Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

have TR/PSW.wow.wxt

Started by pcnoob , Jul 07 2010 02:10 PM

  • Please log in to reply

#1
pcnoob
Posted 07 July 2010 - 02:10 PM

pcnoob

    Member

  • Member
  • PipPipPip
  • 120 posts
got an email the other day that someone had compromised my wow account. I have not played wow in over a year. so I contacted them. I changed my passwords (3-4x) then the last 2 days ive been getting emails from someone pretending to be blizzard and battlenet.com . I know they were bogues because hotmail had them highlighted red and flagged. so i emailed them again with a copy of the email. been some days and no response.I ran malwarebytes and it found 2 Tr/PSW.wow's. I read they can get into bank accounts and everything. I deleteded my online banking and changed passwords on everything. I cant find a scanner to remove. Please help.heres a scan I saved from avira

Avira AntiVir Personal
Report file date: Wednesday, July 07, 2010 13:51

Scanning for 2189537 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name :

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 19:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 19:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 01:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 02:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 00:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 23:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 18:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 15:11:21
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 15:11:37
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 15:11:38
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 15:11:38
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 15:11:38
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 15:11:38
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 15:11:39
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 15:11:39
VBASE013.VDF : 7.10.7.225 2048 Bytes 6/2/2010 15:11:39
VBASE014.VDF : 7.10.7.226 2048 Bytes 6/2/2010 15:11:39
VBASE015.VDF : 7.10.7.227 2048 Bytes 6/2/2010 15:11:39
VBASE016.VDF : 7.10.7.228 2048 Bytes 6/2/2010 15:11:40
VBASE017.VDF : 7.10.7.229 2048 Bytes 6/2/2010 15:11:40
VBASE018.VDF : 7.10.7.230 2048 Bytes 6/2/2010 15:11:40
VBASE019.VDF : 7.10.7.231 2048 Bytes 6/2/2010 15:11:40
VBASE020.VDF : 7.10.7.232 2048 Bytes 6/2/2010 15:11:41
VBASE021.VDF : 7.10.7.233 2048 Bytes 6/2/2010 15:11:41
VBASE022.VDF : 7.10.7.234 2048 Bytes 6/2/2010 15:11:41
VBASE023.VDF : 7.10.7.235 2048 Bytes 6/2/2010 15:11:41
VBASE024.VDF : 7.10.7.236 2048 Bytes 6/2/2010 15:11:42
VBASE025.VDF : 7.10.7.237 2048 Bytes 6/2/2010 15:11:42
VBASE026.VDF : 7.10.7.238 2048 Bytes 6/2/2010 15:11:42
VBASE027.VDF : 7.10.7.239 2048 Bytes 6/2/2010 15:11:42
VBASE028.VDF : 7.10.7.240 2048 Bytes 6/2/2010 15:11:42
VBASE029.VDF : 7.10.7.241 2048 Bytes 6/2/2010 15:11:43
VBASE030.VDF : 7.10.7.242 2048 Bytes 6/2/2010 15:11:43
VBASE031.VDF : 7.10.7.250 71168 Bytes 6/4/2010 15:11:44
Engineversion : 8.2.2.6
AEVDF.DLL : 8.1.2.0 106868 Bytes 6/4/2010 15:12:10
AESCRIPT.DLL : 8.1.3.31 1352058 Bytes 6/4/2010 15:12:09
AESCN.DLL : 8.1.6.1 127347 Bytes 6/4/2010 15:12:06
AESBX.DLL : 8.1.3.1 254324 Bytes 6/4/2010 15:12:11
AERDL.DLL : 8.1.4.6 541043 Bytes 6/4/2010 15:12:05
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 19:34:51
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 6/4/2010 15:12:02
AEHEUR.DLL : 8.1.1.33 2724214 Bytes 6/4/2010 15:12:01
AEHELP.DLL : 8.1.11.5 242038 Bytes 6/4/2010 15:11:52
AEGEN.DLL : 8.1.3.10 377205 Bytes 6/4/2010 15:11:51
AEEMU.DLL : 8.1.2.0 393588 Bytes 6/4/2010 15:11:49
AECORE.DLL : 8.1.15.3 192886 Bytes 6/4/2010 15:11:48
AEBB.DLL : 8.1.1.0 53618 Bytes 6/4/2010 15:11:47
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 19:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 19:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 23:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 19:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 19:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 19:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 16:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 19:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 22:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 21:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 20:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 21:14:29

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4c6db85e\guard_slideup.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: Wednesday, July 07, 2010 13:51

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'SpyHunter4.exe' - '1' Module(s) have been scanned
Scan process 'SH4SER~1.EXE' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'SSScheduler.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'FUFAXSTM.exe' - '1' Module(s) have been scanned
Scan process 'IntuitUpdateService.exe' - '1' Module(s) have been scanned
Scan process 'EEventManager.exe' - '1' Module(s) have been scanned
Scan process 'winpatrol.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ACService.exe' - '1' Module(s) have been scanned
Scan process 'eEBSVC.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\System Volume Information\_restore{05FAC1EA-2D58-424D-B28C-4EB5F4DD7A86}\RP500\A0069866.dll'
C:\System Volume Information\_restore{05FAC1EA-2D58-424D-B28C-4EB5F4DD7A86}\RP500\A0069866.dll
[DETECTION] Is the TR/PSW.Wow.wxt Trojan
[NOTE] The file was moved to the quarantine directory under the name '4e1f7a27.qua'.


