXSPMGT - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Jnskdfmf9eldfd - hkey= - key= - C:\Users\SCATUR~1\AppData\Local\Temp\csrssc.exe File not found
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: MSServer - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SMSERIAL - hkey= - key= - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: xsjfn83jkemfofght - hkey= - key= - C:\Users\scaturchio\AppData\Local\Temp\winlogin.exe File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: atashost - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/07/21 14:24:16 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\scaturchio\Desktop\OTL.exe
[2010/07/18 11:07:33 | 009,070,816 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\scaturchio\Desktop\SUPERAntiSpyware.exe
[2010/07/18 11:07:29 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\scaturchio\Desktop\mbam-setup-1.46.exe
[2010/07/18 11:07:28 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\scaturchio\Desktop\HJTInstall.exe
[2010/07/18 11:07:21 | 000,000,000 | ---D | C] -- C:\Users\scaturchio\Desktop\fixes
[2010/07/18 10:30:08 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Users\scaturchio\Desktop\spybotsd162.exe
[2010/07/14 00:45:37 | 000,000,000 | ---D | C] -- C:\Users\scaturchio\AppData\Local\emwcfptyx
[2010/07/14 00:12:18 | 000,215,040 | ---- | C] (Electronic Arts, Inc.) -- C:\Windows\Cfikib.exe
[2010/07/14 00:09:47 | 000,215,040 | ---- | C] (Electronic Arts, Inc.) -- C:\Windows\Cfikia.exe
[2010/07/10 18:28:55 | 000,000,000 | ---D | C] -- C:\Users\scaturchio\Desktop\100___06
[2007/01/24 20:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[1 C:\Users\scaturchio\Documents\*.tmp files -> C:\Users\scaturchio\Documents\*.tmp -> ]
[1 C:\Users\scaturchio\Desktop\*.tmp files -> C:\Users\scaturchio\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/07/21 14:30:59 | 004,456,448 | -HS- | M] () -- C:\Users\scaturchio\NTUSER.DAT
[2010/07/21 14:24:13 | 000,028,314 | ---- | M] () -- C:\Users\scaturchio\AppData\Roaming\nvModes.001
[2010/07/21 14:20:49 | 000,000,254 | -H-- | M] () -- C:\Windows\tasks\c40cf2c9.job
[2010/07/21 14:20:47 | 000,000,302 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/21 14:20:33 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/07/21 14:20:28 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010/07/21 14:20:04 | 000,005,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/21 14:20:03 | 000,005,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/21 14:20:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/21 14:19:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/21 14:19:27 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/21 14:18:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/07/21 14:18:04 | 003,563,426 | -H-- | M] () -- C:\Users\scaturchio\AppData\Local\IconCache.db
[2010/07/21 14:05:14 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{623A13E4-4A5F-4371-ADF4-34696DB6B6E8}.job
[2010/07/21 14:03:08 | 000,410,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/19 17:50:59 | 000,720,952 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/19 17:50:59 | 000,626,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/19 17:50:59 | 000,109,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/19 17:48:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/07/19 17:48:01 | 000,012,800 | ---- | M] () -- C:\Users\scaturchio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/18 20:24:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\scaturchio\Desktop\OTL.exe
[2010/07/18 11:16:24 | 000,002,687 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
[2010/07/18 10:52:24 | 009,070,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\scaturchio\Desktop\SUPERAntiSpyware.exe
[2010/07/18 10:50:08 | 003,738,205 | ---- | M] () -- C:\Users\scaturchio\Desktop\ComboFix.exe
[2010/07/18 10:49:02 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\scaturchio\Desktop\HJTInstall.exe
[2010/07/18 10:47:50 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\scaturchio\Desktop\mbam-setup-1.46.exe
[2010/07/18 10:46:16 | 000,294,400 | ---- | M] () -- C:\Users\scaturchio\Desktop\exeHelper.com
[2010/07/18 10:24:56 | 045,807,616 | ---- | M] () -- C:\Users\scaturchio\Desktop\eav_nt32_enu.msi
[2010/07/18 10:07:44 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Users\scaturchio\Desktop\spybotsd162.exe
[2010/07/14 09:25:12 | 315,935,972 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/14 00:12:10 | 000,215,040 | ---- | M] (Electronic Arts, Inc.) -- C:\Windows\Cfikib.exe
[2010/07/14 00:09:33 | 000,215,040 | ---- | M] (Electronic Arts, Inc.) -- C:\Windows\Cfikia.exe
[2010/07/12 11:54:40 | 000,022,558 | ---- | M] () -- C:\Windows\WinSig.ini
[2010/07/12 11:54:38 | 000,002,940 | ---- | M] () -- C:\Windows\WinRos.ini
[2010/07/10 21:32:18 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/07/05 19:47:45 | 000,300,439 | ---- | M] () -- C:\Users\scaturchio\Desktop\73AC8CD2d01.pdf
[1 C:\Users\scaturchio\Documents\*.tmp files -> C:\Users\scaturchio\Documents\*.tmp -> ]
[1 C:\Users\scaturchio\Desktop\*.tmp files -> C:\Users\scaturchio\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/07/18 11:07:41 | 000,294,400 | ---- | C] () -- C:\Users\scaturchio\Desktop\exeHelper.com
[2010/07/18 11:07:39 | 003,738,205 | ---- | C] () -- C:\Users\scaturchio\Desktop\ComboFix.exe
[2010/07/18 10:29:41 | 045,807,616 | ---- | C] () -- C:\Users\scaturchio\Desktop\eav_nt32_enu.msi
[2010/07/14 00:09:46 | 000,000,302 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/14 00:09:35 | 000,000,254 | -H-- | C] () -- C:\Windows\tasks\c40cf2c9.job
[2010/07/05 19:47:45 | 000,300,439 | ---- | C] () -- C:\Users\scaturchio\Desktop\73AC8CD2d01.pdf
[2010/04/05 21:16:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/16 00:57:45 | 000,002,940 | ---- | C] () -- C:\Windows\WinRos.ini
[2009/12/16 00:57:38 | 000,022,558 | ---- | C] () -- C:\Windows\WinSig.ini
[2009/05/19 20:09:51 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2008/12/09 19:55:41 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/09/12 10:33:15 | 000,000,024 | ---- | C] () -- C:\Windows\System32\winssq32.dll
[2008/07/12 04:01:23 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS78.DLL
[2008/04/19 16:40:41 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007/10/01 16:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/06/22 05:47:42 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007/05/09 17:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 11:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/04/03 09:29:59 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[2004/12/03 10:00:00 | 000,045,568 | ---- | C] () -- C:\Windows\System32\ernel32.dll
[1998/05/06 14:09:59 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll
 
========== Custom Scans ==========
 
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2006/11/02 19:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/04/19 14:22:55 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\system32\*.exe /lockedfiles >
[2006/11/02 22:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\wpcumi.exe
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/12/09 19:55:41 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2006/11/02 20:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 20:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 20:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 20:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 20:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.sys >
[2006/11/02 17:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2008/07/04 17:03:01 | 000,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 17:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 17:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 17:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 17:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 17:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 17:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 17:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 17:09:40 | 000,029,

[Sneakyone]

Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
• When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

[carltonsos]

 Hi

I am struggling here with the last step

When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

I tried to use combofix.txt but nothing came up when i selected to run the log with that program.

thank you

This is the log from notepad:

MZ�       ÿÿ  ¸       @                                   ø   º ´   Í!¸
LÍ!This program cannot be run in DOS mode. $       Au;nU=U=U=Æ
= U=ÿ7=
U=ß7I=U=ÿ7L= U=Æ=U=T=óU="Ò'=U="Ò)=U="Ò-=U=RichU=                        PE  L
 2UìI        à 


  p      °  ð*
  À   0
   @                      @
                                      °4
   0
°                                                                                                          UPX0     °                        €  àUPX1     p   À   n                 @  à.rsrc       0
     r              @  À                                                                                                                                                                                                                                                                                                                                                                                   3.03 UPX!
      �9#âT$

êj   ì  &
ÝßþÿU‹ì‹E �ì   -
SVW„âH·Ù^nè ƒè'¢-Èÿ·òvtXH…'5·ÈÁèPQÿ³íÜÿuÿ¸Á@ hìE
‹ð¨÷í»m;ð+ûJj¸wÄPPh`·7cnhx383À@é"^Ú?G`O«gÿ5dða›­ÙœP¼ëµ.Û³µ³,9P-}
Pfäf.PÀ
À Dî3Ûj)À|fƒ}|“íu%f…À;AO¤ûØ‘Ír`LÀ1 }f�+ÏöÍvè'3Ûf;Ã20O÷¿ýYj$h¼Ã%�…üýÿÿ¾€Ä
½P]n¿ûó¥‹=°KSÿ׃ø/Þ h[÷ËÍ4*½þSPˆ�¼ è©íº÷þ>ƒÄ hð ä´x�µÛÎýƒº‹Æh@Åý ¨ô$ô³­Ù™ü8RSP»ÛÍt7¸Ïuu˜hL0hT»Ýû±Å€ëd‹]§ ¬”‹5Ø »‡´sØhêIÖçF¯¿VW
Ytn÷BŽ�EÄjD `Hï„[;Kˆ_V£" âïÿ
w  YÞ_^[ÉÂ VÇlÅdÿwÿÃ ðô…ö~$‹

9Át @;Æ|ö^ŽögÿÃÁàƒ$ ƒd ¡Ûµß
”W‹øteU4sûö~u ÿvš…ÃðëKSÿ¿n6¡”Ȩ؅Û~&�S‹ÇÅ–½w(õCS@N»ÿ=ž?
h¡@[_]¢ "-¸ {ä ,Vcm÷߃}u   W‰_(°¦Ëö¿Ýþû…É~¡±�P9¥Fƒ?;ñ|ô3íÝã·Ét‹
Wqpë ‹17Z3Âëê]ÂßóAæ0ÞðQh6t$ Pטis®ðH÷ØY#Š�éö§_ŽNt'-ŠHt÷çKîë$]< ‹PÿR ërö÷m÷l

xP]Ì¿wÿpfIV‹ñu'   
t   up[k»!˜jv¾ŽE„îæøqFòëã0utîmË‹În^IA/
0Ì1î·FÙž°ìX#ðäüu/­àcOÈ$Å
˜ã   ›ÄPW½Š® fYzÒÌW‚/uü¥SU9^tyjg¬‰]¨ö�íH‹FEä�U¨R¬ö¿­ãQ0ÜUM°2YS‰Eü…æ�7¶]¤}ô«(ô‹FÍ}Ûm‹)‹h�MøQ,snÛnˆuü¡V½ 
�7¶Ï
IDa   ^É»GÆ ÐHW3ÿÓu~K¾eÒÛÄÅë1rùlïÂu,9~»'¼W}¸çnÍrvW†¸Q{»?¸ÆÆUÀ—j9¸¤6n�í� †¬V8ø[9uøJÍÜØàÏÃ'pkŽ�Ú�ÏýàR™ÙÚ®ƒÕ 9ÅÂÛÂí~ÿYè°¹Wæþòëhü   FäõVPf‰µà�öï›{Eà‹HR�•Rh€ E¿[ʉ-~‚,7^ÉÞhÃ:“lÇ…\ûú¶íPÃ)äü†—¦�Ao
Ûì|xð«TìR«·uos¯ISJæJÏìDü·ñv ‹Äþv<iµXköY�´·Ûï
Y   jO�F
PPìÌÁ[ûo?ä
}_Ff‹‰~·ÿ¶,b‹ ôt¥4t®tºX3 ÿ¶—~+ûüƒÃ;)‚o+ÿÿ¥ÿÛO�3‹ÁkÀYƒÀ/Ò;Îv��fÀÿÙv

½BƒÁY;×rïcÈFÌ2×™è�X‹µ›ïvaÜZßlæH)âáì™»

v
DO®Ü­—)ƒC;Xr¨-;fl6;À_[r   ˆ,h¤ *œ¡Y6\9ƒÿÙ}ü
V   rB¢zÓÚxÓv¥×j gʵY[ZʽÃ\ÄÌ7�z€ ƒµ
dkˆD%P8| VÍmçBàÁu‹)
`Çû‘Ðt{f9µ3/voÛ­Û˜~
SF^þYûe›ÙZár
Íï+ØØÚÜ·Äÿ6z ;¼ãÆWI¯ÖM<D#oté~§æ©WD4ÃW?Üöv×Ù›ÿýÆY9r™[žàÌÔ55^_4Á­
Ÿ|C›hé`�¿Í°~ Áž…X{¥I÷Ï j,''ƒ1W*P4ÂëJ»6Î^†1§ž Â\¶Ý`ƒ&f„¥R·íB   e:!ÆãöÝÝÁWjüh°ÅŽÐhÈ73¿mlÍЉo_,9d^•ÀÃÝslOf ÕB{6QTh”=ÙžÎ}#ît9h 1Ð>Ö}%îPt%Ù++KR´[îÍ ƒeü�PüQ€-ëpýˆ £S€9š‡^Wä4?þísÂ|t;÷t^h@öýXÜ,W½ôý~­•x³™ÜV• ˜†W›à BñVèúQWÃÏ÷ßÃ�¶�G å«}lÿ‰XÖLɉ‰H²,˲ ’.Ë (,Ãn
Gï.Ûçé
b­9>t%6ÊIx_ÃhÜ;ÇŽ€#|(dPhè)×Nv
ßhø"6)
Æii 8iiPlii€˜ ·Vi´$™(Gð„3pâñÆ
œÙ~‹Íéï;ÔQ‰Môø.´qaüœðQ»,EðÌàvR(ëÑ™3‰¶ô±O   ,A–˜¬ž¥f4¡E(´¦+¨ð8B0k¢ŒPZ›¤W(^ ‚Á¼±{•P{ã…¶ƒ~Žt�¡©™c÷V nUÙeoöV ´9¶^`/\‹»yÁ^Öû™°#ÿàÚ´Ud#‰ Y>õw¬™ÀþÖ¾ÐÆ* þísgEÇ.~   bNO-4C§ÿõ²4ä^ûös)¤©\\YYuB5…öt¥0Ph'°?°Ç#thÇ4Ç G2 4@Ø�\Ld#ptf( ŒPtÂÓΊ
} „ ÁÀí•àÙøÜ5q*5ãÕÒµc±Ð9zƒÈÿPM´Áb¤t#èôÃYGítç‹¡ø:v&Á)-iú´Ã­ÚÍÁv #w0ÇÛ�#ß6ÜVC”L;rîöÿçƒËÿë‹ó�L÷* ¥ ¥Œÿs?)nY‹Ã[뉒KŽ2f8�°'<fM
øþ^ÖÅkQÀíü 2“�» Zu@™°ì¡$°ð ]ÆI‡æ›>—SB&Òeˆ5òÏLÒðaÈ!WðtÈÒi -ðGºU
JuüV(ÄÚd‹ØƒŠ’„   “d"PXËÈsí�¹$ðToP1ض'ubSò¨„TÄ4sÛš@W2Р  ðÁ>Ù.Ñ,À¼ÆPV<$ÎÖ�ÜØì�&ñI<t‹Sj(8h$L[~‡¾pXMQ��Ì÷=ív o�ùƒö» w<¶.ÜóVh„Çð3¨>•øš�V±¾¨PSÛ`Ùsv%zP)YuçcÂs
�âŒx
ÉÞ_7h�QšnÛ¶ÃvPí
h¿€È™Ùº+, óõ2@¶‚ü̬±sYŒ 7ÞŒÔSsP~€|Ý\tv‚S‰
2Švx<b…ŸC`gK±.IØ1+øÃøøþ¦Y?ø!‹÷+ß�º;j0cËz`PF;&ÞéR�~ãyÅ`¿‰ØëëöVï@DóY|�sãæ+¼ÿå;JÆ>‡—Ú7pÇ^ß0;Ö|Fo€L$º]ÚÑ
;щ¯ Q®u/GÀ…ö ~kA˜tX©V.CS~4»B [AL\Ìø¿   Ý
ÊöÙÉ#ÁÃýÒÓA3¢[ø)Îí¿#×W«‹ûŠ€ù
t   Ã
oÿ
t„ÉuN;}?‹¥+ð¹×´-Tê;ñV¤P³Ã0Óûy6
ïÆ„5 ÊUjÿX
¼£ðÇ€?*GlðÊÑëœÜºñÇ’„kì~冼v�MŒˆé’
˲5ËøR�hÄà #n
·ZÁ‚€úÃ/u–úRA
AŠ„ÒpÃYVƒ£±c%j\ °&XдtˆLÆðÆ$ÁI°!°um2Ù©uÍ]<·Ä
»?ƒ=ó@×¾u:t™�~”  ü[Ãí­[ñÕƒx\”Á›„Üf”xÀlàr3ìsŽ   <¶YìÀøè²
¸P_æ
Kê´#3Y“#Ô ]t‡˜5Xñê8;áfÓ?ƒH¶Ïú�Dnµ¸â YVÀo1vN«ƒt8‹ûÍÎÖM õ¸ w7oŠcÄ׬eè'ÔšÑÎt
°gë>ñjúÖ@j$)4¾^:RÆj3Öj
™Ö{5Ëás¡áÐ5r<5OM3£¿ð/D+Á+Mì�DŽ™+‹Uü5ël¿…\+Æ+uð f{ÁÑÿÑøFVAQ= ÒëHthÐMs˜Röºh¼Xスõ¯ˆÔákñÆD5w
¤E/ú—�ë
¾¨Št
YÜÔô@BŠ
!ïæÃjÊþÆ›§
†Ã€80$€x
xu
kü6´P®X¤Y‰Ö#žm4SFA:¶Õ[…ÛFFk
2G-QkŒð   !˜‰›p\zoÿ†õkg+}ZãR}ìÄ
 M¼ÝþOZÁ…ÛŠ ˆM¼P´ÌhÔK®=XB¨îŠŒË ÝoýMqrˆ ëe ¶Á(à�Ø—ÌhÜñPkÿ-iL(K]P¬ð
ÔÞ€VßCH9d­À_¢aóuf�GÃynHüÿðs‹Ö+ÐR� 8j Q(dp�èn]7 a ù‰)Ú3Š˜öE
âеY
˜ihæ, ä Íma
ÿo¶}6Xà‚ÃUD ´Èð"¤@äG‡@Qy9ÚN,¹
Û=®"}$�1`™×a0, Y8    �‡ÁôÀV|¼†tucP Úÿÿ�9‰ûãÛ·þ~:Š< pFë'ˆIŠD
Œ»p[ýU×ÆEþ2¾aa†žøˆ9GF:&Ûöô|Ê…l
ÄøK Ü.˜‰8ê
f6³M*�äèl9Œ"žjXì{!Í‘ ð@'#kŽdôüI3$›È (GÒ   Tà t<b±À¤cr-sñ5/ýFð€>[€~UE�X
ÿJm´ÆNF[Ät×5úÆð-1jF.{þ(ªM_W+È‘Þ/Pëp9‚Ã4½ÐäÁ¾ñ²@Ü
Æó÷Ö#Æ3�™,è%ÁÖŠq^]W5
oØj(ÚÓ„Ê—c€}ÿ<ÜÜ@
Fë
i+Ý<é®þ+ù¸þ:ô
MøøÏ~WË£ Û©M/In6
ØÑ¢µ– ‰cMÏ°

Lá‰øÆ 8À‰2�µÖ¶Úøªïÿº…†vé­¤d;€<Eu $X*í¶Û@Æ ‚7€t&¸G¾á¾’ƒN
+[nk£#ôƒô¤kmlð·+1,K´Z»&jñ€¬™~‹_½3…É|îmé¸|
h�Q
H‰Öðß»7ešðN~D3Ò>‹´¶›ƒ
– ½N÷°­ï\ž‰~&V|Pý¥Ö½ÚÝlL+x±ííÈ€9,HÆy�B�·Û~
G׉;@ñgì ì(øj
�Á4Ñ®£k|SŒÀ¥J[ß;ßtm9ôVuyB¬WðÈ ê £†Ô÷W}¬ƒÁŠC
ÌYÂçb8)aS@þ¦
2V
eV3À   ô¥Ç²]u‡¾†fÄ^&³_¡løŒp”�οítJñ3ÚÀUU�X
SŸÏˆ�3*£SUÜŒHB™¸°íÛ¤n˜÷Þö_gëÒÇãÆ…,,^AÌVâaÔO‰Qü:fnÁ¥Ü    °夠  ”EÔv€ �ÁOÅaq'ÛúÐ ­]Š@ßâ´ÂzŒ- �w�¢vI
‘mn Å–!
Qˆ4b…hAõ4Œÿ'¤5�‹^�T
ƒúƒÛö£ÿ]F3V~ ÀT!vÿ7F³Ä¸
[µV( ÖÊ%ÛY" 3\¡¯Z°#k43áƒÁ¥Fp½»5ª^†‹щ�ÿÂ…£Õ
v/•h¨ÛŸ¼wëj‹Ï×߉_14
NyäÈßq3…å"ëøÅ;A}º&~ë
‹Q‚AûÃœWLA¶.‚G¾ È
&ÿž
�GšÅFÄ‚•”YÕ¡Ö"·›*°ºÝbÖJ|$t3šfÔ6ÚÖsq?ýöeG‹ =‰w dPx¡añÕØJ]à؃mÀ<bÃ?0M”$a‹×WE.¸NŽ6Sê4   ýëF—S‰~±_ºcc#²[WWTœ_GÀq+§»C
Š�ÆÖfdªÌÑ0ä.÷…   5Q¯‰!�†H)˜ÑF
TPC�c+×P�Á"0*ôÞ,ë�Ž ¥2b…ö‰DEk
¹]ð¥C4W�¾ˆ žt*¡sœpVzèô¡5à{(
=’YF¬-7`ª� Ñk][‹Ýn]uT^σùÂ
Qeª[œãƒ
áv»À®X#ÑÀ~2<ÑtWê{k|ÊÐ|õõÎ Öß
Úù·èZ£,÷â‘Gª±ø÷Ù
Èß2¸Ááƒ×ÁQ�£G»Áæ]
Ã:î5ª
N5‰WãáÅ¢}ìF� 
_‰\¢Um£1Ô‹ÑT¯ca›½¾‰™*â?QÀÛ‘=Ó²@ ;ZŸChÈå
Ó›ü$h(È…´6ìÍî;4~5ê( hŒîÆF
?°3Éhœ   Ñ
ä\O׌ÁØ   eê`�ËP
Œ½ÀÈBt Œ ²Œ$,àÍ•
©2 ÷ÛS;2Ö@D <f0Ôd$$4,ƒ~ßo‘øRh¬ÃÌ…|6AÉP)9ð6j½ÖT¯•Ä0L�/òL_ôï6z#Ïø¾QUV9   ØTù0ø+Ìßj9-›xÄw8��
D¾ cI”
1´ÇEk•‚¿ G8uä`nŽR?–B£
" ãÝ\°&   èüp¬Ï^;hDÈ4´TŒ£é S€îäœøþë aöË2(I"p3�]!ŽÔÂe×à
̧ _
²pMÆWðȆJšl œ��||h¢8Ê�]HWØÄyÎ #µ,ì
’…   W´ìC8¸BE_º¹#
“‘
h¸éÆv“Ì…èx}¾L;MDøRX¥¥f¥{Ìú/ tÒ)­Nü~6a鿆‹ß½4+þŠ„%Ð9¨PA Ú¶»
³-ëˆ C¾=º•§5|ÕGÁVÆ„YˆÉoTˆèHàžÕShX~bRý—1wƒäø¸
‡*¸è"öS@ ÄYŸ^ê£dã5h+*íªÝí«Û‹Ê
Sm
Vh
HÀ®bQjpÑëƾ®µŠ„?N£7‹=�pì1Œ#‘t‹åvì
Ý·Ä tñ
Ê\rɤ„hX¶3^ä�œ   8Yr€8»MÜBIpzSSÌ|GPv
1`1 Âä@'¸Kjh¤SXp†É@…äJlænì`Ç   ¨%‰µü>8·U0ƒ"
« i¶nh� «^�ªŒÜ®6.-$PBŽøÇ}ljÊêæv¶Ò‰   —,0”ÛnÛÛH% þÏ=E(EŒ
²½e4 ~n0vôl&úmL«z]@²}
Ø D‚�‹}p.LÛv¶Û@\S5HaH Tv¤ûn]X·}ó$up0va
Út'ªxË;û   ßrü<~0‹Î ž�T
@‹n¼ÁRÖ^}
8;Z}hn¦R ô~ô÷K™soe|Ólroi.¸°sHs(Ã×ø£cÃ<‘ƒÅdXi67cëšu”WÅß´
æƒð
ë–¢ÈX-   ’P<` ||uÄ�+\¨È/ì’ø8°¸‘#ÙÚ‚¸#9’ÀÄ9’‘ÐØ9’‘#   ÜÖ
#äµ™ðÕ˜
G „ Y8©!
   ¾HŠÿ;:A ·ÁE ÁéMbkºZÿãÂÂ}ºÖÜíþ;Ê
Ê…ÉÉ(À2c&ÜúD,sr�Á—þ ù­GIšø|Cmlj*ù�<»+|ê
†æöX   YJVí   ¸wB!àÂc.=�\3ÆW=›@Cåš0hø;Õ^ÒóP �Ï­ô2€ ¶)"ü
¹’É
äB� É�-/   ƒ+\É�\ 
�\É�$   È�\É(,[À\ße0Î~þJ.ëH€½ft   F   „�ЊÚ,1<wæ‰ÆÇ‚jƒÀo   \Ä,|m) !fRßMàÆZf`„
‹ O“(}“ ¸,mÂ|jàðxÀMÁm éì+õ ‚ ?ˆÛ%ôÌ <i)hôÔÛè�òÔÐÌ1bF�}F-ÊRB�M©/ÿíè‹
�;Ev +÷3
6–‚þ…róÝ@7Ô'žEjóøøà ÌÖ†ì~|mߥÿRît79M tQ0äP"‰Ð1 ‹MÖô;ë¦Ã½Îì1ÞEaûšuüë
6à<¸;

=z‚s›§ªÝEÀ­0Û'Pë   OÔöb~-M<¸i�‚œ)‰²,Ëö0‰p d; ÚÄÏ
¤²™¹Ä‰²XHŸA|0LæÂTSWK%×J¨[·•ìi°løèS¨lƒ€0¾!Ý:SlW¹æ8Ò„—º­B<æÒW?芩°-Žõ1å

Ëvu+ðhñ{VìC0 T}
¾ü«ðƒÆ�ÂÓ%ëC<"í_Xp¥5
]ìë2…ÛuEJíÀÅt*Ÿ ‰¹Í@�ɉ8�ûÿßøZwwojŠ 9Sˆ 0v}
CÑ4w×i}A€<ÝÒnã­‡ hDȤ ËÈvï[}1ˆX!ž@Çë ¾Å¾
d†‹ _[~À~lÇ-€¼)ð¶ H!\º8Õð�P   a£–ˆó€�Ø!m3qal>°~xýßþ»
   ŠF
ŠÈŠÑ€ê�úw€Á €ùn¦í�¿ÒFFÆ
Æ©
C‰;C�}+LÙ2&x5=ˆEdÑç
´0e�Edf ÉçÚ 8ƒË?>¬ÝNqu`"h åÿå)tu   ëÝ<%t<$tQ»/Û€éù <¾NT+½\ë½Cˆ¥&°¸Ö™¿G¶ˆî—¡}Y‡- W8V·[ƒÿùD8ª ‰·Èush\<=¬Œ:p<¶$[e¤™‘ºUT… Ô!±{6   �M³8(ÕÌ@
Öµîn¦˜.dxŽ¿+El’ýq‹é=5ƒ­(ì|ïë/âj   €d{ ‡|Ž¼ghÿ (ý)ýjžvq¶

(±‹€@XöƼ{­rdJ¶ö}A/(ýžCòpk¾V¬{Kåùî3û WüÚT¬•·nµP3K¶
h¯ô¥äyÙÿ;÷2aÏ(�|’Còä(þ)þ(þ’!ù<øÀ(þ=<‡™+(þˆ‘‡ó�U¾€‚ÿÛ‘   sÿ°Px È.p0î¸Ñk   2ò¿ÿ�팜± ti÷÷2(ä†_†Ø÷>j@Ä÷lR*Âx â
u%›’mYˆH65[Èó®ÓŠ1€j˜]ÛŽbOux²:6(ṳ̈²‚Ö|:Å�Ž˜eÛZ8h’h9t‘< ,•hq†Ë
Řsѹ<%x¸ÛÜfêš1`eCHeY–e<@D\Píª–TX[
xÅ8@eÊ8f�ÛÕ®ƒÛ0   |íO‹-œ).Tz¿yKI¶ßÛ3†² W
ÄÐ{   v™s
Š¥²¯SÞWP¬ßÉv` <Ujeô’‡V,º ÂDG›E³@ lÐ
á7iMxH�Á„)@–¹-·†$¦ öj$øŽàHžÎv   ¨P±:„÷`��
 M¢
”t>a·A†Ø1ù› E ŠÏ¼îZk!Š UC‹Ã8ÌàØB7 Ac!¸Q7ùÿƸ:‚®ZÈpòSà?h" ¾w~!‹ÞS¾Gš¤8G�ÃA;®0Ç |áDl.ÐJü‹Çë÷ƒˆC«¸L¹-¨=*�´ñ˜íÄ)°û–°õ ‡A0LàdC¼8Äm© ütÔ
vá
W ø¤c›† 5@ƒ¾b‰³Cô¾¾p_i *�AoVZiWñÿ¶j±{|;2ŸuÑö“ÚÂÁà,D�÷ØYÙ"Œ9ˆÞ• ¿ý   .k�Æ�ÆÇ…`ŠÝ3ø/•H¢† ï��ÿ(.DýtÅpÀ—
]^%ÿ¸
rÁn¥à·¸À†ð¬XÂPPX»ô¹vwÖZAøkYl œ
h.âÒO;Ãt
)ôQl†Ú[°WguH9;)u&jÐv@×·l¬:4�S,ì\Ðd   ã35¯� ·�-bìÔºrÆ    ¥n6 8 Ÿ¬ª ™e§v…öW— ²mIôP§Ö‰Æu¢e»Ð89Wv3¦8ÛeÄãJ‰ëþþ%„ürâë
iö
‹D>Óø™/z87®œ”¹
€ðý¡AÀ5ÎWøÈñ±@¼
|yV4^2Ðf‰Z{�GCP ¿™f-¤) €{
 -´Ð…Xh@¶ö¿

îù�+ȃù |,ØG¬û$ ƒÃS
D¬Ì½G ž^Hª=.5�hÀñ騦…ËÃèÍd:!8{Ù ÜŒ-›¨@!å!=4Ñ6[ê ¶*øæÇ -ôTsøl‘Ð/¨ÍÁj(-l˜hÆTÈ£|Íìš®L5r<¶sUºDD"
$PH³4  ,
&ÂL(±½9OÁaÓ¸ô\t¶¨¤ú¦�W¾WVjêÓH™ ÒìÖ@8‚ÛóVŬ–Ì �øU´)\:
 þ €M¸‘ Šàû£p]2rÙ»|8Ç‹Þn䉵焘 à ‚õñ½H„)á(Åf®4“ B=7¯˜ä²
çývÆ"ÿa
�}éj[XÇaãÅ�˜á3ÀÌt¥«ä¹YÄH9²°p»nÍÎñ^‹ùгzŠ

Æ3 ½ ã®Ü‡D¾HƒÇ,Ãø›ÕÈ­ü¡ià^AϪÆéÆDHòƒÞ®[sW¨ðþñª‹]£Àˆþ.oÝúV”PÁâÛÑRör� ¶×
êž5€;PQìÚ�T8KõWþeD¸[äɤ²jXë   P¨§Ø‹tÅeW¨¿7  8 .{,ìëgÌ31dc¤eWÙ`ShÔþ8äÂ!´ÍÜhÜ"ôÂ!W
bÉD…–87�Ú¶úHy÷ë°s81ªbËo©Ã_ô7ö9–°oâ jb9ähÊQœÉÉ ÉÉ‘
,ö!#ž8ÊØë|h@òGòGëghH!ëRhPòGòGë=h\ë(hd­òGëhtõd�Ð_§…,BŠKq@ƒ”ʯòLYó @ €¬IžG€ ´xb 7�Y% ïYwÃ镉\æ›,7^àc·ÏF&Áæj÷PÁo`vG’ÀjC�Çä/b�-óó¥]³ëZe:s3
”£È
™ûÿ‡P%?Xç£2Ty@æt ,ñú�|ªñ¢ØËE(äc ù£‰‰�àhÌ`²Š“ýÈ€_|EYòÊTðc<žl œ ·hÈöFæÌhП
ç[&ðȦÆ�C¸ÿ¡ˆY€9/u
   ÑØ»7} Ph›£0QhZ ‰€ñ?í*ö‘x9
&„ð= f
ࣃÚfÊ¿&$òŽT'£—ÁüfÀüˆçšMï"k†Ü³ãG“j–†ì¹pl¦ÂEd9ø�~ÛÝ…ÜAë�Eìw°²‹¥ôVÿµœ‹Ø#·À¸ò�p9
ÈæX©¢¼Èý ñ¢]´ä¿…ØÀ
ñqäcÇG4Å[]Áç /þÅ*ÁnvuìWY3))1¦é‹3‹Îð
6Ôªcàn–hø/2uÔ   ÅIt ìDp,ê   
”
¡ŸøÕ
u|Vf¾T3`e—<YQ>èõ‚Á^@ä ˸œ…>}Ã0ó@@.88tP„<9²Wõúôú˜;äôú€˜<éŠY‰ø�Ü0X²›³Þ _^Q
È`ƒæõµô:$yˆU�µܲƒŽãDf+Èýn˜bŸ~‹Ÿh(Ú;xXZ6Ã]v(�£x Òs
{¼dà‰@ªõ}¤bcƺNë6h0^BÌ;8+’Ámƒ÷6^´ãßS^U«J¾vŠö¯Ü?2=R�E\= _̀æF¼‹Ê‰†²Ù^Ó»`VhÙN'†±?hF’ô$
»ÔS²|ž% ÝñuìÜ[´X]E½"܉J¥! _¿<F W   PPH“gáBøÜ86HÙ]@@@ÑBäHÔB»që~PX›…»æ5@Ò�aXÈ`»HE—.\�d°7
ë4`ë-r�ˆÊè9°¡   Öi\dÑ…
#)ƒÏ%AíŽêøjþ_sBÙ5þP9B•p2ÈîÕ
Dsx�}R?MY}È`Ù„¿
ëŒdHÆ^P¾ô”3-%9ç„@œlTèBRJ<A´-µ Q0*Dj³ª�€ N�¥©3ÂÎ=&�F/åø3½ðG—½ä¢ýƒÿ|Kü�
®H•³BC�m.d¤2‹È©Fä×jTJ�<1|7kÌÞ‡M
} H!2Èù¬;’p´QG˜±
Y$t5*T
&› ÐÿŽDÖ¶ª[L܈t+¶Þ­×ŽôWaW­¹Z€ùÑÈä;Û¶äðøWÁ‚.™
¼$»¢Uí#õ
=�¾$H‰ wä@袌ˆÉÄÃg”/…ž Œ� 0²,'^™òµŽÜàÄ­Êdù
°$ÊŒ|µÜF�ÇþZêÐÝuäžè
†bÄ+¶KÁ„RiÂ

D¬Ô[7þÌøâ…â3ÞÜ°Mà\3Á… VQÙ
.dHžA|02dgC|¬-Ì()-3¯äh®m ëA.d°:mØ.ÎH6�ðs<¸V!¶q„äUËr$E
9�&j±ð²x/äøP›\§�ƒ}jðëBC Ì ÌYC2!*ìEŒµ.à‘ù
Ý©X2XSy@b+@©L°®°f ]øª[=VÔm¬EÑWˆ
:Ãso5¢8¼ìWëYhvѶ97tm£W!x½ýoUøôt    Ð |À. }ÈÅdtd\E°•KÂ�y(»ÿƒ<,&åú¤B.‹säú(ä’ ŸP²�4V"íÀ§¸Ž‡Äï$ Ì&S†F«`Cîºî0×(+S,+Åd³b`.Ã/³˜
É0 «8$“uZ|)8!‹P;@A²%³’ËÚ9\<!
‡LYþ„
Èþ䟄   ì…êD}?j-ät-:Ö2"Ðl$~üFÜDýì+MäðÈ~
„­…<·¢øL~L73;B ƒ`GØŒN´V°
ÙH¥\2XãÔŽd&´ra£EÂaÁnÖ~ã¥tH(EÈBIã{P…òMG‰T'·`Ë0?²}t œ»gSÏù�øD¢&蜕ոxàÕV«?Øš°Ù-„±rpœ€gès…’u»GëW�f,•¢Yh)òø°íc€8µ

&ò   ˆ�@}÷‹ŽìžVSñýðý
fA   €µMÄ „¾¢›r�–€—
‡+°­\¹tqnWT8b{Y/  ×4ÞmQÚD;ûúÊÌ„p
Xhì1È„ŒMÁ4NÈ
ë
+a‰„�
V
H!'   V…�¢“Œ‡ t]”…V
VbV¤QBp
ØÞ‹˜’CÇ>%‡,, íìnˆ\�;~v�FÈÕ‡”´jsÐë¤Ö¤ `ŒQéñ�õSÈ<Ü2‚yÓ
iŒ0ûSøMÉǯ "F   >ÇøVQx²[€;‚E2
Æ·
´>
¸ìEè–XŠSõ´2.á‘윑͑s/ó8•dÙ~+¬Pô5œ²