End of the scan: Wednesday, July 07, 2010 13:52
Used time: 01:36 Minute(s)

The scan has been done completely.

0 Scanned directories
39 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
38 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes

Edited by pcnoob, 07 July 2010 - 02:56 PM.

  • 0

Advertisements

#2
RKinner
Posted 09 July 2010 - 01:03 AM

RKinner

    Malware Expert

  • Expert
  • 24,457 posts
  • MVP
Do as much of

http://www.geekstogo...uide-t2852.html

as you can. If a step won't work, skip to the next one. Copy and paste your gmer, mbam, otl, & extras logs into a reply. Do not attach them.

If you lose internet access after running MBAM or if you are not able to get to the downloads:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.


Ron
  • 0

#3
pcnoob
Posted 10 July 2010 - 01:03 PM

pcnoob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
hi and ty for your reply. I uninstalled world of warcraft but there is still some files I cant delete.

OTL logfile created on: 7/10/2010 12:41:57 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\LOREN\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 52.44 Gb Free Space | 70.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Unable to calculate disk information.

Computer Name: LOREN-4F0234FAC
Current User Name: LOREN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/10 12:39:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LOREN\My Documents\Downloads\OTL.exe
PRC - [2010/06/26 02:41:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/03/17 17:40:22 | 000,337,216 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/02/06 01:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/01/12 10:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/11/19 10:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2004/12/22 03:09:44 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/10 12:39:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LOREN\My Documents\Downloads\OTL.exe
MOD - [2009/03/17 17:40:34 | 000,062,776 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2004/08/04 06:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 06:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/19 10:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - [2010/07/10 11:15:41 | 000,139,096 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/08/08 10:54:10 | 000,028,968 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2007/06/26 19:58:16 | 002,303,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/12/22 03:07:12 | 002,304,320 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/07/17 19:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/03/25 03:50:46 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/10/17 01:14:46 | 000,049,024 | R--- | M] (Windows ® 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 03:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002/07/10 09:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....r=ytff-msgr&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/01 09:18:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/30 18:21:40 | 000,000,000 | ---D | M]