�FCª›TªPU�R yò$‹ð…ö?ŠY¡0€>;Wt1„âV×Ð@‡HLÊ<EžÐ <Ù³5Ò+fü÷Às ´ dôý�º £š�G×EO¢TYVçWîEM Zü7òž°£ÀËÐ+\sº †z+^‹ƒÍ£ä$'£4ôûôûQßCrô÷9³L8»Èó2Ê32ô÷øƒ¸Â!ü'£Þ'
Z‹³q£ô÷Grä$ô÷ôû»}K3o Vhœ„šmx¸$ƒí
Cƒpö$ø
ñØ
hƒ
   hɼü #ýs
ž Yhþ;Þ=y)ÀAä�Üú¾þ‘`ÌÞéýdì`ÄÜéÁü!1ǹ 9ÇX& 6.¹¿˜Ì0
5Ù|‘ã(PãW%   WA£ÚEaûª7uÙ¡�c[l„ :צŒƒð¶
£ÜKmœú-û´ÒÿŽrÀ¹HkÉ<+HHó«þöî@
�D
C8} €Q
Ã2ÿo¹;Á|+ÁiÀp0kD¡r^—ÞÛ
’ˆ]ôõ
twÈïD°Sbýäþ�“Žx úÝÜR¸!°ûU ‚Mµ%˜¨ˆåô,Œ�Ãräþ¡û¶å.ÿìÛð@ëO¡3�® ¼68�„@÷V(Ç5(]¢l`•¾\\Cl#üd™   r�[
Zíûìûž�·Ä\t£ì¼ììEÌÇÄSÖMíÙÁö üPÔýfM®¼ÉÇ õOÏLÃ
hšpûÖÔ*‹:ù˱¡T`¹N¦~7‹   Ð:7Ôu\³[×U7µÛë 6üöÜ
¨Û/Ù\�ðC�;6lŽŽê|ÏŸ»ö
7nã   l:œÕ î,4}¹/Q¥; }øÃzŒ˜‹Y!–¿àôaú€�Ñ
óLÆgÈ›êCð9^>u·^~: N†b!Ú§�zƒŒDù‚WD\»ÖÁÿw|9ƒ  ÿ.1;Fn•ºm�ÆR…ÛÔ‡
à
u<Ä.jDhŸvPÏžYŒ¦™  ¨Å   xÚ   ^‘Q|ne„   œäÈAè
UÜxY½ýûƒÁÂ�ü 4;½C4(Ì4˜] _ÇD ë/¨Qv¤Ð0\ï†Íÿ·ð²ƒ‹Ï÷rä+¤Î
ܽޥE艊Ÿ(–£ìAï}ÉgFôºéç­á˜äèçè™í6¼wíã wÄï‰îë €½#
‘© ¡³;RÏ¢6¢µåþÇQ´ƒs¯h—Å&°¸�`äÇÇè_[„€nèg@¹.9ƒÒ$1 è+d@èèd’‘‘ž¾¢è¡Áä H±GcÂ&Ãï&�!ž7ù†MŽñ‰J¤;þ}˜ÑÒ}9ÂûSªôÞÎDò+Ò
‹D�ΈžpY 1ø_ Y|Ð_ƒ¦VSñÁ"þâSî^Œ¸Œq߀…!Å"|Cù‰}p�@¿Ž`hÀÌ|«÷
LJCúÌaÍ
²…á
Ø/#�C;³h¿‡€}ì}m,àE›ìCÑ>Y.ì|hà3Œ»ó�)ûSè Â>WHøÍ“¾dH=‹�ß®ˆa��œj$P§¹§ˆ­zÖ—Ÿ„q;á¼;Ÿ‚|`�
²½SŸ6^ CñÉ%8Mh$‹¿)¹2[C1òÍòrdÒ
Ó !Ï!S×(�)i^( 0{®°ç8?¥@Ÿ‘�ï
àhd‹A2#�“tYjSuupŠd{· Ñ±“lÐPÑ|•Wéù=h2D
.�<>Ro˜P†d„´ \ÙœŒYm   é.\
!¨W‹Ý2Cò°÷(h¸+¤y…öÄòL!¿–ÎÅ%Ï!SÍ$
û2Ü0Οù®�oÉ<¸HWHó
-ŒMÒ½�>ÔÎò€à›Â>C‹8ÏIÕûì.ä|
=y‡>GØ�œÏ�)ù¦ï¨ù®�çá¸Ó_Ä®�ï
¿ìÞr(yø Ðò\!Ïãê(¯�æDmlx…4tÈ?€Ð™’o…è
œB6Ä Ñ
Ï!SÒTF\ò\!4Ü»²ã��üÑ8”¨É
ûM!F`ÒTšSÈwÓ?Òý°Ò¼BðÒ½°ßÝ Ó´Q á�<CZdsB¾)äÓ[,‹Ç`ùf�s·¤[j í*~‰ºÆE K!ó«f«ûìГ‘pªø. h4?_æ^µëÊh<ƒ•‰2š€©D™Û} Ò…ùÈHw
aÓ¶”w…}W œ?ÿÖ…<WØ°_¡ÄC¦¤{CÐÒ½BžËÜ“_ìX!ߪü|SØ� Ô¿?LÉw…‹?0
{…<‡×@!¸,.¤´<»1¶„+Ð(‹Tf€ZÔXÙ­]Ä&NÆWv]"ŸuT0¾SÙe Ô˜áÒ½o"�üd"
aÏ)äÕ|#ÕTiÉw·\Ž$hSŸ!ðpÕ
9dJº%|¾+쀞ô_Œ?¾+ä¹â”ÉÌaKDB Ü°y…½^K&G,'„ϲÖóÖ%„¡‡.ŠÃeFÝBK5;³C�¯ŠV_ŒûóU¡ ~²òƒÅtÉß}é�KB0²í/ÏQC7À
ÁQ€P‹÷{SëÈs†RòÕýGC
-ý|§ha�ƒ~lv?�´Ÿ,u‰î€_Õ‡ẊJ3ÛP@Û¢M¾95 Y5£l<�_àÖ/;rÈ®¯ÿvÍhðCß3ö
FC‹„ŸÓ�™QV¥Pm�ý�ëÆ1OñaÆPý¶ xUÚÇý§kÿût1‹S‰Ÿ\³]P…Û¾ Ѐ››·du» Øf…¹sY`…ñP€'j_LQP�žðÅk¹µj@�ö ;C¥ÿ·@Ö#!¼Ö*œnpV'ÛQ
PN¢'�)’6Mß’…!OLß x(ABºå#ÞAj –¤†p¬bp´ëŠÆ$Úðl|-¬k!tBvba ìVu@T AË0«OtOÐÐÀ½„X««%ˆÛfØ,¿…,ƒÃ�PÛ]pÝÎÞ&¾SV C3®GVÛÀ’Da(ºœÍÅx,
з¡]°^¸±©%»)d"VZaúödíhc´ŽØmyèŽjc¼ÝEÜA0¤\$ÖÄ&
aHÍnPK“pKµ´AHX†ª$—-0F}Ž\ÍTCÝìV«bîÍÓF„aWÔwdÅE¸
wÆXVdºªuhWeA·âä—/©Á‹žœ„脾`ôb`ô·1HŽpùë`H!˜3& ,"¥°÷Ÿ›2·‘�sÏ�ÉK pùpù÷Ρä`ôÐû&€ª9`d[„w–=7`¤drÞ„Ôp«v|.§¤ûdP‹ƒÀ0Ù‘KP*¿uZ–   K¢UåX>Î`ÑSSpuq�`{   1�{
¨|-Lå–¥þ&9ØçØuŸ|˜ºà”6EgŠ;8àôi0/Ev
D½#,Í™cÕN¸ªÖM*šú/œM`Y˜¥Îv¦Öz¬«³»Iœ
ÙfAØê†DLª]Z˜Ù^X.�ëÖõº€ Ð8·v
»lXó‹p*¤ùa+íù·ÉÉÇBåp.¸¸üµÜ¡+›ddC¾$ð0Q¬¤€ÒJU!h=3´Ù¬­æΊcד„Yu�âÏ\[‘,èC‰Xù»6wöŠCR»P½Ç…Tùö"fAQPv˜"†Ñ�hLW
G�¾Ô± ¯wÇzÄÙn
¦ PñTK´Yô9×Bûª‹UË8ÙËtäp[û+L2!'\üa—Ü.¬[]ýhºLÍ�}¬‹Ø yDåÁçÿ¤Sj ßÕ|8!5#øÎÈg^h”ÎƤ$486a°‘;1Ÿä —uD<òTØAô‰Š45t7Ÿ@M :
v…¹´MšöÖ¨tìΞ�:×
¼ Ï`NžÇgMW�@ašh
XWN#
øÅaQëëbã
 ÈÆfàÊÍ|2,Ë.l €\ ZÔ|ˆ ;ŠjŸ   ™\h-^áB–ún{M|ë   Ïž\nÚã„úLöŒfÀKSÖ=Õ‹Ü„ªü.FAÓ”Vž=
±‚ÂÐVFŸLÑh&ùAÂ!‘ èÑ{“¹Þž9lò×`’Ãô�שã^HS$¶ê
ŠúB,Š9ù³rÔäe38I‹àHY°NèX
J™D7�µÑäÄ\(FѤ̎!˜ˆ_S ‡ õPïLC®èƒ§ÛñD?T3PG³YrhØY‹FhP³×
0!ýDR±š PÀ–Ä�`€!©Bƒ=T¡%ÅŒ/«4
JCqLÁ\Tx©ƒOÆXöTœë¬jÃZ"; d�‹~ ê8�†US.ÈͶ„|"Ã�)Š   Z¥€ÿ×.ŠÁ,0<   w   .Ýw»Á�lÌA<vï aw+Òßbÿf-  2u€ùF@„Žà·fu�Æ|VÀ1¤KÑöÉØ+à“‚jëRÝäÉOë=høë(hÉÕ/ä‡
ëh(jX
Á©¼Ü’ ÍQ
ÝEðÚ"ñ/ }$ó¥h0ÐU‰Hjtz¥,dD®ÉfOR})h8.`º²Òuåt@GkráÄßåj�D=~ÂÂ`ÛQ u\{`¦a¡
\œ�®|Ô£ôÌ\¡­‹­m`«*xÓ‡™¢_´¾PÐtN:‰Ç;Á
øi#Xè4nNVošË:V
 @ë}h]Í…½X=�`LUya�[øYE0i¢Eë8†
Ø©8)'"dû‚àª:) 9'”ü-3 Ã–2ÀGe¦|Dk.÷j_þSžö‚Þ&(Fë7î  š¾Ž òÜ.¸ˆ1ut5HVI˜ô$wOuñ=o6Òãò„8ð<
º¶%¤L`>\ÍrRì8k€¤¥j“!ÉÒ|ª?Ć—FÅí£
f�ÈœE0k.ë´ÈѲ³ dV˜T%ÿÈ):šÐÛÌ�•3¶ýwAD}ÀY~Š €é0ë‚X*EzÆðu4W¤›0<Þ6l@k€rNà
~   hE r?hŒG¬û(jSh˜Gˆš…?j   _W¤T‚ÐC϶Äð Ðñ:†µå   ñ€µ¬è¯œ/u#Tùâ‡<øøêÀ
t WÜa–STÜÞJ@D¯()wÙ¶µ   Æ2Êä32”e£!,Ñ@i†ºPžŠ¡6[l; [Âl½œ‡ÍdIfôë~el“Cj�¤£øáS¡€°bFTÑb!k‰¿3ÛCë\Ñ��Èšœ*j[ë1h¨„ý£º  ëh°ìKî»×]lh¸F‘-T�XÀq�ü‘ýëèhÈëÓhÔ…-ŠùÜ)Ù #3zFäÎî5µ÷�”¡±¡`¨!F|!ÏÊS!ž
¡Ðó
ñ‚gIzî:Ï‚÷{%AàÑö—,
Èz�èqâKQ
æ?3ÖË»¬\&dJ.dðL²LÈÊxAcÁCS$¨W!KÌx@F‚hईŸ„I
Ñ”í@Ö¡Ä
™m€-t$äÒ/(söñÁ*UfÌ5ŠÅæ,F/, æ@(,%ì‡)ëÊh+äö Ys.ßÏ$UÙy`%‚ÒìWX‰¯/‹Dõ95ÄÏ�\œ
ëÈV!.¬$vø²,]ƒµ˲,Ë $(,08\Ó§€‰L
AO:wñ�%
69|‘k ç8X`¡I
ÎÏJ$%
{�uqa'4‘gD†}Eó°G›¬ïëÂvqFvÆÙtR¤ÝY†P‡‹0’|'�Š
9P!—E
Ne “±v¶„œ1X²<5Ð\á ‰sÞÑ5‡1PLT0+¶Y‰   XŒ_q©@
[;þrtPJÂÝ߬JÐÐŽææYÿêò)   >|l—K$bØÊ=»W¯6ŸŒEQÒ @J¸y€!ƒTŽxÞOr‹Þ�½ÁMp‘2
*ÜLjAv�,Aqý•lÈpýªøÍå,È-¸¼‡V$ aNö*j^m  ÿûïê€8\uy†ëW—Â
ìY
Ep=Ù*£xp"Z¬x*‚|C�ŸˆØ !«Þ´ˆ oêJA3`¡2Ò8‹¥èY,¶H¿T+tù×
vs;ÉvKœ@ýƒÎÿë"ðÒæ2ŠA�ù³Aªü<kÿ-”&l�ÊŸ‘ñ):4ýJ�h3Nd¢¥,w9¬Qgfj(PB 6¨ãìj ÉS¬‹@°A ›Åß΀‚á¦ÀE3?ÍB§t?DEª¡DÆî¨ÓH€¡H „ vʶ"Yˆ&Þ;˜Ûöî   Ÿ!IŠˆ9�+hÕí™L-E:F ¢g\¾þ•dãt}'|B¸æ\ƒ7Õ =äPÓ4<¹½ÝÑ€}’t=V<uýtý¤Ù4—€Dtý`-ÌZ—6W +ÓåÂ{ï
_
Nì‚ç
9[aRN€$0� µ»@NtÀPÂwÑ-:C 8„JV,.
Â,tâ0ä0
¡¥Xž6c6j]B,ë jXg¬òÇŒ0 ‡èS½ _ë   RåFÔ‹ó‰9éÅp4І
væ-|_‡lA¡:x\]ir̨ÀÐ ²aÔÁUmäÃãcŸ'²/5+z<7pB‹ÈõÔÓâÇ   Ulútß
ì|àÆ•åàlÁ”°Ážza½¡¿9ì¶ä4ë@Á+[˜™ 6¾v€%¿æVŽ Ñ’†®UÿR˜R!©f¹9
S$&ÊBj´@ `+(¿5JÛ}Ü°höa©n+Ù]\%»U€Az¸÷Þ%E!Úz`öCNÿF» Ó¨uYØB²·”¶&9%=À
Æ&,·ìQM®Ñ
œK´°4$&–Uk»%/t­
¬ˆý*YçPi@íA}¸?�φ1%¯\
Á¾—Yë•nklÇxÃpWw#Ëv²Ì‘ë‡j'{«éK“]t�ìX
Š}^[! ’FX(�+;\k{3 rÇ5   ,_8NÌŠ|^hHÔí®*Ð+I{O;�d®—š�`ø
]û6Gvnd,üèú}é4+Æ»*z
’�Ü>ÑÓɺÕ
 å-Ñ_5•5]ö…¨Á
rKÕ¿È—=ùúaô`ô§j@kPärܪ²_ð,9}lY4É
Ü ÷HÚ;Ǽþ ØZ-³MS±l�
\kòER´+?þë$Œ�—ç²`þuƒØá„$‰ß ì
ÿt4á…ˆ•ä…!:سܘ)   "½�µ!ßKˆtœ*ET]   A’
¸áŸÀÔ~3²lQà>'×0Y¶Ž±eY–e $(,o�Z–08<ÝAšÙá’óÿ܈Ó,ü…°¤Þò¿£83­»:Õ#Œ^ÂÄ‚ âÔ£   Mq(º Ò\x.DÆÔ`P‡®].”ŒÊVŽ¼ÁÌÔÀnÑYS aYB�86Þ¼’‡B²2C^Ú€b(„t—7Z
XV•Ž¾t÷oØxO�¾(Õ­}T¥;ÀÖh`
]GP¤°8h,€ˆò3
N)Þ†P¬|ó¡B1q™Ž€ã1.Ti–èÆ   PÁé(ýŠo�â~VB�5QdÏÀ9íE9%곡ø—
hÐê6\iC¯j|‰Rl+¦äg-|þ©aØûPjˆOû‘€,ÆÈÁ±gÓŒŠ ,a
±c—[ €àV„1Ç®zîzë
â«XÂè—vL(Ї•l
uCü¨;Ç;�@â}¸‹JdJLnÕ­dP»‡P
¢!a~Fû§>ç Àm
G˜È¥ˆ jc•Íc9®ª] ñúþ?‘ ÜÉNŸLjZxfôÌø뀓XV·ÀLlhäR�„Nl   ”CrˆÕlîFBu¡G.A·hÝ‹{Rp
a��©2 C²%Wxk¢ïf€µŠ�•§RXÌb<|µ®B
v�„ÄlõÑ«ÖÐY÷Hjaÿémsë[h ©â6dŸzh¬¾� €|e®�,hÀŠ.ìFÃ|�º\ Uf‹e
®¶h÷TÔÃÙ*™�îƒbH4ºQ†K�{îÃñD9( jÐ Êæ0òú   hË€𼆕.Ö5·+dÁN'O$˜©k/h0$>Îm#Ûp
(p18[{ š»dQ  Ì@×/8ŽÈÀ
dß?¶!ƒ¨p
@É6ûÖ#,RgL¾Q†Ë“ß�&
‡Bzí P
©œ©|û}û¿µP+ç‹u`+uXGFVWêœá�
hh
1®¸÷îèX½e¯©¹T&4gVðèf
Þ]åél’œÅf?íh�쨆ßËPïå±#· ›TïóÅ@¦Ø¡fCƒR�‡”Pï`¸(7vs˜ðu�(P@Ú’=$AuÙ¦ÂAo—í<‰uŽ™ÕX¡4«ø
+ P&àß;   ¤|¨º°|
ƒàø…šY8Ó<(êw"ÇžpºÀ& ÁœÈm9I1Xª/Wu8.Ö
ú æjþ:ä‘èŽþlZ ×_í¤ÁÁëióàÐo_ �
ð
Ù(XƒÆ
¼=F°ØÂr^wÅövX*Fµ]:' ¶
\p H¼Ôß@Qs‰U@bYl¬P,�q‘kTßÞ®Q
ƒU`eVi }¯w9HÊdÐb0ÔhÛ®`UF›3Á™�Vv…ñFCy‹øÿˆ;ÃŒiŒAT:>Ü+µи<½é€bâ€I@‰äP¢
%Šà ”H,ÌQ9Š©h4…ˆaÔ}V/P)€Éa>öÈñY¬±t'š*>Æt²ûº©A @ðW•ƒhÞIfxfK€MÐŽµì
Xâ&h$ŽvWÕN

j(S‹Dt²(ë9Ú1¨žÿ‰êsüÇ#^3¡þ²¯ª™£)-?ÌP�7ÆGÐë&ä   ,h|È[8²VÕVäÇDÒ-1;„³¤¼ÃPáL
2T7]B&$‹ÐüA•_ ÉhÜsÐ…Òt(íeƒVš^à!EäÌm„‚àGàÜ$%„³ 
Ò§WÐŒ×è¿—[ט� .hôÚÐáÀhy³óEã#¡ øÁh×u¥7Y·£Ð0z«øšæÀ-ƒ= ÝŽ   ;Š�W«³3œwVæf÷°1Ã×bÖH�ñÙÏd�Noˆ=hx!nNò3„,hˆlðh˜;¼ŸI|
Çzý„d;„ ^u ¦Ã—Ì“\ ¨×´œÉÉ$'È”ÜGNr2Œô¼òØL2È!˜ÌÌ`�‚‘Ô •ª>7£ŒäŒLòE[ˆËÙ9;1£ÊÙsRP"¨ƒ:ž(Zè“D:¸wÅËÿ H&ŽUhƒÿ"&A–Øü|nSApX
Põë> ƒRô€=÷œ¿
O øu
S|£è�ªÙ0z)´ öíQœa³[�D0
6:©h>[³VF• ü˜á¤¢K¿,
žÅCµ'VtG…µñ›*6�iVÇ
‡æn((êmvëJ;Et0):ð“ç‹¢‹¢*ßz² Ûw @ëà7²«�@Wˆº>„yY9cc±S|MŠ�ÿ û
gh úü9¦•F¶sü¿|”t6ŸtïÁÿµŒ
CWT„gwëŽdA®­g�ÛC.Ãu«hØO�¸\DŽS[¶„Nd�ÙWäf¶·95”
˜xV(Aµàl·rùì®\MhQ��¼QP   Õ›oD‹Ámh6=ñší‹Þx¿´²WbÈ“[�9þ8þÄk0)[ø ½K�WM„�\ÈþÄko‰�l1$l‰…D÷Übæü4HÿµÛò€}�§YjX'µ‰É‚{$-$˜ŸÔ
NPk²ï   {°oX“ʼÐ-¾ Î“]a‚SY8BF‘d ¼Ì/fø]xS81àf„¤ ü¿$Íöž¯æd½+ˆë6s °uà…0ÇÁf¼gç4ýȉ�&ä„ÙÜ
±(5›%Ì–·c½l^3 ©„¨Íà�‡ y–Éx¤‡[p¸8B U�ÿ$<)Â|�–ð–¤" ø£ƒ‘’§£È½±Àóã‰Ü üÄ6J‹ÊHǽ#EƉA”̇ÛH̤ã`<7á,
̽N ßE|›WG;}ür¥
†€¸ß’’¼8[\HŸ zSÄjœÔ0 ÅžþÇ È@=,›EeZÜ;²YÉ�rKÒ$
ó¼Ö%½¢ëÍ&0
€
·gÑ�~¾l@(j.�¡ `AAn49‡ëØ`ÃVBj%d’f²«øø’ÀC`Ôë­¢#À ûŠÅ‹z
Š/š,n!WÅä'w€ñ@!ö®R@ãë!-õ*G /rÌ-’³u4P2ssä@ ñ
+ä¸òŽ(ûqâß a;u%ƒ~ö*’D >F0c]   /
pY@³%"
�‰Z[WÅ2@”êø«ÿµÊ•jû¿®(*1
/t(x‰
«°™ˆt_ŠÅ¢#Ð@ô��šu
ºxW

¹
5ˆÀ¨FJq(Ø3
x OW4“œäÈ8ØPØdØ|CNr’؈ؠØÐ5hî¨Dkˆ2âp>êqúÔÐæHV”ˆJ 5®…ÿX¶›>,mD>
j@
 Š–ü¹8¸Í€jÁý   Q¯ÀÛ   h¬£ºoHO ØA¶dœÀäÄH’È¥Üß   d�ätrø&äs!^ ÙCBž
y /Ÿ�ç$u+¸Êùùù{븸 ¸
¸€c“z‰
xFÁš†-´T½"6:SLªz¨/* ÍQ?ôpU¤ª) ÙaV£p+Cs†/K" ªÆ rW@i{‘€oF]³6‚‘ödÀÄ–À>"í‚—nü'
F3W±Â,
ŠA­MaD)ótÍfÇסVM~“#,„K�#v ØjD�IÈagG§Á@ éVAøåÞ¬À| `À™Ï
¡A
=aO LÖ#U3É9\[û
ö9Ht      Z<™ª¼B Á¨uŽÿ Ôë*È ÿ¢�„ˆr(
Z
ãh,Œ¬Tå Ó�‚Ζ<ÙˆlÙzyp/lL\#W~š¶¨\Š]ʼn7ÀÅ
‚·ì˜›_ñv€v¡% `1©Îg;
«-hÆés«VŠáË~-À{zP µ"hªü$ƒ}¹Ö
OuÛ^_ê5:ƒŸ   SøhºHö), �4@uaà? kä²Q?°EõFF0×NŪ2
ÊfÐÞ!1iF= @ÙŽH�{Ptt
)F
†ž¥w;j%5j2â™Æjˆµ¹' Ó↠.Ü
ŠD"<\?»ÛÛÆ„Q/+ÁHQ~&�ÙC »9$š 1
9ø‹µ‹7‹Ît†`.–â¿/jw,.�„h   ñ ?¸|@,�Í+Æ;(��Âì1
E†RPJš
#0uz ±ëŒ vºjÜ ÈóLIóOøä4R4�d$ÙÙ*‚ Ù �š @,
97 h”W‡gÿpø$¢‡‡ºë
ÿpŠÝÉ‹þ?_Ép�Ž¸‹÷x*©U,Få^;h\WšŽtZjðÿžä©
 ð™o
Ô   @ ”ÁO*àéšòjdŠö2^ƒÉtz‹ÐªÅt¦Ž² Ÿ H^†GÅ2¢W~FÆh£Ðÿîxžû6èth;#xž5¹¤sñ£Ø͈ÜKN.9 Ð´ää’“ÌÈÔØN.9¹àìÄüÙÜ‘KÈ9=… Ày¶_»^tA
�t9 Ð1gy–gÌ)Ô!à´gy–ÄÈ   ñ¦†    ø•Ã9"Ò…
øÚ@IZ�RDéaA(¸+ &SnÈg;|ij+ZjÿÄÊ­8½}�R(°†ëªe'“S_{tŽ€µ(€a(ö
CØM¸«j‹¤ht1äž‚Ù�(”ßGÁ¤
nPtDx¹f-ðØPþÌP]ç–_ÿÓëX´©\Ö` që-{A*:ÿ7!Û@¤ÀñÜ
Fmª­�\VørדîÑ2}HÈYQ³‘Vܯ�ïPqüW^ÍFt]ÉÜuÆoñ;h Úât'z#O,ÚDÚ2Üóè[×8�^DøLmƒ…^HHt£è®, ½µZ¶"
huH?ïL8ëlh„ehd^hœ=???WhXPh�Ih¤BmÙ¶¶5JB.$

\‰  \
K½K Ôlht5???hÈ hØh¸QQ"fy<†MðþŸ ¡®‚j ÙC0PÐÙDì0(¿(!OV5Þá¸_ƒþ(-o�¸tÓÞÁsñF%‚ ëhN"OÙØ£€Íó-8
uà
|ñ²+S
©ÀÈjTõ|!"-.�MÜ xí ŸEbZ Ðu
︻‚%
wùg”#ÑÑŠÛ|XÊî£[íðW¿˜ˆŽÔ¬£‚è?WË,Â=×Y|Á‘؃þß4 ¨®Ô—Úfƒ$áf^ˆ::§jGð0 ¹Ã)ñðÁfZ5P
¹#A4pâ¡+1 65Ãn¢A“OÈèEG½#Q8}�‘!Â}© ^�¢Ù{/cä’WÍ™ùS2!ÀmÓ5‚pQ‹kh`ä;é
›"û7t

0äý‡ð5À§j0¹£ä”…4¦êS½°¤7aH ÚS³[» (Ÿ °Uûª õüRj�¥ü+Fª`øMðvl»UôRô? 9v/SûÜa
V¨`-’}í]FŽylPö"o-rÓ[rWC

x? =gÞøG(¹?Ž
1¬6@˜E~!¢íºJSÝ~!ìøp
�º=   AG;'|ß?ʱm!t{ˆ¬­.[â_)‰š{k‡w‰N$‹^   ,‹ I°c{bf»ë'2ɘ»EëÃ
((0dI0 Jï‰`‰€œÒãIpÇ ™§ým”   8LÛo®<p_'Àmç+Ö¹jÈý“¢/\÷/K˜5÷¢Y+   Cª��ˆÃ/ùÃ솗Às WÆ�K�P_B©•]F;ä
Ês äøÁŒ¾‹C !v†áQ+X„Sg¸ÛÂÃuÒ‡¹ƒÁ{‰ø]üUó¥|N Cuÿ3ö𱋇 48Û
7Þ _o‹ûêEapä9Cö»•Z�}tiÿ;R´sµOp[‘+"   5'4,À­CÓuL5ÙµßE5ahL.ªZT«Ñ¼£FáÉÐöU&d!UÛàÆâ<ƒ6
Ûï:RP8¼¦�‹WP Q_Tç&U6Ë*;6U5øß~~K9ʧŽ`ï
ŠöI¥>ƒÇR¢áš¦ë 4~Íßn—Þ˜ØYÙ]èØýßàöÄ ÛâîzëÝZîAt½»àºí
E?UÙQÙ$"6ØžF,CWã ÝìR´Ùç|�šggÙb_$ã`
9d’šÏÝú‡XÔ…
ÜvYžXÑŽ2ɳýV¸T Gõ’ QYôýµ1V ˜¹� œ,ž-ö²D}´ë@¤¡ä�I {†C�KGœfEkE…   AwÑmhzF§O—ÿ�t0F ØÂü*«È&íJƒÁßývÏS�!è(Ð]ø.ÚøÆÚb >Ò>WÖ`ý6 ÂR�FA¦F¥-Wjýhe   fm½E!w€lØØdœEb¤¸7$P% uКÚÃäö¯¾íg&i�¯
 oÏPΫN±
Ç)ù\ÿK”·;A }   iÀGöÐ
%SñS^Œ¥¨RëÛ|•íid©€WS6G§SKsFÓÝI©E–JTFF]&Š±RHI>ŽN Ü¹„hcu±@˜DæIv*žŠY• ™†*Ö� FP'J<F?&Ðdƒ¢Iiþ!O"d“ÊxÛn¯"%3+ lÛ¦$F •Ç¾8�ÜêÇMtH‰^8@ÂÃhÃ
¿Ë4v6j4
e
"ÈØrDÂUŒ<àxÚ8 E˜pÜ4rÊSû ÍÝ õ¤%ü/øݾ»"=0ø�°Âäƒ�ë
hÿ« xX”Ž¨ú±‘í±jYHÃCôð‘‘‘‘ìèäà‘‘‘‘ÜØÔБ‘‘‘ÌÈÄÀ‘‘‘‘¼¸´ ‘‘‘‘œ˜”�h‚‘‘Œˆ„LpCÅW–÷÷¸aÿ¥b=„Z׆8MZu‹H<ýÈ�9PEévÍÖDõ=
xËÆ[mäŃ öbÇvò½™øtƒytm2ÏâèBöäl¸&r™ò¤s2
P¢³=4ÿ0¦ÈÖtS
\ðA
PìïÈX¡T j(ø£Úè²_ ‚³¶´ô½§»   XN ÃàµÁ �Ëš8?e‰ˆúà Ph¶CùØÔ4äûk=ÂÐh45$oïV¡dqÖÌ€>òm÷"u:FŠ:Ãt<
òšmk õ×´Qˆ� l*ŠE´>}Þ
7OE¸+ vØëõT4hP &¸m}l%×c#ð„9óíªU;›rhÂÇlýËV+Èì‹   ‰M€PQ¶vQð�”áeè<€žc·~ä .t‡xM¤ã5öÛ«ñ[€Ócdp\–}Ödv1¬H¬‰Ì  Þ›ÿh ¼@ d¡ Pd‰% ej³m)‰l�+àžBPªÖ˜‰uiÍeª ‡Du¶F¡/
aÍX÷ÍQs¨m¬Ì Ü£*9õÄý·o… ”‹kÃQ�L$�é-ðì÷-…
&ì+„Ä{Ñ»» ‹áù@P£Ä-­®@@ ³%Zw÷áÛS´WèÙ÷d$   áøh+¼¼¹X2`[ëá
øÝd �¹D Þ0ª‘ø’r
´Æ()Q`ävؾ   ^.àö
€ì¹M¶-àö  é:8"”z ¬ÍA˜ ÿYÞüÿ]m€;òûðㄈ ª >Vž={Èî:ÀF
Ø¡�¯Nir9ùÿíCmdMS Sans Serif ÿ/ÿ? v2.35
Copyght (c) 200­ÝÜï3 -9 '7of9$ß~Ûn
Fo me infmatik¿Ýþon abou7usg thif
[s·ility, (ad.l}Ùºíp feUnxc.chmmÿ«¨OCtp://w .»µÛÖsit et�en§Ø¬»ýIf y_ c  ³_{ÛÞn„to“W
dowy¿sÛmd ecr{'ll beÛœsŸw)¡eAw½…íÛ>h´sdcy¹ÃÚ­û¦fu1pÕh †§¯m±ïexeùDi8asKì�l`Ž† ? F5<¿°˜Errora
d¦Ûø‘G! }€Ó4'»ª
Ìëù¤ðvÃM©msc„e.d® Lo.l¿cLibramS|m ßu…·Â…g i?y . üÞð¹l
CŒteAsmÂo…yCa�GDIPl}Û¼½G
dipStHtup ë
“h&ÓnÆÜ/¼DveIõgeToFÁGÖØŽ¬En“d%0†%°îizé _¸΋B„pFmHBI›½1öTMAPD@posf/ö^ì
ã,yG6{Á=Rc ËV6#a †®kþg e / pg.i9sßldj+)²mØ
g+ØYì[#t9;t[Ö}Ë!#bp#LÃRògÃhø¦ Unkn� K#´�¹\
 %d:c<o…Íý>:"/\|W kw>l32î~çf=k%8.8X  2.2šZûtˆye:Xwke+ß3cancwrUœ¡sü“gnol™;¬é�ÎKQrYS+Ú“¶vLaD&dAt;k›k4–<Vsl´/Xémÿ\/:*?"�|‡/�¿ÿ¿ÕNÁ¤ßýN€ gÑF¨PàïQnÿß[ÿ¸KAƒÍ…mïH"w“t–‘3Òžÿÿÿ­ãÞOys–tßDl¹r’I¡ìï™n"ÔmastK&‡+'£Úy/ì‚J–:cd micÌ--pñn¼5Þ[ºcuxi
Ï_j]›�s?lC\«tVãsX– íØ©•Äpc¶µ
±nrËb
sûÍ°µ7d8™lRegi�-¼×Àrv#ºr‚i�…Cl�Â+·…VoMou¯w¬ãrd¹.
timÏÔŠ½^sO ¦K†Y·òm   f›'b6‚@+;ÛñLw sÄÝ,·e|CÁšå¶Xm㧛µ·msg,mý_‹skt‰km_“s
_~nQ³ç&pHgoç,¬—l`$¯H6\·}pÎa?Yixl`f_Kiefø_cBou¶Þ²*÷olÏl ˜+`Ô9¬à}J
hÁÚÙ¡é+úl77hþÐhÄ  ëi; ƒmËÜýnt�n®µÌž�
Á h’#‹£L6ƒ¶kÅlç7¹   n$#32770Ñ(=däøs1\ã'3¨;ªþ6ì�]›de ³¡^Çx›n3Jò b4CÏc` ÚslÁv 'ßö™"odisd€wk¸Z;0sn È 6Ÿ+A c˜cl¥gx�`g"G¨`ÃÞ°g¦
ª
û¶³y+Byk- +
˜
Ö!   
±ÂsQQ  ð1l°si Wl†¹F¬sËûß
�az;/³¶ÛåÿPl_QywÈ/B#ɨ¶Fa8!¥tz¡0kIWô£INøZ¶$\o\e�tÒ+3s
 ‘ZÉ%êª{3'…%m‘›cc0ÇuBqcx“îPl˜ Ë
Û½÷b/ yc2a§ Ÿ  c•{{͹?ò
O¸ /c¾¾
 7ƒñpT¹(�0“ÁêgÜ£)±WwSõ¾ µZ:AND_
±/á¾_WORD NARYOœ›Í\ŠO
G
¾   ]0ûeT_,¡†'ô G…†‹“=.îC¨
 ðsub'Öµæ\‚K“%ÿi¯ì,™K
k
süÏÑÚBms*^¡÷Þk- »ß
wöhëföcFâ¨EÈPóø²öfMUµõOÒk™ÓA&%ŒZ³M9–É´� ÂÛ´Ù«±MpÆ£0^íha‡vs{ŒœkõšPÏRASY3²\‚73ß‚kµYÇ›xeëØ: ´2g_g‰f�Cìá{†   �,÷&ôhG›\¸¯×†5Ê T€ÛÀËî$[6¤ÇS
F¬dèƒ�™‰·lß›ßàÍ©˜!»
b3v:
¢
¬)÷Q£r
Rû\ïäƒxpÜóë0,£XŸ÷^Å¢Ê;e”Züj”1›w.›bl冽’¯hg”­UÂöuL-…Ë9N‚
$Æa!õsOËÖîñl5 åhàZ7lÒIn@
u­�YÄúÛá ) ÞÂS'ˆµÔ‡637Z
{2ßKduŒÍ…‰m;òeÏA°e°kÂ+Ö…lsyÇK$ÑÚi©ÚÂo µYŒ[   ",M­Íc æ;d5Þã} º0d �Á oe^E¡تuˆ��¡€Á&�óÌ AªGÛ
Ö‚�8w¥ Z�z`GiÄybÛÖY
áOpÂÓ$÷ S¼(nw‹à
=\×°t¬‘µ+¬$òÜ„˜ GnpÕVú% ¹AõKÀÀubi#”T'‡)Æ{dxª߆{�W n­rc$\byÃb:œãô@ÏpòCdÇйh O»C9NuÛÝd DAu®o1' xêñ Do±sç­µ^�žÞF¬åø( ¥–—ˆÐÅl
÷eÿŒ   1¸�Uj öÐi*yaÁ †1û0y/£´d“bKÓu°-fË ¼lWr`Ë22 v7t1×A¤†ãv<P¶ ÐÞÊó¥Suc‹ÆJè�ÿkö¤RØ"#MoLàrîG1XŒÔga‹tG   ¦¤wñ—aLÛ‹7ÿ‡UfCÜXO�G_vüaåa/^ÈÇ.ÌÒ»ßS; I" BPP›CÅ­°rP"\Du9œñ\Mecsà°%;�mšdÞ'ôjs§£ ÛÞt¨axmlMy§f€Y¨·X‹½èãéuiÁÄkîËö�‹"cF�Zp‡Ïó2Œ¬tý,š&0ÜÐl0àfŠÐ'ãŸpiuÆG2SïP_TJ¦Î(åûLïž
®ÕTˆ.VjÉbíÝAAdju±&l”[j492°¯MfSÛ°X
EA¶®7²s¯Wkg§G
Ä
k%P '¾|eïFZëÚιR
DED>Á{áé¢InÂÜ{X
ïNW¾U ?ÃñJobAØctVR-TOD# [é6A3Bu„JFNA£%!ƒûÅ„v3AOSnV‰[Ší-£oNFtAˆm
Gx_-X²d  H³Bs¢ w>+í\·BàeNœÄEn�3ˆ€�s'o`ïg'Exî+&   –Ðe'I_Ï\›Ðš)ÂWPƒ!!#[~EÅFêásFPzAι$ô^C0b�½‡`¦u)+HÂÎvaUp7GO¥þÿ‡¦ HKEY_LOCAL_MACH   üÿd¿ELMCURRENT_USER “ÿ/ùCULASSES_ROOT…=_’R/SUGWÇùþCONFIG+ClL‘†³ÂVVVwTúX³ÔdR;E_ )VC*KCÄ\WûSCMî[rÍ�±YÛCk�£d*“´‰Á†cHËQX!+”j%*�›,ã s-;ÅrütÎN³„G#§3A aÖ,/‹öSH£…
¢SY�F8§vPLWHEqOoöcyc”i­Fš'— RC#gA\8pD3DcSN.y6 MPSC†
ì
/ &Ø°`É.R3jÖMuz[䈷
‰we\M<!—¼s\C–¥G]¯V|¿\4l7»r\ø—þÿØŸ•Þ¼/å|FŽ=ÄW’‘�ÒdþÿÿÿV©–5O§FÞ�¶6æ‚,ß\„FE—" ÷@x"šP   ìÔŽ”ba¨¹xÁMuÕøjQˆv ê\\0ØÉ ð> A§0@ÿ? ˆRSDS&r¸bPüEXˆ›ÿ‰_o(¡=Ä
z:\¯jâñ­s\VS~5\+t$\r}Ë">X.pdb`y‚
wÄ@ä9çB  X,( 6BU ·
ð,Ë( @
@h„Œw
rÜ,Ï.þ
ÿ ÿ€Í �ŒÀ 91œŒ,—þa¶
°(ùVÒ€ ÿ¹ùËZvü ÿøð ?šoà}€„–æ¦i ü ?ÿ
×.¤i?þJ7:öØXȉ�X
J T -KU#Å£ h
j¦› x   Ucv rs)c6s×=Ëi   d#p amt?Åç9r5M SSÞ{
Êï   7뺟«Pã 2
ÿÏ“gI¸O K„
Áº±‘CKcGl'Ùòä€ �   J