[2009/01/31 19:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\Mozilla\Extensions
[2010/07/10 12:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\Mozilla\Firefox\Profiles\yrb152mc.default\extensions
[2010/04/22 16:38:52 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\LOREN\Application Data\Mozilla\Firefox\Profiles\yrb152mc.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}(2)
[2010/06/01 15:21:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\LOREN\Application Data\Mozilla\Firefox\Profiles\yrb152mc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/02 23:20:16 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\LOREN\Application Data\Mozilla\Firefox\Profiles\yrb152mc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/04/23 06:48:13 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\LOREN\Application Data\Mozilla\Firefox\Profiles\yrb152mc.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/09/15 20:48:45 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\LOREN\Application Data\Mozilla\Firefox\Profiles\yrb152mc.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(2)
[2010/04/22 16:38:53 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\LOREN\Application Data\Mozilla\Firefox\Profiles\yrb152mc.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(3)
[2009/06/21 11:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\Mozilla\Firefox\Profiles\yrb152mc.default\extensions\[email protected]
[2009/09/15 20:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\Mozilla\Firefox\Profiles\yrb152mc.default\extensions\[email protected](2).beard
[2010/04/22 16:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\Mozilla\Firefox\Profiles\yrb152mc.default\extensions\[email protected](3).beard
[2010/07/10 12:39:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/03 08:32:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/03 08:32:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2010/07/07 13:34:43 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [WorkForce 610(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: PackageCab http://ak.imgag.com/...tall/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Soap Bubbles.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Soap Bubbles.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/04 02:13:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/08 09:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/07/08 09:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2010/07/07 19:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LOREN\Updates
[2010/07/07 13:56:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/07/07 13:31:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
[2010/06/27 06:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9 Installer
[2010/06/27 06:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
[2010/06/27 06:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/27 06:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LOREN\Local Settings\Application Data\Adobe
[2010/06/27 06:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
[2010/06/04 09:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LOREN\Application Data\Avira
[2010/06/04 09:09:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/06/04 09:09:04 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/06/04 09:09:04 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/06/04 09:09:04 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/06/04 09:09:04 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/06/04 09:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/06/04 09:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
[2010/06/01 20:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/01 15:19:42 | 000,000,000 | ---D | C] -- C:\Sun
[2010/06/01 15:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2010/06/01 08:01:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/01 08:01:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/16 08:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee Security Scan
[2010/05/16 08:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
[2010/05/16 08:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/05/11 06:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LOREN\Application Data\Facebook
[2010/04/30 21:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LOREN\Application Data\AVP 2009
[2010/04/22 16:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Nick Jr. Arcade
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/10 12:24:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/10 11:15:41 | 000,139,096 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/07/10 10:47:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/10 10:46:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/10 10:46:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/10 10:24:33 | 003,407,872 | ---- | M] () -- C:\Documents and Settings\LOREN\ntuser.dat
[2010/07/10 10:24:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\LOREN\ntuser.ini
[2010/07/09 09:48:34 | 006,917,464 | -H-- | M] () -- C:\Documents and Settings\LOREN\Local Settings\Application Data\IconCache.db
[2010/07/07 19:20:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\LOREN\WoW-3.0.8.9464-to-3.0.8.9506-enUS-patch.exe.part
[2010/07/07 17:03:55 | 000,015,848 | ---- | M] () -- C:\Documents and Settings\LOREN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/07 17:02:26 | 000,102,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/05 14:30:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/05 14:23:12 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/07/02 12:42:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/30 18:21:40 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2010/06/27 07:09:19 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\LOREN\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/27 07:09:19 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/06/27 06:36:12 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Acrobat_com.lnk
[2010/06/26 18:30:40 | 005,567,488 | R--- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\ESBK.mbb
[2010/06/26 18:30:40 | 002,778,112 | R--- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\ESBK.mb
[2010/06/21 16:55:51 | 000,001,297 | ---- | M] () -- C:\Documents and Settings\LOREN\Desktop\Shortcut to 100_1399.lnk
[2010/06/14 09:39:38 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\LOREN\My Documents\dog notices.rtf
[2010/06/08 16:26:28 | 000,000,916 | ---- | M] () -- C:\Documents and Settings\LOREN\My Documents\pool rules.rtf
[2010/06/04 09:09:14 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Avira AntiVir Control Center.lnk
[2010/06/03 08:28:03 | 000,000,974 | ---- | M] () -- C:\Documents and Settings\LOREN\Desktop\Shortcut to jre-6u20-windows-i586.lnk
[2010/06/01 09:23:37 | 000,004,444 | ---- | M] () -- C:\Documents and Settings\LOREN\My Documents\instruction.rtf
[2010/06/01 08:12:53 | 000,001,396 | ---- | M] () -- C:\Documents and Settings\LOREN\My Documents\scan.rtf
[2010/06/01 08:01:49 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/31 20:58:49 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\LOREN\My Documents\new.rtf
[2010/05/19 13:39:18 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/05/14 16:08:31 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\LOREN\My Documents\office depo.rtf
[2010/05/10 18:03:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NULL
[2010/05/05 13:22:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/04 15:28:13 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\LOREN\My Documents\wow.rtf
[2010/04/30 21:39:30 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\LOREN\My Documents\new pass.rtf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/10 12:33:47 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\LOREN\Desktop\gmer.exe
[2010/07/07 19:20:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\LOREN\WoW-3.0.8.9464-to-3.0.8.9506-enUS-patch.exe.part
[2010/06/27 07:09:19 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/06/27 06:36:54 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2010/06/27 06:36:12 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Acrobat_com.lnk
[2010/06/21 16:55:51 | 000,001,297 | ---- | C] () -- C:\Documents and Settings\LOREN\Desktop\Shortcut to 100_1399.lnk
[2010/06/14 09:39:37 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\LOREN\My Documents\dog notices.rtf
[2010/06/04 09:09:13 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Avira AntiVir Control Center.lnk
[2010/06/03 08:28:03 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\LOREN\Desktop\Shortcut to jre-6u20-windows-i586.lnk
[2010/06/01 09:23:37 | 000,004,444 | ---- | C] () -- C:\Documents and Settings\LOREN\My Documents\instruction.rtf