 é�CÒ}72C“     ê‚ÙÈ7C 9
 ëPÇlKµN:5¥²ó…?Ý jí°ò—ï© U +�ÞØÛÃÊ .«A „
 ëiìS¡aSg³¥ìcC' ÿÿÆƺW‡b�iÓ:_p²¡›8�h_èoiØ\×Ëy-T   WánÌc›
wÓD iýtMÝ°1ywÏ ƒ
�­64
Ú
T!4ª?h€J6XÃ×P¨W­›aUÀoäSÆnm¢nP[
S½mp:µTúrn
G�
¡zD
v
XTO
D9õ¨R{°ß»P»al
To   Å6UÝ[l
B Ø–Qi R\
Õ‚ÒSb%›@Åa�%w¢†E¼jl6kÛT¥m·Æ#6ƒší¾ThrUId¬€3õäP4üdYAMaska7öF}S
^ObÃUs¾ê`ÔígúEnvinm:»AÅÞWiabŒTEx2à€Y^ÅC Þ�7PoDµÖª À„TìîN�_Þ3@ Å1osm¡Ú'blZ4Ù6lþ­z
öa¦*6
Unl
×ÕlìÛ^‹*·¬‚f]˜à‚9Ð
¦ÒªTH¶¬By\‹º9î©de¾ÁÕìȨpAÕ
fÃøôQ%l2>A|}±Á¡ø$-nFIÔìQ•=–
„   ±(…"³`§êmAn96¡P¹Mãwä䂶[MLa*j0cÉ_kDat±6›É   ‘rÌ”²lSÙÕ¨N³] áÞ�CmkKe©²Ù`îí ógZ° €Ù1YElRÂ\cbP,`ï‘
.Óì4]‰"$eΛ ±µ§lBÝÒ+DCÁ   %B=ª
ð$ew…d£3Âlz   37ìDIR,x¡P5ÇT_KED¡Q%³
6MAmLÍfëØ0BkMe»,P²_Í=
Ú_p=
{Û€ak_fAvú®=´R̽hd\ṧ_Ätý“(K¿»rgs9cm,n<Xg Åc XcpaÃF:Ã�_“·Á¾{fy_=lon+
¼íwcs·nn¨í\k›‘rw_ÿ   rclËkpla!iÛì%›  »”pªçha&t°µØ‘Ífp‡ž–_oæŽÈr3y>¸Á¶d^¸yfug37k€Wiï=Îjû*fϲ0½™;{ A_   (ÿïÅ‚šÕJ*??3@YAXPÝÌÅn@Z±Ê.i÷½Î|2Ia¡Îf©ëprÜf7³(up(éZg”Æx]·umÕ l€6Ã�E
`åk¦�ùU!·E +·p`XCK’_r!T©#­Ä�vOð0 °ÙMA|0±SHÓéÝŽfNoMfy±†ªGŒ d¦Ùš˜ã°ÀA9M�FA¤@f‘vúì6
Is   Vis(
¦òoZf™n&kØi8† ‚³ê‰Dª8ƒ`SÄ ;5Ì ÄR I1,À‹EQz"8Œ<Pì#  st
Eš ù+ Ní¬vó�hø  à8
aM ˆ�
@³a³€l
l

æèNÊ:E†j
!qX
»\߉l“C­ ɘ¡
¬„w‘j2ƒÀ7ûogBox+½„�þAÝ�ÏðÙ¬ .ÈlgI$=la´0SA"`Á’(¥@ˆ„#Vœs[ÇBpÇBrohM!{C&L$Ì°£g$ñ
‰d!lË8<®Î²`Ak=¤„½DRB…eË:‰6È� …l�á/ßÅCD¸±‚1a   
¢Ð ËÜE2öë°Æ2Šà)®S
q`?ø“Œí›noænLÔ:ÍÿX Ì^°·™râ
[)‹àD>AS"ÚHøOö 8ÑMA»BlfˆXH-@�%£÷ci{ü&a6£*¦W2­K NUjÀž˜Ä+(A¿<©Ù~‘PEL
 2\
:äUìIàj

Ï ²T‡®À̹٠Qtú@
oÌÀR3 #��·gÁf
4åX²� ¸ÛVO¢´³DVvƒ�å@ç$Ç‚¸Â.˜ d_°­�ëiÈÍÑx`.ÄÖû™,¬
I7.›².&¤iš['4ðà™sЦÀOð
ë¿•4Û
O
â�ß (
t~       $ÿ      `¾ À@ �¾ PÿÿWë
�ŠFˆ G
Ûu ‹ƒîüÛrí¸
   
Ûu ‹ƒîüÛÀ
Ûsïu   ‹ƒîüÛsä1Ƀèr
ÁàŠFƒðÿtt‰Å
Ûu ‹ƒîüÛÉ
Ûu ‹ƒîüÛÉu A
Ûu ‹ƒîüÛÉ
Ûsïu   ‹ƒîüÛsäƒÁ�ý óÿÿƒÑ
�/ƒýüvŠBˆ GIu÷écÿÿÿ�‹ƒÂ‰ ƒÇƒéwñ
ÏéLÿÿÿ^‰÷¹;  Š G,è<
w÷€?
uò‹ Š_fÁèÁÀ†Ä)ø€ëè
ð‰ ƒÇˆØâÙ�¾ 
‹    Àt<‹_�„0°$

óPƒÇÿ–d%
•Š GÀt܉ùWHò®Uÿ–h%
   Àt ‰ƒÃëáÿ–x%
‹®l%
�¾ ðÿÿ»   PTjSWÿÕ�‡  € €`(XPTPSWÿÕXa�D$€j 9Äuúƒì€éT�ÿÿ                                                                                                                                                                                                                                                                                                                                                                                                                     
   8  €   x  €    è  €   (
€   h
€             

   P  €             
     h   ¨

4
  ä                    f   ˜  €p   À  €             

  °   Ü
@
  ä                   

  Ø   

  ä                   
g   
€             
     
  0
   ä                   

   @
€             

  X
  ¬1
¨  ä                   

   €
€             
     ˜
  X4
V   ä      D
¨4   V S _ V E R S I O N _ I N F O     ½ïþ 
  ½    ½  ?        
                
S t r i n g F i l e I n f o   â
 
0 4 0 9 0 4 b 0   0 
C o m p a n y N a m e     N i r S o f t   6   
F i l e D e s c r i p t i o n     N i r C m d     * 
F i l e V e r s i o n     2 . 3 5     .   
I n t e r n a l N a m e   N i r C m d     h "
L e g a l C o p y r i g h t   C o p y r i g h t   ©   2 0 0 3   -   2 0 0 9   N i r   S o f e r   >
 
O r i g i n a l F i l e n a m e   N i r C m d . e x e     .   
P r o d u c t N a m e     N i r C m d     . 
P r o d u c t V e r s i o n   2 . 3 5     D   
V a r F i l e I n f o     $    T r a n s l a t i o n        °ì
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
</assembly>PA            ¸5
d5
             Å5
€5
             Ò5
ˆ5
             Ü5
�5
             ç5
˜5
             ñ5
 5
             ý5
¨5
             6
°5
                     6
  6
06
@6
N6
\6
     j6
     x6
     €6
     †6
     ”6
     ¤6
     ¬6
     KERNEL32.DLL ADVAPI32.dll GDI32.dll msvcrt.dll ole32.dll SHELL32.dll USER32.dll WINMM.dll   LoadLibraryA  GetProcAddress  VirtualProtect  VirtualAlloc  VirtualFree   ExitProcess   RegCloseKey   BitBlt  exit  CoInitialize  ShellExecuteA   GetDC   mixerOpen                                                                                                                                                                                                                                                                                                                                         

[Sneakyone]

Hi,

Please carefully double-click on ComboFix.exe or Commy.exe, be sure not to drag anything into it.

[carltonsos]

Hi

The first time i clicked on Commy - it warned me that the anti virses spyware was on however i followed the insurctions for that particular spyware (avg Anti-virus free 8.5) and double checked it and went ahead. The computer brought up the blue screen of death with (Bad pool error) at the top of the blue screen. THe computer restarted itself and so decided to follow the insurctions again ie

Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

Once i completed this, the computer reset again upon hitting enter for "%userprofile%\desktop\commy.exe" /stepdel...and then  i ran the commy again - once complete there was no log from commy. So what next?

[carltonsos]

Ignore previous post...here it is

ComboFix 10-07-21.01 - scaturchio 29/07/2010  16:01:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.61.1033.18.2047.1170 [GMT 10:00]
Running from: c:\users\scaturchio\Desktop\commy.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
The following files were disabled during the run:
c:\windows\system32\APSHook.dll


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Uninstall
c:\program files\Common Files\Uninstall\PersonalAV\Uninstall.lnk
c:\program files\iCheck
c:\program files\iCheck\Uninstall.exe
c:\program files\IEToolbar
c:\program files\IEToolbar\ECO Bar\basis.xml
c:\program files\IEToolbar\ECO Bar\ecobar.dll
c:\program files\IEToolbar\ECO Bar\icons.bmp
c:\program files\IEToolbar\ECO Bar\info.txt
c:\program files\IEToolbar\ECO Bar\uninstall.exe
c:\program files\IEToolbar\ECO Bar\version.txt
c:\program files\IEToolbar\ECO Bar\your_logo.png
c:\program files\p2pmax
c:\program files\p2pmax\p2pmaxu.exe
c:\program files\runit
c:\program files\runit\config.txt
c:\program files\runit\runitu_32.exe
c:\program files\VnrBlock
c:\program files\VnrBlock\xtarga.gz
c:\program files\VnrPack
c:\program files\VnrPack\trgts.gz
c:\program files\VnrPack\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\PersonalAV
c:\programdata\Microsoft\Windows\Start Menu\PersonalAV\Uninstall.lnk
c:\windows\system32\ernel32.dll

.
(((((((((((((((((((((((((   Files Created from 2010-06-28 to 2010-07-29  )))))))))))))))))))))))))))))))
.

2010-07-29 06:07 . 2010-07-29 06:08   --------   d-----w-   c:\users\scaturchio\AppData\Local\temp
2010-07-29 06:07 . 2010-07-29 06:07   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-07-29 06:07 . 2010-07-29 06:07   --------   d-----w-   c:\users\michael\AppData\Local\temp
2010-07-26 00:06 . 2010-07-26 00:06   --------   d-----w-   c:\users\scaturchio\AppData\Local\Apps
2010-07-13 14:45 . 2010-07-13 14:45   --------   d-----w-   c:\users\scaturchio\AppData\Local\emwcfptyx
2010-07-13 14:12 . 2010-07-13 14:12   215040   ----a-w-   c:\windows\Cfikib.exe
2010-07-13 14:09 . 2010-07-13 14:09   215040   ----a-w-   c:\windows\Cfikia.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 02:01 . 2008-04-19 03:49   12   ----a-w-   c:\windows\bthservsdp.dat
2010-07-29 02:00 . 2008-04-19 06:35   45056   ----a-w-   c:\windows\system32\acovcnt.exe
2010-07-29 01:32 . 2008-07-27 02:03   28314   ----a-w-   c:\users\scaturchio\AppData\Roaming\nvModes.dat
2010-07-12 01:54 . 2009-09-29 12:10   --------   d-----w-   c:\programdata\performance
2010-07-12 01:48 . 2009-12-15 14:52   --------   d-----w-   c:\program files\eSignal
2010-07-10 12:32 . 2009-10-26 07:49   --------   d-----w-   c:\users\scaturchio\AppData\Roaming\Skype
2010-07-10 06:04 . 2009-10-26 07:52   --------   d-----w-   c:\users\scaturchio\AppData\Roaming\skypePM
2010-06-16 17:10 . 2008-04-19 03:59   --------   d-----w-   c:\programdata\Microsoft Help
2010-06-08 10:56 . 2009-04-24 23:53   --------   d-----w-   c:\users\scaturchio\AppData\Roaming\DNA
2010-06-08 10:47 . 2009-04-24 23:53   --------   d-----w-   c:\program files\DNA
2010-05-21 04:14 . 2009-10-04 02:15   221568   ----a-w-   c:\windows\system32\MpSigStub.exe
2009-03-04 15:19 . 2009-03-26 10:34   623616   ----a-w-   c:\program files\mozilla firefox\components\9b21fc47-3d6f-5167-2aa3-b63963bd2216.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 07:24   325000   ----a-w-   c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 02:01   1230080   ----a-w-   c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bc4be15d-6a34-4356-9e97-79e43da32b1d}"= "c:\program files\P2P_Torrent\tbP2P_.dll" [2008-07-10 1600024]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-20 1526296]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BC4BE15D-6A34-4356-9E97-79E43DA32B1D}"= "c:\program files\P2P_Torrent\tbP2P_.dll" [2008-07-10 1600024]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-20 1526296]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-19 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Mikogo"="c:\users\scaturchio\AppData\Roaming\Mikogo\Mikogo-Host.exe" [2009-12-10 2748416]
"ijgmeuex"="c:\users\scaturchio\AppData\Local\emwcfptyx\gexhjqrtssd.exe" [2010-07-13 289024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-04-19 1006264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-04-19 33136]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-04-19 37232]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-15 2046816]
"MaxMenuMgr"="c:\users\scaturchio\Documents\General homework\FreeAgent Status\StxMenuMgr.exe" [2009-03-27 181544]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-07-03 2328576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-11-07 03:16   111936   ----a-w-   c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2007-10-18 02:04   7737344   ----a-w-   c:\program files\ATKOSD2\ATKOSD2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-12-15 14:23   323392   ----a-w-   c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2005-05-19 13:47   57344   ----a-w-   c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10   409600   ----a-w-   c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 00:44   31072   ----a-w-   c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFXSPMGT]
2007-02-26 03:29   677408   ----a-w-   c:\windows\System32\IFXSPMGT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 02:06   290088   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 19:49   451872   ----a-w-   c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 05:18   413696   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-08-28 03:48   655360   ----a-w-   c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 11:27   144784   ----a-w-   c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-04 17:20   171448   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-06 10:12   1029416   ----a-w-   c:\program files\Synaptics\SynTP\SynTPEnh.exe

R3 B-Service;B-Service;c:\users\scaturchio\Downloads\B-Service.exe [2009-10-26 185640]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-12-09 717296]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2007-09-26 15416]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-19 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-03 108552]
S1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 23232]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-01-23 39080]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-12-15 20360]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-19 297752]
S2 FreeAgentGoNext Service;Seagate Service;c:\users\scaturchio\Documents\General homework\Sync\FreeAgentService.exe [2009-03-27 165160]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-07-03 9216]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2007-10-31 46592]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
Cognizance   REG_MULTI_SZ      ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{382e4c40-6978-11df-a602-8ea863392e96}]
\shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{705a717b-e8cc-11de-ab04-bbe119049866}]
\shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80fbb08f-79ba-11de-9c7f-001fc675c2ed}]
\shell\AutoRun\command - WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{880c97ff-df06-11de-a4d3-001fc675c2ed}]
\shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{880c980c-df06-11de-a4d3-001fc675c2ed}]
\shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cff9a9f6-aed6-11de-85ba-001fc675c2ed}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4a28d43-b8b1-11de-b86b-001fc675c2ed}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6d87531-1e6e-11df-9fff-001e101fbb72}]
\shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 19:47   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-29 c:\windows\Tasks\c40cf2c9.job
- c:\users\scaturchio\AppData\Roaming\c40cf2c9.exe [2004-09-12 00:00]

2008-08-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]

2010-07-28 c:\windows\Tasks\User_Feed_Synchronization-{623A13E4-4A5F-4371-ADF4-34696DB6B6E8}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.asus.com
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: iress.com.au\xplan
TCP: {12A36A9A-0723-4665-8697-3C05952587BF} = 93.188.162.61,93.188.161.201
TCP: {20FBAD19-A6A8-4E04-953F-CD81FE0C6D1D} = 93.188.162.61,93.188.161.201
TCP: {9C126305-D754-4CD9-91B6-6084DB2B4D45} = 93.188.162.61,93.188.161.201
FF - ProfilePath - c:\users\scaturchio\AppData\Roaming\Mozilla\Firefox\Profiles\h90jr4dm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au
FF - prefs.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\components\9b21fc47-3d6f-5167-2aa3-b63963bd2216.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\scaturchio\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
 
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*{bc4be15d-6a34-4356-9e97-79e43da32b1d} - (no file)
URLSearchHooks-*{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
HKCU-Run-JDK5SWFMZY - c:\users\SCATUR~1\AppData\Local\Temp\Clh.exe
MSConfigStartUp-Jnskdfmf9eldfd - c:\users\SCATUR~1\AppData\Local\Temp\csrssc.exe
MSConfigStartUp-MSServer - c:\windows\system32\yaywtUmM.dll
MSConfigStartUp-xsjfn83jkemfofght - c:\users\scaturchio\AppData\Local\Temp\winlogin.exe
AddRemove-VnrPack - c:\program files\VnrPack\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-29 16:08
Windows 6.0.6000  NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


c:\users\SCATUR~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x866F2EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x880dcd1f
\Driver\ACPI -> acpi.sys @ 0x804699d6
\Driver\atapi -> ataport.SYS @ 0x806be9c6
\Driver\iaStor -> iaStor.sys @ 0x8071b002
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1072)
c:\windows\system32\APSHook.dll

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
.
Completion time: 2010-07-29  16:13:42
ComboFix-quarantined-files.txt  2010-07-29 06:13

Pre-Run: 33,967,706,112 bytes free
Post-Run: 41,712,795,648 bytes free

- - End Of File - - 9854FB7B8A990B5F9CC080A26162DAD6

[Arza89]

Hey you *censored*, don't hijack my thread!

[Salmon Trout]

Hey you b******, don't hijack my thread!

Please do not use such language, unless you wish to be banned.

[Sneakyone]

Hi.

Please download

TDSSKiller from here and save it to your Desktop.

• Doubleclick TDSSKiller.exe to run the tool
  
• Click the Start Scan button
  
• After the scan has finished, click the Close button
  
• Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

===========

Re-running ComboFix to remove infections:

[list=1]

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  Killall::
  
  File::
  c:\windows\Cfikib.exe
  c:\windows\Cfikia.exe
  c:\windows\system32\acovcnt.exe
  c:\windows\Tasks\c40cf2c9.job
  c:\users\scaturchio\AppData\Roaming\c40cf2c9.exe
  c:\users\scaturchio\AppData\Roaming\Mozilla\Firefox\Profiles\h90jr4dm.default\user.js
  
  Folder::
  c:\users\scaturchio\AppData\Local\emwcfptyx
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "ijgmeuex"=-
  
  DDS::
  uInternet Settings,ProxyServer = http=127.0.0.1:5643
  uInternet Settings,ProxyOverride = <local>
  Trusted Zone: iress.com.au\xplan
  
  Firefox::
  FF - ProfilePath - c:\users\scaturchio\AppData\Roaming\Mozilla\Firefox\Profiles\h90jr4dm.default\
  FF - prefs.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
  FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
  FF - prefs.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
  
  MBR::
  
  Reboot::
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

[carltonsos]

Hi,

This is the report, also note that a virses was found and the TDSSKILLER  said it cured that virues after a reboot. this was complete. I hope this is ok??

I then ran another tdsskiller again and it said no infections found.....so should i assume that is a good result...are we close here?

2010/07/30 14:07:31.0959   TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/07/30 14:07:31.0959   ================================================================================
2010/07/30 14:07:31.0959   SystemInfo:
2010/07/30 14:07:31.0959   
2010/07/30 14:07:31.0959   OS Version: 6.0.6000 ServicePack: 0.0
2010/07/30 14:07:31.0959   Product type: Workstation
2010/07/30 14:07:31.0959   ComputerName: SCATURCHIO-PC
2010/07/30 14:07:31.0959   UserName: scaturchio
2010/07/30 14:07:31.0959   Windows directory: C:\Windows
2010/07/30 14:07:31.0959   System windows directory: C:\Windows
2010/07/30 14:07:31.0959   Processor architecture: Intel x86
2010/07/30 14:07:31.0960   Number of processors: 2
2010/07/30 14:07:31.0960   Page size: 0x1000
2010/07/30 14:07:31.0960   Boot type: Normal boot
2010/07/30 14:07:31.0960   ================================================================================
2010/07/30 14:07:32.0678   Initialize success
2010/07/30 14:07:42.0552   ================================================================================
2010/07/30 14:07:42.0553   Scan started
2010/07/30 14:07:42.0553   Mode: Manual;
2010/07/30 14:07:42.0553   ================================================================================
2010/07/30 14:07:43.0049   ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2010/07/30 14:07:43.0112   adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/07/30 14:07:43.0157   adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/07/30 14:07:43.0188   adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/07/30 14:07:43.0222   adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/07/30 14:07:43.0276   AFD             (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2010/07/30 14:07:43.0357   agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/07/30 14:07:43.0396   aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/07/30 14:07:43.0424   aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/07/30 14:07:43.0477   amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/07/30 14:07:43.0507   amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/07/30 14:07:43.0539   AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/07/30 14:07:43.0569   AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/07/30 14:07:43.0683   arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/07/30 14:07:43.0710   arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/07/30 14:07:44.0060   ASMMAP          (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
2010/07/30 14:07:44.0175   AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/07/30 14:07:44.0217   atapi           (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2010/07/30 14:07:44.0266   AtcL001         (b536be46c769c97ccb736ed8fdd4393c) C:\Windows\system32\DRIVERS\l160x86.sys
2010/07/30 14:07:44.0328   ATSWPDRV        (f70d2392158cb68e775f8c4cd3d12fbb) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
2010/07/30 14:07:44.0488   AvgLdx86        (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\Windows\System32\Drivers\avgldx86.sys
2010/07/30 14:07:44.0520   AvgMfx86        (5903d729d4f0c5bca74123c96a1b29e0) C:\Windows\System32\Drivers\avgmfx86.sys
2010/07/30 14:07:44.0598   AvgTdiX         (92d8e1e8502e649b60e70074eb29c380) C:\Windows\System32\Drivers\avgtdix.sys
2010/07/30 14:07:44.0658   Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2010/07/30 14:07:44.0746   bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2010/07/30 14:07:44.0786   BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/07/30 14:07:44.0813   BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/07/30 14:07:44.0887   Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/07/30 14:07:44.0907   BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/07/30 14:07:44.0930   BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/07/30 14:07:44.0953   BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/07/30 14:07:45.0036   BthEnum         (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/07/30 14:07:45.0074   BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/07/30 14:07:45.0104   BthPan          (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2010/07/30 14:07:45.0163   BTHPORT         (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
2010/07/30 14:07:45.0186   BTHUSB          (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
2010/07/30 14:07:45.0381   cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2010/07/30 14:07:45.0414   cdrom           (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2010/07/30 14:07:45.0444   circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/07/30 14:07:45.0491   CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2010/07/30 14:07:45.0526   CmBatt          (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/07/30 14:07:45.0550   cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/07/30 14:07:45.0577   Compbatt        (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/07/30 14:07:45.0596   crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/07/30 14:07:45.0618   Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/07/30 14:07:45.0650   DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2010/07/30 14:07:45.0761   disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2010/07/30 14:07:45.0806   drmkaud         (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2010/07/30 14:07:45.0838   DXGKrnl         (b95202efd0464d226e7542c1e319c028) C:\Windows\System32\drivers\dxgkrnl.sys
2010/07/30 14:07:45.0924   E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/07/30 14:07:45.0979   Ecache          (38573398f734b71b06cd2411494f234a) C:\Windows\system32\drivers\ecache.sys
2010/07/30 14:07:46.0086   ElbyCDFL        (c61c83501268b0110b5c5db7e63dee0c) C:\Windows\system32\Drivers\ElbyCDFL.sys
2010/07/30 14:07:46.0133   ElbyCDIO        (084a13f18856d610d44d3109a9d2acde) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/07/30 14:07:46.0195   elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/07/30 14:07:46.0252   ewusbnet        (0f40e249e4dd0ce47c7ca19c5c8fb48a) C:\Windows\system32\DRIVERS\ewusbnet.sys
2010/07/30 14:07:46.0291   fastfat         (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2010/07/30 14:07:46.0319   fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/07/30 14:07:46.0367   FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2010/07/30 14:07:46.0394   Filetrace       (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2010/07/30 14:07:46.0440   flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/07/30 14:07:46.0484   FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2010/07/30 14:07:46.0549   Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2010/07/30 14:07:46.0568   gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/07/30 14:07:46.0622   GEARAspiWDM     (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/07/30 14:07:46.0728   ghaio           (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
2010/07/30 14:07:46.0826   HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/07/30 14:07:46.0859   HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/07/30 14:07:46.0908   HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/07/30 14:07:46.0943   HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/07/30 14:07:46.0991   HidUsb          (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
2010/07/30 14:07:47.0140   HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/07/30 14:07:47.0197   HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2010/07/30 14:07:47.0280   hwdatacard      (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2010/07/30 14:07:47.0342   hwusbfake       (089085538885367e281686762a973eb5) C:\Windows\system32\DRIVERS\ewusbfake.sys
2010/07/30 14:07:47.0374   i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/07/30 14:07:47.0444   i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/07/30 14:07:47.0517   ialm            (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/07/30 14:07:47.0643   iaStor          (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
2010/07/30 14:07:47.0692   iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/07/30 14:07:47.0738   iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/07/30 14:07:47.0877   IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys
2010/07/30 14:07:47.0988   intelide        (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys
2010/07/30 14:07:48.0022   intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/07/30 14:07:48.0064   IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/07/30 14:07:48.0118   IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/07/30 14:07:48.0141   IPNAT           (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2010/07/30 14:07:48.0194   IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2010/07/30 14:07:48.0480   isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/07/30 14:07:48.0518   iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/07/30 14:07:48.0541   iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/07/30 14:07:48.0575   iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/07/30 14:07:48.0611   ItSDisk         (688ed8395afe5ed7bb881a6134609dd9) C:\Windows\system32\Drivers\ItSDisk.sys
2010/07/30 14:07:48.0659   kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/07/30 14:07:48.0719   kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2010/07/30 14:07:48.0766   kbfiltr         (cc2a86d7bbf14977340dca61bbcba771) C:\Windows\system32\DRIVERS\kbfiltr.sys
2010/07/30 14:07:48.0831   klmd24          (6485ad0a17a0d6286b4d44c652adabb2) C:\Windows\system32\drivers\klmd.sys
2010/07/30 14:07:48.0879   KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2010/07/30 14:07:48.0953   lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2010/07/30 14:07:48.0988   LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/07/30 14:07:49.0014   LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/07/30 14:07:49.0048   LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/07/30 14:07:49.0076   luafv           (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2010/07/30 14:07:49.0100   lullaby         (0a8baf658dc7d4399971e995f3ca500c) C:\Windows\system32\DRIVERS\lullaby.sys
2010/07/30 14:07:49.0139   megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/07/30 14:07:49.0167   Modem           (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2010/07/30 14:07:49.0202   MODEMCSA        (7e222a1baaa42c8559db2ce8a12ad828) C:\Windows\system32\drivers\MODEMCSA.sys
2010/07/30 14:07:49.0253   monitor         (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2010/07/30 14:07:49.0282   mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2010/07/30 14:07:49.0307   mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2010/07/30 14:07:49.0364   MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2010/07/30 14:07:49.0419   mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/07/30 14:07:49.0453   mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2010/07/30 14:07:49.0528   Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/07/30 14:07:49.0600   MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2010/07/30 14:07:49.0646   mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/07/30 14:07:49.0681   mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/07/30 14:07:49.0717   mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/07/30 14:07:49.0760   msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2010/07/30 14:07:49.0792   msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/07/30 14:07:49.0826   Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2010/07/30 14:07:49.0871   msisadrv        (0a64168b63535520adfd6b959695404a) C:\Windows\system32\drivers\msisadrv.sys
2010/07/30 14:07:49.0918   MSKSSRV         (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2010/07/30 14:07:49.0943   MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/07/30 14:07:49.0969   MSPQM           (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2010/07/30 14:07:49.0992   MsRPC           (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2010/07/30 14:07:50.0019   mssmbios        (e09cedb1bca303b7f6ae22f512e56969) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/07/30 14:07:50.0045   MSTEE           (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2010/07/30 14:07:50.0076   MTsensor        (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
2010/07/30 14:07:50.0096   Mup             (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2010/07/30 14:07:50.0163   NativeWifiP     (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2010/07/30 14:07:50.0301   NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2010/07/30 14:07:50.0366   NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/07/30 14:07:50.0390   Ndisuio         (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/07/30 14:07:50.0410   NdisWan         (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/07/30 14:07:50.0435   NDProxy         (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2010/07/30 14:07:50.0505   NetBIOS         (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2010/07/30 14:07:50.0532   netbt           (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2010/07/30 14:07:50.0615   NETw3v32        (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2010/07/30 14:07:50.0814   NETw4v32        (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
2010/07/30 14:07:50.0920   nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/07/30 14:07:51.0001   Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2010/07/30 14:07:51.0137   nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2010/07/30 14:07:51.0215   Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2010/07/30 14:07:51.0329   ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/07/30 14:07:51.0343   Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2010/07/30 14:07:51.0674   nvlddmkm        (02a96700623af401a4f6632af04c0464) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/07/30 14:07:51.0949   nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/07/30 14:07:51.0985   nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/07/30 14:07:52.0015   nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/07/30 14:07:52.0105   ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/07/30 14:07:52.0162   Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/07/30 14:07:52.0179   partmgr         (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2010/07/30 14:07:52.0214   Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/07/30 14:07:52.0243   pci             (a48c4d0acc933f7a37e52ab0761811ad) C:\Windows\system32\drivers\pci.sys
2010/07/30 14:07:52.0268   pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2010/07/30 14:07:52.0306   pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/07/30 14:07:52.0366   PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/07/30 14:07:52.0472   PersonalSecureDrive (0d8848fbe1765a3e27b69b5bef6d429f) C:\Windows\System32\drivers\psd.sys
2010/07/30 14:07:52.0516   PptpMiniport    (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2010/07/30 14:07:52.0587   Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/07/30 14:07:52.0649   PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2010/07/30 14:07:52.0730   ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/07/30 14:07:52.0804   ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/07/30 14:07:52.0836   QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2010/07/30 14:07:52.0863   RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2010/07/30 14:07:52.0914   Rasl2tp         (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/07/30 14:07:52.0968   RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/07/30 14:07:52.0996   rdbss           (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2010/07/30 14:07:53.0025   RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/07/30 14:07:53.0072   rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/07/30 14:07:53.0091   RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2010/07/30 14:07:53.0125   RDPWD           (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2010/07/30 14:07:53.0154   RFCOMM          (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/07/30 14:07:53.0201   rimmptsk        (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/07/30 14:07:53.0249   rimsptsk        (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/07/30 14:07:53.0278   rismxdp         (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/07/30 14:07:53.0328   rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2010/07/30 14:07:53.0361   RTL8169         (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/07/30 14:07:53.0420   sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/07/30 14:07:53.0460   sdbus           (0a27b0d6a3d6242c9490c91c5bf9081d) C:\Windows\system32\DRIVERS\sdbus.sys
2010/07/30 14:07:53.0510   secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/07/30 14:07:53.0534   Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/07/30 14:07:53.0570   Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/07/30 14:07:53.0618   sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2010/07/30 14:07:53.0671   sffdisk         (55b145d4248012d306da8e92fa9fdc20) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/07/30 14:07:53.0717   sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/07/30 14:07:53.0784   sffp_sd         (5b327b59fae2b01c34690d91ed03786e) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/07/30 14:07:53.0818   sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/07/30 14:07:53.0856   sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/07/30 14:07:53.0876   SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/07/30 14:07:53.0908   SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/07/30 14:07:53.0944   Smb             (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2010/07/30 14:07:54.0037   smserial        (84c9ba8ebb11e5c09916be791079409c) C:\Windows\system32\DRIVERS\smserial.sys
2010/07/30 14:07:54.0170   SNP2UVC         (0302bc619d4a723317e7f8eb0c362bd3) C:\Windows\system32\DRIVERS\snp2uvc.sys
2010/07/30 14:07:54.0273   spldr           (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2010/07/30 14:07:54.0368   sptd            (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2010/07/30 14:07:54.0368   Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/07/30 14:07:54.0370   sptd - detected Locked file (1)
2010/07/30 14:07:54.0431   srv             (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2010/07/30 14:07:54.0470   srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2010/07/30 14:07:54.0497   srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/07/30 14:07:54.0540   swenum          (9c539aaffb0b6d7bce984c74317ff29f) C:\Windows\system32\DRIVERS\swenum.sys
2010/07/30 14:07:54.0570   Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/07/30 14:07:54.0620   Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/07/30 14:07:54.0647   Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/07/30 14:07:54.0703   SynTP           (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
2010/07/30 14:07:54.0782   Tcpip           (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2010/07/30 14:07:54.0859   Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2010/07/30 14:07:54.0902   tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2010/07/30 14:07:54.0953   TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2010/07/30 14:07:54.0976   TDTCP           (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2010/07/30 14:07:55.0008   tdx             (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2010/07/30 14:07:55.0060   TermDD          (5c202aec292dd808a24c6ce271198b41) C:\Windows\system32\DRIVERS\termdd.sys
2010/07/30 14:07:55.0060   Suspicious file (Forged): C:\Windows\system32\DRIVERS\termdd.sys. Real md5: 5c202aec292dd808a24c6ce271198b41, Fake md5: cfe870506361bac80a549749116ad870
2010/07/30 14:07:55.0061   TermDD - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/07/30 14:07:55.0117   TPM             (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys
2010/07/30 14:07:55.0154   tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/07/30 14:07:55.0233   tunmp           (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2010/07/30 14:07:55.0285   tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2010/07/30 14:07:55.0317   uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/07/30 14:07:55.0349   udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2010/07/30 14:07:55.0386   uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/07/30 14:07:55.0415   uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/07/30 14:07:55.0455   UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/07/30 14:07:55.0483   ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/07/30 14:07:55.0506   umbus           (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2010/07/30 14:07:55.0562   USBAAPL         (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\Windows\system32\Drivers\usbaapl.sys
2010/07/30 14:07:55.0589   usbccgp         (293f069af0248db1ba1ab625861c3ba2) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/07/30 14:07:55.0622   usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/07/30 14:07:55.0664   usbehci         (dae3dabfe92077890703e9acbf60d927) C:\Windows\system32\DRIVERS\usbehci.sys
2010/07/30 14:07:55.0702   usbhub          (8c3ba0fb6c9d284ae677a31cace1e8be) C:\Windows\system32\DRIVERS\usbhub.sys
2010/07/30 14:07:55.0742   usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/07/30 14:07:55.0759   usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2010/07/30 14:07:55.0801   USBSTOR         (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/07/30 14:07:55.0829   usbuhci         (052e4c5e92dfab55e231e01766b003ad) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/07/30 14:07:55.0880   usbvideo        (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
2010/07/30 14:07:55.0918   vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/07/30 14:07:55.0954   VgaSave         (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2010/07/30 14:07:55.0985   viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/07/30 14:07:56.0022   ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/07/30 14:07:56.0050   viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/07/30 14:07:56.0152   vncmirror       (3b8f222b23917c041e4da29ccc57e7d0) C:\Windows\system32\DRIVERS\vncmirror.sys
2010/07/30 14:07:56.0187   volmgr          (cc8a64a532fd2844ee68f4061ed8a7fd) C:\Windows\system32\drivers\volmgr.sys
2010/07/30 14:07:56.0227   volmgrx         (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2010/07/30 14:07:56.0293   volsnap         (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2010/07/30 14:07:56.0351   vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/07/30 14:07:56.0392   WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/07/30 14:07:56.0448   Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/07/30 14:07:56.0470   Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/07/30 14:07:56.0497   Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/07/30 14:07:56.0561   Wdf01000        (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2010/07/30 14:07:56.0735   WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/07/30 14:07:56.0816   WpdUsb          (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/07/30 14:07:56.0863   ws2ifsl         (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2010/07/30 14:07:56.0914   WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/07/30 14:07:56.0971   ================================================================================
2010/07/30 14:07:56.0971   Scan finished
2010/07/30 14:07:56.0971   ================================================================================
2010/07/30 14:07:56.0994   Detected object count: 2
2010/07/30 14:08:28.0793   Locked file(sptd) - User select action: Skip
2010/07/30 14:08:28.0927   TermDD          (5c202aec292dd808a24c6ce271198b41) C:\Windows\system32\DRIVERS\termdd.sys
2010/07/30 14:08:28.0928   Suspicious file (Forged): C:\Windows\system32\DRIVERS\termdd.sys. Real md5: 5c202aec292dd808a24c6ce271198b41, Fake md5: cfe870506361bac80a549749116ad870
2010/07/30 14:08:29.0111   Backup copy found, using it..
2010/07/30 14:08:29.0337   C:\Windows\system32\DRIVERS\termdd.sys - will be cured after reboot
2010/07/30 14:08:29.0337   Rootkit.Win32.TDSS.tdl3(TermDD) - User select action: Cure