[2010/06/01 08:12:53 | 000,001,396 | ---- | C] () -- C:\Documents and Settings\LOREN\My Documents\scan.rtf
[2010/06/01 08:01:49 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/31 20:58:48 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\LOREN\My Documents\new.rtf
[2010/05/16 08:18:55 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/05/14 16:08:31 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\LOREN\My Documents\office depo.rtf
[2010/05/04 15:28:13 | 000,000,182 | ---- | C] () -- C:\Documents and Settings\LOREN\My Documents\wow.rtf
[2010/04/30 21:39:30 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\LOREN\My Documents\new pass.rtf
[2010/01/22 23:17:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/01/22 20:58:54 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/01/22 20:56:33 | 000,000,089 | ---- | C] () -- C:\WINDOWS\EPWF610.ini
[2009/12/29 11:44:16 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/04/24 10:31:55 | 000,002,578 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/03/26 20:34:30 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2009/01/31 21:04:26 | 000,139,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/01/31 19:16:51 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/01/31 19:02:50 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/01/31 19:02:27 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2009/01/31 19:02:01 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2007/08/08 10:54:10 | 000,028,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2004/08/04 06:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2009/11/18 15:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alawar Stargaze
[2010/07/08 11:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2009/05/04 13:11:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
[2009/06/21 20:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Disney Interactive
[2009/03/27 19:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverScanner
[2010/01/22 21:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
[2009/11/18 18:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\gamelab
[2009/11/09 22:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\JollyBear
[2009/11/18 16:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Merscom
[2009/03/28 11:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
[2009/11/16 20:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Redrum
[2009/11/11 22:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sandlot Games
[2010/06/01 07:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/02/07 22:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\Acreon
[2010/04/30 21:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\AVP 2009
[2009/11/18 18:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\Azuaz Games
[2009/11/10 14:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\Big Fish Games
[2009/11/11 21:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\Dekovir
[2010/01/31 11:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\Epson
[2009/11/14 22:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\ERS G-Studio
[2010/05/11 06:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\Facebook
[2009/11/18 18:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\gamelab
[2009/03/28 12:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\GetRightToGo
[2009/01/31 19:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\InterTrust
[2010/01/22 21:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\Leadertech
[2009/03/25 14:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\LimeWire
[2009/11/18 16:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\Merscom
[2009/11/11 10:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\Playrix Entertainment
[2009/11/14 07:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\Reflexivev1002
[2009/11/15 00:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\SBTT
[2009/05/31 11:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\SecondLife
[2009/02/16 15:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\Skinux
[2009/03/26 21:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\TrojanHunter
[2009/03/27 19:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\Uniblue
[2009/05/16 10:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\Unity
[2009/02/20 08:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\Windows Live Writer
[2009/03/26 14:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LOREN\Application Data\WinPatrol
[2010/07/05 14:23:12 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/02/04 02:13:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/27 19:20:46 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/01/31 19:17:13 | 000,000,193 | ---- | M] () -- C:\CDSetup.log
[2008/02/04 02:13:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/06/02 14:15:06 | 000,022,825 | ---- | M] () -- C:\CybDefInstallInfo.log
[2010/07/07 19:43:08 | 000,013,254 | ---- | M] () -- C:\HijackPatrol.log
[2008/02/04 02:13:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/10 11:14:27 | 000,035,895 | ---- | M] () -- C:\moduleName.txt
[2008/02/04 02:13:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/03/30 09:04:38 | 000,000,948 | ---- | M] () -- C:\net_save.dna
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 06:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/07/10 10:46:39 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/11/27 18:18:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/11/27 22:21:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/11/28 08:44:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/12/26 16:39:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/01/31 21:01:48 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/02/01 07:05:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/08/17 18:11:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/08/17 20:23:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/09/29 16:37:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/10/13 21:32:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/10/14 11:47:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/10/14 15:13:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/11/12 06:55:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/11/12 09:59:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/11/12 16:55:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/11/12 18:25:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/11/27 09:32:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/11/27 10:46:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/11/27 11:15:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/11/27 11:35:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2008/11/27 18:18:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/11/27 22:21:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/11/28 08:44:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/12/26 16:39:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/01/31 21:01:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/02/01 07:05:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/08/17 18:11:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/08/17 20:23:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/09/29 16:37:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/10/13 21:32:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/10/14 11:47:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/10/14 15:13:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/11/12 06:55:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/11/12 09:59:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/11/12 16:55:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/11/12 18:25:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/11/27 09:32:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/11/27 10:46:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/11/27 11:15:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/11/27 11:35:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/01/31 18:22:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/10/21 20:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD97.DLL
[2007/10/21 20:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP97.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.dat >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/01/31 11:06:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/31 11:06:30 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/31 11:06:30 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2004/08/04 06:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/04 06:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2004/08/04 06:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9BEACB911CA61E5881102188AB7FB431 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-03-27 15:43:21