Also the notes on the commbo fix you gave, i assume are not required given my last reply



ComboFix 10-07-21.01 - scaturchio 29/07/2010  16:01:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.61.1033.18.2047.1170 [GMT 10:00]
Running from: c:\users\scaturchio\Desktop\commy.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
The following files were disabled during the run:
c:\windows\system32\APSHook.dll


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Uninstall
c:\program files\Common Files\Uninstall\PersonalAV\Uninstall.lnk
c:\program files\iCheck
c:\program files\iCheck\Uninstall.exe
c:\program files\IEToolbar
c:\program files\IEToolbar\ECO Bar\basis.xml
c:\program files\IEToolbar\ECO Bar\ecobar.dll
c:\program files\IEToolbar\ECO Bar\icons.bmp
c:\program files\IEToolbar\ECO Bar\info.txt
c:\program files\IEToolbar\ECO Bar\uninstall.exe
c:\program files\IEToolbar\ECO Bar\version.txt
c:\program files\IEToolbar\ECO Bar\your_logo.png
c:\program files\p2pmax
c:\program files\p2pmax\p2pmaxu.exe
c:\program files\runit
c:\program files\runit\config.txt
c:\program files\runit\runitu_32.exe
c:\program files\VnrBlock
c:\program files\VnrBlock\xtarga.gz
c:\program files\VnrPack
c:\program files\VnrPack\trgts.gz
c:\program files\VnrPack\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\PersonalAV
c:\programdata\Microsoft\Windows\Start Menu\PersonalAV\Uninstall.lnk
c:\windows\system32\ernel32.dll

.
(((((((((((((((((((((((((   Files Created from 2010-06-28 to 2010-07-29  )))))))))))))))))))))))))))))))
.

2010-07-29 06:07 . 2010-07-29 06:08   --------   d-----w-   c:\users\scaturchio\AppData\Local\temp
2010-07-29 06:07 . 2010-07-29 06:07   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-07-29 06:07 . 2010-07-29 06:07   --------   d-----w-   c:\users\michael\AppData\Local\temp
2010-07-26 00:06 . 2010-07-26 00:06   --------   d-----w-   c:\users\scaturchio\AppData\Local\Apps
2010-07-13 14:45 . 2010-07-13 14:45   --------   d-----w-   c:\users\scaturchio\AppData\Local\emwcfptyx
2010-07-13 14:12 . 2010-07-13 14:12   215040   ----a-w-   c:\windows\Cfikib.exe
2010-07-13 14:09 . 2010-07-13 14:09   215040   ----a-w-   c:\windows\Cfikia.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 02:01 . 2008-04-19 03:49   12   ----a-w-   c:\windows\bthservsdp.dat
2010-07-29 02:00 . 2008-04-19 06:35   45056   ----a-w-   c:\windows\system32\acovcnt.exe
2010-07-29 01:32 . 2008-07-27 02:03   28314   ----a-w-   c:\users\scaturchio\AppData\Roaming\nvModes.dat
2010-07-12 01:54 . 2009-09-29 12:10   --------   d-----w-   c:\programdata\performance
2010-07-12 01:48 . 2009-12-15 14:52   --------   d-----w-   c:\program files\eSignal
2010-07-10 12:32 . 2009-10-26 07:49   --------   d-----w-   c:\users\scaturchio\AppData\Roaming\Skype
2010-07-10 06:04 . 2009-10-26 07:52   --------   d-----w-   c:\users\scaturchio\AppData\Roaming\skypePM
2010-06-16 17:10 . 2008-04-19 03:59   --------   d-----w-   c:\programdata\Microsoft Help
2010-06-08 10:56 . 2009-04-24 23:53   --------   d-----w-   c:\users\scaturchio\AppData\Roaming\DNA
2010-06-08 10:47 . 2009-04-24 23:53   --------   d-----w-   c:\program files\DNA
2010-05-21 04:14 . 2009-10-04 02:15   221568   ----a-w-   c:\windows\system32\MpSigStub.exe
2009-03-04 15:19 . 2009-03-26 10:34   623616   ----a-w-   c:\program files\mozilla firefox\components\9b21fc47-3d6f-5167-2aa3-b63963bd2216.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 07:24   325000   ----a-w-   c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 02:01   1230080   ----a-w-   c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bc4be15d-6a34-4356-9e97-79e43da32b1d}"= "c:\program files\P2P_Torrent\tbP2P_.dll" [2008-07-10 1600024]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-20 1526296]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BC4BE15D-6A34-4356-9E97-79E43DA32B1D}"= "c:\program files\P2P_Torrent\tbP2P_.dll" [2008-07-10 1600024]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-20 1526296]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-19 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Mikogo"="c:\users\scaturchio\AppData\Roaming\Mikogo\Mikogo-Host.exe" [2009-12-10 2748416]
"ijgmeuex"="c:\users\scaturchio\AppData\Local\emwcfptyx\gexhjqrtssd.exe" [2010-07-13 289024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-04-19 1006264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-04-19 33136]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-04-19 37232]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-15 2046816]
"MaxMenuMgr"="c:\users\scaturchio\Documents\General homework\FreeAgent Status\StxMenuMgr.exe" [2009-03-27 181544]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-07-03 2328576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-11-07 03:16   111936   ----a-w-   c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2007-10-18 02:04   7737344   ----a-w-   c:\program files\ATKOSD2\ATKOSD2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-12-15 14:23   323392   ----a-w-   c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2005-05-19 13:47   57344   ----a-w-   c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10   409600   ----a-w-   c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 00:44   31072   ----a-w-   c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFXSPMGT]
2007-02-26 03:29   677408   ----a-w-   c:\windows\System32\IFXSPMGT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 02:06   290088   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 19:49   451872   ----a-w-   c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 05:18   413696   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-08-28 03:48   655360   ----a-w-   c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 11:27   144784   ----a-w-   c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-04 17:20   171448   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-06 10:12   1029416   ----a-w-   c:\program files\Synaptics\SynTP\SynTPEnh.exe

R3 B-Service;B-Service;c:\users\scaturchio\Downloads\B-Service.exe [2009-10-26 185640]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-12-09 717296]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2007-09-26 15416]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-19 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-03 108552]
S1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 23232]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-01-23 39080]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-12-15 20360]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-19 297752]
S2 FreeAgentGoNext Service;Seagate Service;c:\users\scaturchio\Documents\General homework\Sync\FreeAgentService.exe [2009-03-27 165160]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-07-03 9216]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2007-10-31 46592]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
Cognizance   REG_MULTI_SZ      ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{382e4c40-6978-11df-a602-8ea863392e96}]
\shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{705a717b-e8cc-11de-ab04-bbe119049866}]
\shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80fbb08f-79ba-11de-9c7f-001fc675c2ed}]
\shell\AutoRun\command - WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{880c97ff-df06-11de-a4d3-001fc675c2ed}]
\shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{880c980c-df06-11de-a4d3-001fc675c2ed}]
\shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cff9a9f6-aed6-11de-85ba-001fc675c2ed}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4a28d43-b8b1-11de-b86b-001fc675c2ed}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6d87531-1e6e-11df-9fff-001e101fbb72}]
\shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 19:47   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-29 c:\windows\Tasks\c40cf2c9.job
- c:\users\scaturchio\AppData\Roaming\c40cf2c9.exe [2004-09-12 00:00]

2008-08-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]

2010-07-28 c:\windows\Tasks\User_Feed_Synchronization-{623A13E4-4A5F-4371-ADF4-34696DB6B6E8}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.asus.com
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: iress.com.au\xplan
TCP: {12A36A9A-0723-4665-8697-3C05952587BF} = 93.188.162.61,93.188.161.201
TCP: {20FBAD19-A6A8-4E04-953F-CD81FE0C6D1D} = 93.188.162.61,93.188.161.201
TCP: {9C126305-D754-4CD9-91B6-6084DB2B4D45} = 93.188.162.61,93.188.161.201
FF - ProfilePath - c:\users\scaturchio\AppData\Roaming\Mozilla\Firefox\Profiles\h90jr4dm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au
FF - prefs.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\components\9b21fc47-3d6f-5167-2aa3-b63963bd2216.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\scaturchio\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
 
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*{bc4be15d-6a34-4356-9e97-79e43da32b1d} - (no file)
URLSearchHooks-*{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
HKCU-Run-JDK5SWFMZY - c:\users\SCATUR~1\AppData\Local\Temp\Clh.exe
MSConfigStartUp-Jnskdfmf9eldfd - c:\users\SCATUR~1\AppData\Local\Temp\csrssc.exe
MSConfigStartUp-MSServer - c:\windows\system32\yaywtUmM.dll
MSConfigStartUp-xsjfn83jkemfofght - c:\users\scaturchio\AppData\Local\Temp\winlogin.exe
AddRemove-VnrPack - c:\program files\VnrPack\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-29 16:08
Windows 6.0.6000  NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


c:\users\SCATUR~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x866F2EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x880dcd1f
\Driver\ACPI -> acpi.sys @ 0x804699d6
\Driver\atapi -> ataport.SYS @ 0x806be9c6
\Driver\iaStor -> iaStor.sys @ 0x8071b002
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1072)
c:\windows\system32\APSHook.dll

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
.
Completion time: 2010-07-29  16:13:42
ComboFix-quarantined-files.txt  2010-07-29 06:13

Pre-Run: 33,967,706,112 bytes free
Post-Run: 41,712,795,648 bytes free

- - End Of File - - 9854FB7B8A990B5F9CC080A26162DAD6

[carltonsos]

Hi

Also this is the SECOND REPORT post curing of infection....