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E51234A9
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8DA0EB21
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0E799D7F
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:773DA865
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0E22C5DB
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:61B54B15
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:EDC744FB
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:737160C1
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4C528C86
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9E985157
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2BC498A4
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AE2EA3C2
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5AF0DC60
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FED25C29
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0AC32449
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B5988350
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:726D640A
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:551BED5F
< End of report >
OTL Extras logfile created on: 7/10/2010 12:41:57 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\LOREN\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 52.44 Gb Free Space | 70.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Unable to calculate disk information.

Computer Name: LOREN-4F0234FAC
Current User Name: LOREN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Soldier of Fortune II - Double Helix GOLD\SoF2MP.exe" = C:\Program Files\Soldier of Fortune II - Double Helix GOLD\SoF2MP.exe:*:Enabled:SoF2MP -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager.exe -- (SEIKO EPSON CORPORATION)
"C:\Program Files\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe" = C:\Program Files\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe:*:Enabled:EpsonNet Setup -- (SEIKO EPSON CORPORATION)
"C:\Program Files\World of Warcraft\WoW-3.3.2.11403-to-3.3.3.11685-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.3.2.11403-to-3.3.3.11685-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Documents and Settings\LOREN\Application Data\Facebook\facebook.exe" = C:\Documents and Settings\LOREN\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook -- ()
"C:\Program Files\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{04677911-D5DC-C500-A4E8-2D5CCC9180E9}" = CCC Help Greek
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0629A9E3-42C3-38F4-7DE1-84647E9BE9CE}" = ccc-utility
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15327F19-DCA5-D102-0A11-C8B213AC278A}" = Catalyst Control Center Localization Greek
"{170A555B-8B7C-18A7-FBB3-68FCD8171BEF}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2100F7DB-91AA-8C7C-1917-E41BE3E06C64}" = CCC Help Dutch
"{23101306-56BD-BD95-DE03-907203A2D121}" = CCC Help Russian
"{23F84188-E168-12FC-68E1-0BC2B9ADA0F7}" = CCC Help Thai
"{252E8DB0-E036-1BFD-D1BA-0434C3B66B41}" = ccc-core-preinstall
"{255B921D-AE7F-8C7A-ACEA-9C7420659DC5}" = Catalyst Control Center Localization Thai
"{25F78FDD-6D45-5229-3602-1026D916B534}" = CCC Help Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{281D1C3D-50DA-46B4-D3E3-B811A9A3E644}" = Catalyst Control Center Localization Dutch
"{2847E94E-E127-1018-BA2D-1B99C229BE71}" = CCC Help Polish
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{32AF8E1C-CCC7-78D0-1BD6-E48EFFBBEE92}" = Catalyst Control Center Localization French
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{385DFAC7-B31A-6FB0-1EB6-CD4854D55219}" = Catalyst Control Center Localization Swedish
"{3D6816CE-0943-85C8-8AB4-88C23C38CECB}" = Catalyst Control Center Localization Chinese Traditional
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4026F0FC-CD1B-C487-B5C6-E815B258A1CA}" = Catalyst Control Center Graphics Light
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{44EBA8D8-C559-A742-692D-51D2049AB8F1}" = CCC Help Finnish
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45E5354A-2CB2-EB0B-D930-29F8DD9F17AC}" = CCC Help Turkish
"{4846B4A3-E2E3-61A3-2B9F-3674291C3C97}" = CCC Help Spanish
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{491E695B-D88A-96B3-5DD6-C8487E6CF145}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52DF099A-2A4A-4714-756F-3E4719FE4672}" = Skins
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5399ACAF-7B15-43D5-9233-4E797B184FD2}" = AVIVO
"{54043BD9-50E5-96F0-D95F-E8BAACE26D89}" = Catalyst Control Center Localization Finnish
"{54B21299-1523-BA6D-CF0C-37122B5CB762}" = CCC Help Italian
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{67E76212-F672-32C4-0828-5BE8F7B85966}" = Catalyst Control Center Graphics Full New
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6A9D8554-E01A-B116-C84D-810589D016A1}" = Catalyst Control Center Localization Japanese
"{6C144163-02C2-B57F-AB61-56DA5546B2BB}" = Catalyst Control Center Localization Spanish
"{74DF227F-21FD-1B67-B1C2-635B14A0158E}" = CCC Help Danish
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{76CA3745-48C8-1B2E-4090-56711467CD43}" = Catalyst Control Center Localization Portuguese
"{7B545503-5C31-B8A4-9B77-B6B99ADEC09D}" = Catalyst Control Center Localization Russian
"{7D4A509E-8F02-7850-5837-B50D08D47FF5}" = Catalyst Control Center Localization Czech
"{7DD3D82C-714A-F883-D93B-4C129D5FFA15}" = Catalyst Control Center Localization Norwegian
"{7E95FCBF-A6E7-2475-7A87-C6D4A355AA66}" = Catalyst Control Center Localization German
"{8010923B-40C7-0ECC-95C5-50623E548D96}" = CCC Help Portuguese
"{82CD426E-31DC-2F43-205E-E01E5C098F5A}" = CCC Help Chinese Traditional
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{920560B7-6A55-DC40-5525-5F44A494F740}" = CCC Help Czech
"{92B71406-5264-4020-8A9E-5F3502FC2AF3}" = Disney's Princess Fashion Boutique
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B56936D-273E-F723-89D1-6EB3FC858AB5}" = ccc-core-static
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{AAD91AB4-1704-4037-8F66-462B46ACF6A1}" = Disney's Lilo & Stitch Trouble in Paradise
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B545059F-F74D-115D-2BAD-56555D575FCD}" = CCC Help Norwegian
"{C03DF297-96AD-B6D5-92EA-D99F5D76E5A3}" = CCC Help German
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C5DC3DD5-80E0-88B9-2AF4-DFBEF10E4EBB}" = CCC Help Chinese Standard
"{C66844A2-A373-1EEB-589E-AFD77E661FC9}" = Catalyst Control Center Core Implementation
"{C8781F28-84B1-4DBB-4627-951652B04293}" = CCC Help French
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CC8EA619-F11E-AD1F-93B7-7B356752185A}" = Catalyst Control Center Localization Polish
"{CD13227D-2CA4-AB85-8674-5F6ADF42B882}" = Catalyst Control Center Localization Korean
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D6FC3A76-C2BD-0B95-FB03-7EE37A8D2B21}" = Catalyst Control Center Localization Hungarian
"{D83D00F3-BBEF-B19D-5FE3-AA3C2BD726E3}" = Catalyst Control Center Localization Turkish
"{D966EC30-E3FF-9B17-BB68-2277D0870F5B}" = Catalyst Control Center Graphics Previews Common
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E5ADC9FD-8C1F-456E-DFFB-716FE481C520}" = CCC Help Hungarian
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F30E3BD6-F658-FDC3-8FF7-13302359DDD8}" = CCC Help Korean
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4B265CB-59BF-CCB2-F606-B8D16EE2D8ED}" = Catalyst Control Center Localization Chinese Standard
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F860DD52-99C8-8746-1F2E-71A662B59FEA}" = Catalyst Control Center Graphics Full Existing
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FAFDA3E9-7035-5EF2-679C-C787EFD01ADF}" = Catalyst Control Center Localization Danish
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB63CC95-17BA-A660-35EE-EAEBBA79C30C}" = Catalyst Control Center Localization Italian
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"ATITool" = ATITool Overclocking Utility
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
"Escape Rosecliff Island_is1" = Escape Rosecliff Island
"ESET Online Scanner" = ESET Online Scanner v3
"Facebook" = Facebook Desktop
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nick Jr. Bingo" = Nick Jr. Bingo
"PunkBusterSvc" = PunkBuster Services
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"StarCraft" = StarCraft
"UnityWebPlayer" = Unity Web Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPatrol" = WinPatrol 2009
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/25/2010 11:19:10 PM | Computer Name = LOREN-4F0234FAC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/7/2010 9:55:09 AM | Computer Name = LOREN-4F0234FAC | Source = ESENT | ID = 490
Description = svchost (980) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.chk"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 6/8/2010 6:13:16 PM | Computer Name = LOREN-4F0234FAC | Source = Application Hang | ID = 1002
Description = Hanging application E_FARNFJA.EXE, version 5.0.5.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/8/2010 6:13:19 PM | Computer Name = LOREN-4F0234FAC | Source = Application Hang | ID = 1002
Description = Hanging application E_FARNFJA.EXE, version 5.0.5.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/8/2010 6:17:11 PM | Computer Name = LOREN-4F0234FAC | Source = Application Hang | ID = 1002
Description = Hanging application E_FARNFJA.EXE, version 5.0.5.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/8/2010 6:19:37 PM | Computer Name = LOREN-4F0234FAC | Source = Application Hang | ID = 1002
Description = Hanging application E_FARNFJA.EXE, version 5.0.5.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/15/2010 11:00:44 AM | Computer Name = LOREN-4F0234FAC | Source = Application Hang | ID = 1002
Description = Hanging application wlmail.exe, version 14.0.8089.726, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/17/2010 3:43:29 PM | Computer Name = LOREN-4F0234FAC | Source = ESENT | ID = 490
Description = svchost (976) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.chk"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 6/17/2010 3:43:31 PM | Computer Name = LOREN-4F0234FAC | Source = ESENT | ID = 490
Description = svchost (976) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 7/5/2010 6:56:54 PM | Computer Name = LOREN-4F0234FAC | Source = ESENT | ID = 490
Description = svchost (980) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