2010/07/30 14:12:21.0508   TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/07/30 14:12:21.0508   ================================================================================
2010/07/30 14:12:21.0508   SystemInfo:
2010/07/30 14:12:21.0508   
2010/07/30 14:12:21.0508   OS Version: 6.0.6000 ServicePack: 0.0
2010/07/30 14:12:21.0508   Product type: Workstation
2010/07/30 14:12:21.0508   ComputerName: SCATURCHIO-PC
2010/07/30 14:12:21.0508   UserName: scaturchio
2010/07/30 14:12:21.0508   Windows directory: C:\Windows
2010/07/30 14:12:21.0508   System windows directory: C:\Windows
2010/07/30 14:12:21.0523   Processor architecture: Intel x86
2010/07/30 14:12:21.0523   Number of processors: 2
2010/07/30 14:12:21.0523   Page size: 0x1000
2010/07/30 14:12:21.0523   Boot type: Normal boot
2010/07/30 14:12:21.0523   ================================================================================
2010/07/30 14:12:31.0613   Initialize success
2010/07/30 14:12:38.0632   ================================================================================
2010/07/30 14:12:38.0632   Scan started
2010/07/30 14:12:38.0632   Mode: Manual;
2010/07/30 14:12:38.0632   ================================================================================
2010/07/30 14:12:40.0189   ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2010/07/30 14:12:40.0252   adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/07/30 14:12:40.0318   adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/07/30 14:12:40.0360   adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/07/30 14:12:40.0416   adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/07/30 14:12:40.0470   AFD             (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2010/07/30 14:12:40.0629   agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/07/30 14:12:40.0679   aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/07/30 14:12:40.0718   aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/07/30 14:12:40.0760   amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/07/30 14:12:40.0790   amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/07/30 14:12:40.0922   AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/07/30 14:12:40.0996   AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/07/30 14:12:41.0132   arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/07/30 14:12:41.0170   arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/07/30 14:12:41.0299   ASMMAP          (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
2010/07/30 14:12:41.0413   AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/07/30 14:12:41.0566   atapi           (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2010/07/30 14:12:41.0693   AtcL001         (b536be46c769c97ccb736ed8fdd4393c) C:\Windows\system32\DRIVERS\l160x86.sys
2010/07/30 14:12:41.0766   ATSWPDRV        (f70d2392158cb68e775f8c4cd3d12fbb) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
2010/07/30 14:12:41.0916   AvgLdx86        (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\Windows\System32\Drivers\avgldx86.sys
2010/07/30 14:12:41.0958   AvgMfx86        (5903d729d4f0c5bca74123c96a1b29e0) C:\Windows\System32\Drivers\avgmfx86.sys
2010/07/30 14:12:42.0025   AvgTdiX         (92d8e1e8502e649b60e70074eb29c380) C:\Windows\System32\Drivers\avgtdix.sys
2010/07/30 14:12:42.0240   Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2010/07/30 14:12:42.0373   bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2010/07/30 14:12:42.0457   BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/07/30 14:12:42.0495   BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/07/30 14:12:42.0525   Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/07/30 14:12:42.0556   BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/07/30 14:12:42.0578   BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/07/30 14:12:42.0812   BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/07/30 14:12:42.0907   BthEnum         (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/07/30 14:12:43.0000   BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/07/30 14:12:43.0041   BthPan          (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2010/07/30 14:12:43.0112   BTHPORT         (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
2010/07/30 14:12:43.0145   BTHUSB          (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
2010/07/30 14:12:43.0374   cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2010/07/30 14:12:43.0417   cdrom           (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2010/07/30 14:12:43.0459   circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/07/30 14:12:43.0517   CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2010/07/30 14:12:43.0584   CmBatt          (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/07/30 14:12:43.0664   cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/07/30 14:12:43.0691   Compbatt        (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/07/30 14:12:43.0708   crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/07/30 14:12:43.0733   Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/07/30 14:12:43.0754   DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2010/07/30 14:12:43.0922   disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2010/07/30 14:12:44.0176   drmkaud         (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2010/07/30 14:12:44.0310   DXGKrnl         (b95202efd0464d226e7542c1e319c028) C:\Windows\System32\drivers\dxgkrnl.sys
2010/07/30 14:12:44.0404   E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/07/30 14:12:44.0471   Ecache          (38573398f734b71b06cd2411494f234a) C:\Windows\system32\drivers\ecache.sys
2010/07/30 14:12:44.0609   ElbyCDFL        (c61c83501268b0110b5c5db7e63dee0c) C:\Windows\system32\Drivers\ElbyCDFL.sys
2010/07/30 14:12:44.0665   ElbyCDIO        (084a13f18856d610d44d3109a9d2acde) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/07/30 14:12:44.0708   elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/07/30 14:12:44.0777   ewusbnet        (0f40e249e4dd0ce47c7ca19c5c8fb48a) C:\Windows\system32\DRIVERS\ewusbnet.sys
2010/07/30 14:12:44.0872   fastfat         (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2010/07/30 14:12:44.0932   fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/07/30 14:12:44.0982   FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2010/07/30 14:12:45.0018   Filetrace       (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2010/07/30 14:12:45.0054   flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/07/30 14:12:45.0131   FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2010/07/30 14:12:45.0350   Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2010/07/30 14:12:45.0448   gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/07/30 14:12:45.0524   GEARAspiWDM     (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/07/30 14:12:45.0640   ghaio           (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
2010/07/30 14:12:45.0817   HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/07/30 14:12:45.0860   HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/07/30 14:12:45.0888   HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/07/30 14:12:46.0155   HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/07/30 14:12:46.0292   HidUsb          (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
2010/07/30 14:12:46.0463   HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/07/30 14:12:46.0598   HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2010/07/30 14:12:46.0769   hwdatacard      (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2010/07/30 14:12:46.0920   hwusbfake       (089085538885367e281686762a973eb5) C:\Windows\system32\DRIVERS\ewusbfake.sys
2010/07/30 14:12:46.0963   i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/07/30 14:12:47.0022   i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/07/30 14:12:47.0489   ialm            (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/07/30 14:12:47.0776   iaStor          (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
2010/07/30 14:12:47.0936   iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/07/30 14:12:48.0114   iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/07/30 14:12:48.0398   IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys
2010/07/30 14:12:48.0552   intelide        (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys
2010/07/30 14:12:48.0609   intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/07/30 14:12:48.0639   IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/07/30 14:12:48.0705   IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/07/30 14:12:48.0738   IPNAT           (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2010/07/30 14:12:48.0770   IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2010/07/30 14:12:48.0801   isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/07/30 14:12:48.0873   iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/07/30 14:12:48.0917   iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/07/30 14:12:48.0962   iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/07/30 14:12:48.0998   ItSDisk         (688ed8395afe5ed7bb881a6134609dd9) C:\Windows\system32\Drivers\ItSDisk.sys
2010/07/30 14:12:49.0112   kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/07/30 14:12:49.0361   kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2010/07/30 14:12:49.0463   kbfiltr         (cc2a86d7bbf14977340dca61bbcba771) C:\Windows\system32\DRIVERS\kbfiltr.sys
2010/07/30 14:12:49.0562   klmd24          (6485ad0a17a0d6286b4d44c652adabb2) C:\Windows\system32\drivers\klmd.sys
2010/07/30 14:12:49.0710   KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2010/07/30 14:12:49.0894   lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2010/07/30 14:12:49.0985   LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/07/30 14:12:50.0133   LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/07/30 14:12:50.0300   LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/07/30 14:12:50.0350   luafv           (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2010/07/30 14:12:50.0396   lullaby         (0a8baf658dc7d4399971e995f3ca500c) C:\Windows\system32\DRIVERS\lullaby.sys
2010/07/30 14:12:50.0479   megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/07/30 14:12:50.0529   Modem           (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2010/07/30 14:12:50.0576   MODEMCSA        (7e222a1baaa42c8559db2ce8a12ad828) C:\Windows\system32\drivers\MODEMCSA.sys
2010/07/30 14:12:50.0675   monitor         (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2010/07/30 14:12:50.0733   mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2010/07/30 14:12:50.0758   mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2010/07/30 14:12:50.0804   MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2010/07/30 14:12:50.0837   mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/07/30 14:12:50.0871   mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2010/07/30 14:12:50.0901   Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/07/30 14:12:50.0946   MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2010/07/30 14:12:51.0019   mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/07/30 14:12:51.0054   mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/07/30 14:12:51.0278   mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/07/30 14:12:51.0389   msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2010/07/30 14:12:51.0542   msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/07/30 14:12:51.0732   Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2010/07/30 14:12:51.0810   msisadrv        (0a64168b63535520adfd6b959695404a) C:\Windows\system32\drivers\msisadrv.sys
2010/07/30 14:12:51.0846   MSKSSRV         (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2010/07/30 14:12:51.0916   MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/07/30 14:12:51.0935   MSPQM           (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2010/07/30 14:12:51.0965   MsRPC           (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2010/07/30 14:12:52.0002   mssmbios        (e09cedb1bca303b7f6ae22f512e56969) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/07/30 14:12:52.0028   MSTEE           (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2010/07/30 14:12:52.0070   MTsensor        (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
2010/07/30 14:12:52.0112   Mup             (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2010/07/30 14:12:52.0235   NativeWifiP     (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2010/07/30 14:12:52.0318   NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2010/07/30 14:12:52.0372   NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/07/30 14:12:52.0396   Ndisuio         (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/07/30 14:12:52.0505   NdisWan         (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/07/30 14:12:52.0629   NDProxy         (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2010/07/30 14:12:52.0688   NetBIOS         (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2010/07/30 14:12:52.0759   netbt           (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2010/07/30 14:12:52.0921   NETw3v32        (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2010/07/30 14:12:53.0384   NETw4v32        (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
2010/07/30 14:12:53.0627   nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/07/30 14:12:53.0926   Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2010/07/30 14:12:53.0996   nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2010/07/30 14:12:54.0130   Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2010/07/30 14:12:54.0321   ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/07/30 14:12:54.0388   Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2010/07/30 14:12:54.0985   nvlddmkm        (02a96700623af401a4f6632af04c0464) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/07/30 14:13:11.0026   nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/07/30 14:13:11.0495   nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/07/30 14:13:12.0002   nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/07/30 14:13:13.0156   ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/07/30 14:13:13.0668   Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/07/30 14:13:14.0119   partmgr         (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2010/07/30 14:13:14.0562   Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/07/30 14:13:15.0012   pci             (a48c4d0acc933f7a37e52ab0761811ad) C:\Windows\system32\drivers\pci.sys
2010/07/30 14:13:15.0480   pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2010/07/30 14:13:15.0807   pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/07/30 14:13:16.0090   PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/07/30 14:13:16.0416   PersonalSecureDrive (0d8848fbe1765a3e27b69b5bef6d429f) C:\Windows\System32\drivers\psd.sys
2010/07/30 14:13:16.0482   PptpMiniport    (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2010/07/30 14:13:16.0587   Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/07/30 14:13:16.0649   PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2010/07/30 14:13:16.0778   ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/07/30 14:13:16.0848   ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/07/30 14:13:16.0881   QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2010/07/30 14:13:16.0907   RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2010/07/30 14:13:16.0947   Rasl2tp         (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/07/30 14:13:16.0990   RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/07/30 14:13:17.0071   rdbss           (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2010/07/30 14:13:17.0102   RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/07/30 14:13:17.0234   rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/07/30 14:13:17.0354   RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2010/07/30 14:13:17.0413   RDPWD           (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2010/07/30 14:13:17.0499   RFCOMM          (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/07/30 14:13:17.0644   rimmptsk        (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/07/30 14:13:17.0681   rimsptsk        (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/07/30 14:13:17.0743   rismxdp         (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/07/30 14:13:17.0805   rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2010/07/30 14:13:17.0860   RTL8169         (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/07/30 14:13:18.0119   sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/07/30 14:13:18.0292   sdbus           (0a27b0d6a3d6242c9490c91c5bf9081d) C:\Windows\system32\DRIVERS\sdbus.sys
2010/07/30 14:13:18.0386   secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/07/30 14:13:18.0565   Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/07/30 14:13:18.0656   Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/07/30 14:13:18.0738   sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2010/07/30 14:13:18.0857   sffdisk         (55b145d4248012d306da8e92fa9fdc20) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/07/30 14:13:18.0936   sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/07/30 14:13:19.0014   sffp_sd         (5b327b59fae2b01c34690d91ed03786e) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/07/30 14:13:19.0187   sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/07/30 14:13:19.0430   sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/07/30 14:13:19.0461   SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/07/30 14:13:19.0493   SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/07/30 14:13:19.0562   Smb             (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2010/07/30 14:13:19.0762   smserial        (84c9ba8ebb11e5c09916be791079409c) C:\Windows\system32\DRIVERS\smserial.sys
2010/07/30 14:13:20.0826   SNP2UVC         (0302bc619d4a723317e7f8eb0c362bd3) C:\Windows\system32\DRIVERS\snp2uvc.sys
2010/07/30 14:13:21.0183   spldr           (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2010/07/30 14:13:21.0553   sptd            (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2010/07/30 14:13:21.0553   Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/07/30 14:13:21.0573   sptd - detected Locked file (1)
2010/07/30 14:13:21.0868   srv             (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2010/07/30 14:13:22.0161   srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2010/07/30 14:13:22.0387   srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/07/30 14:13:22.0608   swenum          (9c539aaffb0b6d7bce984c74317ff29f) C:\Windows\system32\DRIVERS\swenum.sys
2010/07/30 14:13:22.0771   Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/07/30 14:13:22.0865   Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/07/30 14:13:23.0147   Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/07/30 14:13:23.0515   SynTP           (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
2010/07/30 14:13:23.0873   Tcpip           (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2010/07/30 14:13:24.0627   Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2010/07/30 14:13:24.0852   tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2010/07/30 14:13:25.0127   TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2010/07/30 14:13:25.0428   TDTCP           (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2010/07/30 14:13:25.0914   tdx             (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2010/07/30 14:13:26.0221   TermDD          (cfe870506361bac80a549749116ad870) C:\Windows\system32\DRIVERS\termdd.sys
2010/07/30 14:13:26.0466   TPM             (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys
2010/07/30 14:13:26.0681   tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/07/30 14:13:26.0871   tunmp           (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2010/07/30 14:13:26.0912   tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2010/07/30 14:13:26.0977   uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/07/30 14:13:27.0065   udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2010/07/30 14:13:27.0146   uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/07/30 14:13:27.0209   uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/07/30 14:13:27.0271   UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/07/30 14:13:27.0642   ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/07/30 14:13:27.0942   umbus           (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2010/07/30 14:13:28.0109   USBAAPL         (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\Windows\system32\Drivers\usbaapl.sys
2010/07/30 14:13:28.0225   usbccgp         (293f069af0248db1ba1ab625861c3ba2) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/07/30 14:13:28.0458   usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/07/30 14:13:28.0588   usbehci         (dae3dabfe92077890703e9acbf60d927) C:\Windows\system32\DRIVERS\usbehci.sys
2010/07/30 14:13:28.0625   usbhub          (8c3ba0fb6c9d284ae677a31cace1e8be) C:\Windows\system32\DRIVERS\usbhub.sys
2010/07/30 14:13:28.0666   usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/07/30 14:13:28.0694   usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2010/07/30 14:13:28.0780   USBSTOR         (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/07/30 14:13:28.0898   usbuhci         (052e4c5e92dfab55e231e01766b003ad) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/07/30 14:13:29.0223   usbvideo        (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
2010/07/30 14:13:29.0484   vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/07/30 14:13:29.0520   VgaSave         (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2010/07/30 14:13:29.0540   viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/07/30 14:13:29.0566   ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/07/30 14:13:29.0595   viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/07/30 14:13:29.0652   vncmirror       (3b8f222b23917c041e4da29ccc57e7d0) C:\Windows\system32\DRIVERS\vncmirror.sys
2010/07/30 14:13:29.0676   volmgr          (cc8a64a532fd2844ee68f4061ed8a7fd) C:\Windows\system32\drivers\volmgr.sys
2010/07/30 14:13:29.0851   volmgrx         (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2010/07/30 14:13:30.0127   volsnap         (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2010/07/30 14:13:30.0461   vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/07/30 14:13:30.0757   WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/07/30 14:13:31.0023   Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/07/30 14:13:31.0064   Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/07/30 14:13:31.0294   Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/07/30 14:13:31.0614   Wdf01000        (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2010/07/30 14:13:31.0999   WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/07/30 14:13:32.0190   WpdUsb          (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/07/30 14:13:32.0326   ws2ifsl         (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2010/07/30 14:13:32.0588   WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/07/30 14:13:32.0689   ================================================================================
2010/07/30 14:13:32.0689   Scan finished
2010/07/30 14:13:32.0689   ================================================================================
2010/07/30 14:13:32.0716   Detected object count: 1
2010/07/30 14:14:07.0721   Locked file(sptd) - User select action: Skip

[Sneakyone]

Hi.

Please do the CFScript I have provided, it will remove the remaining malware.

[carltonsos]

Hi 

I implemented the CFScript however there was no log at the end. The first time it asked me to reboot the computer, the second time nothing really happened...

 

Are we close to the end? Thank you for your help so far


This is a  previous log i saved and posted however no other log appeared...

ComboFix 10-07-21.01 - scaturchio 29/07/2010  16:01:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.61.1033.18.2047.1170 [GMT 10:00]
Running from: c:\users\scaturchio\Desktop\commy.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
The following files were disabled during the run:
c:\windows\system32\APSHook.dll


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Uninstall
c:\program files\Common Files\Uninstall\PersonalAV\Uninstall.lnk
c:\program files\iCheck
c:\program files\iCheck\Uninstall.exe
c:\program files\IEToolbar
c:\program files\IEToolbar\ECO Bar\basis.xml
c:\program files\IEToolbar\ECO Bar\ecobar.dll
c:\program files\IEToolbar\ECO Bar\icons.bmp
c:\program files\IEToolbar\ECO Bar\info.txt
c:\program files\IEToolbar\ECO Bar\uninstall.exe
c:\program files\IEToolbar\ECO Bar\version.txt
c:\program files\IEToolbar\ECO Bar\your_logo.png
c:\program files\p2pmax
c:\program files\p2pmax\p2pmaxu.exe
c:\program files\runit
c:\program files\runit\config.txt
c:\program files\runit\runitu_32.exe
c:\program files\VnrBlock
c:\program files\VnrBlock\xtarga.gz
c:\program files\VnrPack
c:\program files\VnrPack\trgts.gz
c:\program files\VnrPack\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\PersonalAV
c:\programdata\Microsoft\Windows\Start Menu\PersonalAV\Uninstall.lnk
c:\windows\system32\ernel32.dll

.
(((((((((((((((((((((((((   Files Created from 2010-06-28 to 2010-07-29  )))))))))))))))))))))))))))))))
.

2010-07-29 06:07 . 2010-07-29 06:08   --------   d-----w-   c:\users\scaturchio\AppData\Local\temp
2010-07-29 06:07 . 2010-07-29 06:07   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-07-29 06:07 . 2010-07-29 06:07   --------   d-----w-   c:\users\michael\AppData\Local\temp
2010-07-26 00:06 . 2010-07-26 00:06   --------   d-----w-   c:\users\scaturchio\AppData\Local\Apps
2010-07-13 14:45 . 2010-07-13 14:45   --------   d-----w-   c:\users\scaturchio\AppData\Local\emwcfptyx
2010-07-13 14:12 . 2010-07-13 14:12   215040   ----a-w-   c:\windows\Cfikib.exe
2010-07-13 14:09 . 2010-07-13 14:09   215040   ----a-w-   c:\windows\Cfikia.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 02:01 . 2008-04-19 03:49   12   ----a-w-   c:\windows\bthservsdp.dat
2010-07-29 02:00 . 2008-04-19 06:35   45056   ----a-w-   c:\windows\system32\acovcnt.exe
2010-07-29 01:32 . 2008-07-27 02:03   28314   ----a-w-   c:\users\scaturchio\AppData\Roaming\nvModes.dat
2010-07-12 01:54 . 2009-09-29 12:10   --------   d-----w-   c:\programdata\performance
2010-07-12 01:48 . 2009-12-15 14:52   --------   d-----w-   c:\program files\eSignal
2010-07-10 12:32 . 2009-10-26 07:49   --------   d-----w-   c:\users\scaturchio\AppData\Roaming\Skype
2010-07-10 06:04 . 2009-10-26 07:52   --------   d-----w-   c:\users\scaturchio\AppData\Roaming\skypePM
2010-06-16 17:10 . 2008-04-19 03:59   --------   d-----w-   c:\programdata\Microsoft Help
2010-06-08 10:56 . 2009-04-24 23:53   --------   d-----w-   c:\users\scaturchio\AppData\Roaming\DNA
2010-06-08 10:47 . 2009-04-24 23:53   --------   d-----w-   c:\program files\DNA
2010-05-21 04:14 . 2009-10-04 02:15   221568   ----a-w-   c:\windows\system32\MpSigStub.exe
2009-03-04 15:19 . 2009-03-26 10:34   623616   ----a-w-   c:\program files\mozilla firefox\components\9b21fc47-3d6f-5167-2aa3-b63963bd2216.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 07:24   325000   ----a-w-   c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 02:01   1230080   ----a-w-   c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bc4be15d-6a34-4356-9e97-79e43da32b1d}"= "c:\program files\P2P_Torrent\tbP2P_.dll" [2008-07-10 1600024]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-20 1526296]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BC4BE15D-6A34-4356-9E97-79E43DA32B1D}"= "c:\program files\P2P_Torrent\tbP2P_.dll" [2008-07-10 1600024]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-20 1526296]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-19 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Mikogo"="c:\users\scaturchio\AppData\Roaming\Mikogo\Mikogo-Host.exe" [2009-12-10 2748416]
"ijgmeuex"="c:\users\scaturchio\AppData\Local\emwcfptyx\gexhjqrtssd.exe" [2010-07-13 289024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-04-19 1006264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-04-19 33136]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-04-19 37232]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-15 2046816]
"MaxMenuMgr"="c:\users\scaturchio\Documents\General homework\FreeAgent Status\StxMenuMgr.exe" [2009-03-27 181544]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-07-03 2328576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-11-07 03:16   111936   ----a-w-   c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2007-10-18 02:04   7737344   ----a-w-   c:\program files\ATKOSD2\ATKOSD2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-12-15 14:23   323392   ----a-w-   c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2005-05-19 13:47   57344   ----a-w-   c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10   409600   ----a-w-   c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 00:44   31072   ----a-w-   c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFXSPMGT]
2007-02-26 03:29   677408   ----a-w-   c:\windows\System32\IFXSPMGT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 02:06   290088   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 19:49   451872   ----a-w-   c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 05:18   413696   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-08-28 03:48   655360   ----a-w-   c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 11:27   144784   ----a-w-   c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-04 17:20   171448   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-06 10:12   1029416   ----a-w-   c:\program files\Synaptics\SynTP\SynTPEnh.exe

R3 B-Service;B-Service;c:\users\scaturchio\Downloads\B-Service.exe [2009-10-26 185640]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-12-09 717296]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2007-09-26 15416]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-19 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-03 108552]
S1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 23232]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-01-23 39080]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-12-15 20360]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-19 297752]
S2 FreeAgentGoNext Service;Seagate Service;c:\users\scaturchio\Documents\General homework\Sync\FreeAgentService.exe [2009-03-27 165160]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-07-03 9216]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2007-10-31 46592]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
Cognizance   REG_MULTI_SZ      ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{382e4c40-6978-11df-a602-8ea863392e96}]
\shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{705a717b-e8cc-11de-ab04-bbe119049866}]
\shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80fbb08f-79ba-11de-9c7f-001fc675c2ed}]
\shell\AutoRun\command - WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{880c97ff-df06-11de-a4d3-001fc675c2ed}]
\shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{880c980c-df06-11de-a4d3-001fc675c2ed}]
\shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cff9a9f6-aed6-11de-85ba-001fc675c2ed}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4a28d43-b8b1-11de-b86b-001fc675c2ed}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6d87531-1e6e-11df-9fff-001e101fbb72}]
\shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 19:47   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-29 c:\windows\Tasks\c40cf2c9.job
- c:\users\scaturchio\AppData\Roaming\c40cf2c9.exe [2004-09-12 00:00]

2008-08-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]

2010-07-28 c:\windows\Tasks\User_Feed_Synchronization-{623A13E4-4A5F-4371-ADF4-34696DB6B6E8}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.asus.com
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: iress.com.au\xplan
TCP: {12A36A9A-0723-4665-8697-3C05952587BF} = 93.188.162.61,93.188.161.201
TCP: {20FBAD19-A6A8-4E04-953F-CD81FE0C6D1D} = 93.188.162.61,93.188.161.201
TCP: {9C126305-D754-4CD9-91B6-6084DB2B4D45} = 93.188.162.61,93.188.161.201
FF - ProfilePath - c:\users\scaturchio\AppData\Roaming\Mozilla\Firefox\Profiles\h90jr4dm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au
FF - prefs.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\components\9b21fc47-3d6f-5167-2aa3-b63963bd2216.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\scaturchio\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
 
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*{bc4be15d-6a34-4356-9e97-79e43da32b1d} - (no file)
URLSearchHooks-*{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
HKCU-Run-JDK5SWFMZY - c:\users\SCATUR~1\AppData\Local\Temp\Clh.exe
MSConfigStartUp-Jnskdfmf9eldfd - c:\users\SCATUR~1\AppData\Local\Temp\csrssc.exe
MSConfigStartUp-MSServer - c:\windows\system32\yaywtUmM.dll
MSConfigStartUp-xsjfn83jkemfofght - c:\users\scaturchio\AppData\Local\Temp\winlogin.exe
AddRemove-VnrPack - c:\program files\VnrPack\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-29 16:08
Windows 6.0.6000  NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


c:\users\SCATUR~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x866F2EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x880dcd1f
\Driver\ACPI -> acpi.sys @ 0x804699d6
\Driver\atapi -> ataport.SYS @ 0x806be9c6
\Driver\iaStor -> iaStor.sys @ 0x8071b002
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1072)
c:\windows\system32\APSHook.dll

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
.
Completion time: 2010-07-29  16:13:42
ComboFix-quarantined-files.txt  2010-07-29 06:13

Pre-Run: 33,967,706,112 bytes free
Post-Run: 41,712,795,648 bytes free

- - End Of File - - 9854FB7B8A990B5F9CC080A26162DAD6