[ System Events ]
Error - 7/7/2010 3:15:26 PM | Computer Name = LOREN-4F0234FAC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
gagp30kx PCIIde


< End of report >


GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-10 12:38:43
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\LOREN\LOCALS~1\Temp\pwrciaod.sys


---- System - GMER 1.0.15 ----

SSDT BA14F2D6 ZwCreateKey
SSDT BA14F2CC ZwCreateThread
SSDT BA14F2DB ZwDeleteKey
SSDT BA14F2E5 ZwDeleteValueKey
SSDT BA14F2EA ZwLoadKey
SSDT BA14F2B8 ZwOpenProcess
SSDT BA14F2BD ZwOpenThread
SSDT BA14F2F4 ZwReplaceKey
SSDT BA14F2EF ZwRestoreKey
SSDT BA14F2E0 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 1D4 804E2830 4 Bytes JMP 5EBA14F2
.reloc C:\WINDOWS\system32\drivers\PnkBstrK.sys section is executable [0xA5A60000, 0x1901C, 0xE0000060]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2560] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)

---- EOF - GMER 1.0.15 ----


MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4300

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

7/10/2010 1:01:48 PM
mbam-log-2010-07-10 (13-01-48).txt

Scan type: Quick scan
Objects scanned: 162085
Time elapsed: 8 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by pcnoob, 10 July 2010 - 01:05 PM.

  • 0

#4
RKinner
Posted 12 July 2010 - 09:29 AM

RKinner

    Malware Expert

  • Expert
  • 24,457 posts
  • MVP
Guess I did lose your reply. Sorry about that.

I don't see anything evil so far. Are you sure that first email wasn't a scam?

Let's run a few more checks to make sure.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:


  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  • Start >All Programs> Accessories> Command Prompt. Copythe following bolded command, then right click and Paste then hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Also download mbr.exe from

http://www2.gmer.net/mbr/mbr.exe

and save it to your desktop.


Then run it. It should create a log file on your desktop. Open it and copy the text and paste it into a reply.


Ron
  • 0

#5
pcnoob
Posted 12 July 2010 - 11:19 AM

pcnoob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Hi I couldnt run the combo fix scan, it kept saying i had anti virus things running and when i disabled them all it ran then it stopped and said i didnt have something installed on my computer and closed. but i did run the other 2 scans. When i download things they dont save to my desktop. I dont know why it bugs lol I want to reinstall my hotmail is there a scan i can use to make sire there is nothing in there?

11:07:22:515 2888 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
11:07:22:515 2888 ================================================================================
11:07:22:515 2888 SystemInfo:

11:07:22:515 2888 OS Version: 5.1.2600 ServicePack: 2.0
11:07:22:515 2888 Product type: Workstation
11:07:22:515 2888 ComputerName: LOREN-4F0234FAC
11:07:22:515 2888 UserName: LOREN
11:07:22:515 2888 Windows directory: C:\WINDOWS
11:07:22:515 2888 System windows directory: C:\WINDOWS
11:07:22:515 2888 Processor architecture: Intel x86
11:07:22:515 2888 Number of processors: 1
11:07:22:515 2888 Page size: 0x1000
11:07:22:515 2888 Boot type: Normal boot
11:07:22:515 2888 ================================================================================
11:07:22:859 2888 Initialize success
11:07:22:859 2888
11:07:22:859 2888 Scanning Services ...
11:07:22:921 2888 Raw services enum returned 305 services
11:07:22:937 2888
11:07:22:937 2888 Scanning Drivers ...
11:07:23:250 2888 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:07:23:296 2888 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:07:23:359 2888 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
11:07:23:406 2888 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
11:07:23:562 2888 ALCXWDM (f5d4d3899e16e1f75398297844386226) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
11:07:23:750 2888 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
11:07:23:843 2888 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:07:23:875 2888 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:07:24:062 2888 ati2mtag (9a6bfd014090c96a2f3708d98e5a3f40) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:07:24:156 2888 ATITool (d4ed96ac2fafee2c697436b9a2871cd3) C:\WINDOWS\system32\DRIVERS\ATITool.sys
11:07:24:187 2888 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:07:24:234 2888 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:07:24:343 2888 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
11:07:24:359 2888 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:07:24:406 2888 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:07:24:453 2888 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:07:24:515 2888 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:07:24:562 2888 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:07:24:609 2888 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
11:07:24:656 2888 Cdrom (882b4257e5a5adfb6b5c03e8a02d4bf1) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:07:24:750 2888 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
11:07:24:812 2888 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
11:07:24:921 2888 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
11:07:24:984 2888 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:07:25:031 2888 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
11:07:25:093 2888 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
11:07:25:140 2888 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
11:07:25:171 2888 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:07:25:218 2888 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
11:07:25:250 2888 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:07:25:296 2888 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:07:25:328 2888 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:07:25:359 2888 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:07:25:406 2888 gagp30kx (4216cd545e5c30807b560c5dcaa812e6) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
11:07:25:453 2888 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:07:25:468 2888 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:07:25:515 2888 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
11:07:25:593 2888 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:07:25:640 2888 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:07:25:703 2888 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:07:25:750 2888 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:07:25:781 2888 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:07:25:812 2888 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:07:25:859 2888 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:07:25:937 2888 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:07:25:984 2888 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:07:26:015 2888 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:07:26:062 2888 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:07:26:109 2888 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
11:07:26:156 2888 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
11:07:26:187 2888 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
11:07:26:234 2888 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:07:26:265 2888 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
11:07:26:312 2888 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:07:26:359 2888 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:07:26:375 2888 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
11:07:26:421 2888 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:07:26:484 2888 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:07:26:515 2888 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
11:07:26:562 2888 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:07:26:593 2888 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:07:26:625 2888 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
11:07:26:671 2888 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:07:26:687 2888 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
11:07:26:718 2888 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
11:07:26:796 2888 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:07:26:843 2888 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:07:26:890 2888 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:07:26:921 2888 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
11:07:26:953 2888 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:07:26:984 2888 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:07:27:078 2888 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
11:07:27:156 2888 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
11:07:27:187 2888 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:07:27:234 2888 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:07:27:265 2888 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:07:27:312 2888 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
11:07:27:328 2888 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
11:07:27:359 2888 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:07:27:390 2888 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
11:07:27:437 2888 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:07:27:468 2888 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:07:27:593 2888 PnkBstrK (944962a26055c1b3c40e5198d05203a7) C:\WINDOWS\system32\drivers\PnkBstrK.sys
11:07:27:687 2888 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:07:27:718 2888 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
11:07:27:750 2888 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:07:27:828 2888 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:07:27:843 2888 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:07:27:875 2888 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:07:27:906 2888 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:07:27:937 2888 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:07:27:953 2888 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:07:27:984 2888 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:07:28:046 2888 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
11:07:28:078 2888 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:07:28:125 2888 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:07:28:171 2888 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:07:28:265 2888 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
11:07:28:312 2888 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:07:28:375 2888 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
11:07:28:421 2888 SiSide (b4485881bd8aed9b157a2e6cf43c2d51) C:\WINDOWS\system32\DRIVERS\siside.sys
11:07:28:437 2888 sisidex (6225224b8e846ac230f8d9b343635910) C:\WINDOWS\system32\drivers\sisidex.sys
11:07:28:484 2888 SISNIC (8204c49cde112f7b9c2f15707fe2cc5a) C:\WINDOWS\system32\DRIVERS\sisnic.sys
11:07:28:500 2888 sisperf (596d4a7052002d2bd344d8937da6f66d) C:\WINDOWS\system32\drivers\sisperf.sys
11:07:28:546 2888 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
11:07:28:578 2888 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
11:07:28:656 2888 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
11:07:28:718 2888 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:07:28:734 2888 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:07:28:765 2888 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
11:07:28:843 2888 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
11:07:29:015 2888 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:07:29:062 2888 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:07:29:093 2888 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
11:07:29:125 2888 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:07:29:187 2888 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
11:07:29:250 2888 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
11:07:29:281 2888 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:07:29:328 2888 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:07:29:343 2888 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:07:29:375 2888 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:07:29:421 2888 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:07:29:515 2888 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:07:29:578 2888 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
11:07:29:625 2888 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
11:07:29:671 2888 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:07:29:750 2888 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
11:07:29:796 2888 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:07:29:843 2888 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:07:29:890 2888 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:07:29:906 2888
11:07:29:906 2888 Completed
11:07:29:906 2888
11:07:29:906 2888 Results:
11:07:29:906 2888 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
11:07:29:906 2888 File objects infected / cured / cured on reboot: 0 / 0 / 0
11:07:29:906 2888
11:07:29:906 2888 KLMD(ARK) unloaded successfully



MBR

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
  • 0

#6
RKinner
Posted 12 July 2010 - 08:20 PM

RKinner

    Malware Expert

  • Expert
  • 24,457 posts
  • MVP
Check to see if Combofix left us a log at:
C:\Combofix.txt. IF not boot into Safe Mode with Networking and try it again. Remember to pause your anti-virus (if it runs in Safe Mode)
http://www.computerh...sues/chsafe.htm

The other two scans are clean.

Run the free on-line scan from Bitdefender:

Copy the next line by highlighting and ctrl + c

http://www.bitdefend...nline/free.html

Close all programs and browsers. Start either IE or Firefox. Then click on the area where you put in the URL and paste (Ctrl + v). The line you copied should appear. Hit Enter. Do not run other programs or tabs while the scan is running. Copy and paste the report you get into a reply.

If you are really feeling paranoid you can run ESET's scanner but expect it to take several hours time:

Use IE or Firefox and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP