Trojan.MultipleAV.Gen

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Trojan.MultipleAV.Gen Computer very slow still after removal with MBAM

#1 robert1971

Group: Member
Posts: 45
Joined: 27-February 06

Posted 11 August 2010 - 12:52 PM

I noticed my computer getting very slow the other day and decided to run a scan with MBAM.

It found "Trojan.MultipleAV.Gen. After having this removed the computer started running considerably better but is still not normal.

While the computer runs better it is still slow which is not normal for this computer.

I have attached the following: MBAM log, GMER log, OTL log

Any help is greatly appreciated!

MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4417

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/11/2010 1:16:03 AM
mbam-log-2010-08-11 (01-16-03).txt

Scan type: Quick scan
Objects scanned: 157113
Time elapsed: 1 hour(s), 8 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Owner\Local Settings\Application Data\mtg (Trojan.MultipleAV.Gen) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-11 11:22:04
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwloapob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF5847CD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF5847B8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xF5848142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF584806C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF5847764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF5847C68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF58476A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF5847708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF5847D88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF5848210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF5847D48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF5847EC8]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF5854B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF58549C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF5854AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 805795FA 7 Bytes JMP F5854AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805A075C 7 Bytes JMP F58549C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP F58505B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP F5851F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73EA 7 Bytes JMP F5854BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\internet explorer\iexplore.exe[2888] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2888] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2888] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2888] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2888] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2888] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2888] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2888] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2888] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3772] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3772] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3772] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3772] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3772] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3772] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3772] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3772] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3772] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3772] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3772] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3772] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3772] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3772] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat F1BFFD20
Device \FileSystem\Fastfat \Fat F1C039F2

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F0271C5-524F-FCC5-139F-D00AF3E293A0}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F0271C5-524F-FCC5-139F-D00AF3E293A0}@iaablojmfmjpmfcahf 0x6B 0x61 0x6D 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F0271C5-524F-FCC5-139F-D00AF3E293A0}@hagajpmnpboijhef 0x69 0x61 0x63 0x63 ...

---- EOF - GMER 1.0.15 ----

OTL

OTL logfile created on: 8/11/2010 11:25:40 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 30.00 Mb Available Physical Memory | 6.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.55 Gb Total Space | 4.28 Gb Free Space | 13.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D2SQ4L91
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/11 11:24:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/06/28 13:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/18 12:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/08/31 11:03:34 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/04/07 14:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
PRC - [2008/10/24 10:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/27 08:57:50 | 000,349,696 | ---- | M] (Xerox Corporation) -- C:\Program Files\xerox\Phaser 8510_8560\x85xzpui.exe
PRC - [2006/08/02 03:59:00 | 000,060,928 | ---- | M] () -- C:\WINDOWS\system32\x85xbgnd.exe
PRC - [2005/10/28 15:12:04 | 000,155,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2005/10/07 05:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/10/05 02:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/27 07:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/28 14:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2003/10/29 02:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/08/29 20:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 12:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe

========== Modules (SafeList) ==========

MOD - [2010/08/11 11:24:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/05 12:45:54 | 000,229,376 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\WINDOWS\System32\PuranDefragS.exe -- (PuranDefrag)
SRV - [2008/01/07 23:25:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/28 13:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 13:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 13:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 13:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 13:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 13:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\36557292.sys -- (36557292)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\3655729.sys -- (setup_9.0.0.722_11.03.2010_22-30drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\36557291.sys -- (36557291)
DRV - [2009/06/11 16:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2005/11/20 22:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/09/28 11:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 15:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/04 03:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 21:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/12/06 20:09:58 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/17 19:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/26 19:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/05/04 18:25:00 | 000,239,488 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/02/13 15:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...-rel&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...-rel&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.tsoxprid: "ZKfox002RWUS"
FF - prefs.js..browser.search.param.tsoxtbid: "68014B9E-05C8-417D-B638-D0247751F9F8-TS"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.4.0.82
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

[2008/12/16 21:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/07/11 15:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7dmr1hrn.default\extensions
[2010/07/11 15:27:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7dmr1hrn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/06 20:27:49 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7dmr1hrn.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2009/03/27 23:06:54 | 000,009,895 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7dmr1hrn.default\searchplugins\mywebsearch.xml
[2010/08/07 23:19:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/28 18:59:04 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2008/09/15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2010/07/11 15:37:43 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [BuildBU] c:\dell\bldbubg.exe ()
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShowLOMControl] Reg Error: Invalid data type. File not found
O4 - HKLM..\Run: [Tweak UI] C:\WINDOWS\System32\TWEAKUI.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [XeroxBackgroundTask] C:\WINDOWS\System32\x85xbgnd.exe ()
O4 - HKLM..\Run: [XeroxRegistation] C:\DOCUME~1\Owner\LOCALS~1\Temp\Xerox\EReg\opbreg.exe File not found
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\setup_9.0.0.722_11.03.2010_22-30.lnk = C:\Documents and Settings\Owner\Desktop\Virus Removal Tool\setup_9.0.0.722_11.03.2010_22-30\startup.exe File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.taylorbe...criptx/smsx.cab (MeadCo ScriptX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.5)
O16 - DPF: {245338C3-BCA3-4A2C-A7B7-53345999A8E8} http://www.angelswin...ed/wspellam.cab (WSpell ActiveX Spelling Checker V5.15)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1146162100312 (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.w...ler/install.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://139.182.204.3...sCamControl.ocx (CamImage Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://rim.webex.co...ort/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/02 09:30:16 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/11 11:23:58 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/11 11:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SuspectedVirus
[2010/08/10 21:24:30 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/08 00:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2010/08/07 16:03:25 | 000,049,904 | R--- | C] (Avanquest Software) -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS
[2010/08/07 16:01:57 | 000,000,000 | ---D | C] -- C:\Netgear
[2010/07/11 15:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller
[2010/07/11 15:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GooredFix Backups
[2010/07/11 15:37:36 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/06/21 12:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
[2010/06/21 12:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/06/10 19:13:45 | 000,000,000 | ---D | C] -- C:\918c0e9b0758cc051419
[2010/06/07 15:45:32 | 159,724,984 | ---- | C] (Research In Motion Ltd. ) -- C:\Documents and Settings\Owner\Desktop\T-Mobile_BlackBerry_Bold_9700_5.0.0.586.exe
[2010/05/27 13:57:02 | 000,758,272 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\xnt8560u.dll
[2010/05/27 13:57:02 | 000,161,280 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\xrx8560u.dll
[2010/05/27 13:57:01 | 000,204,288 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\x85xmrdv.dll
[2010/05/27 13:57:01 | 000,192,000 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\x85xcpl.cpl
[2010/05/27 13:57:01 | 000,158,208 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\x85xcpst.dll
[2010/05/27 13:57:01 | 000,097,792 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\x85xtcoi.dll
[2010/05/27 13:57:01 | 000,034,304 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\x85xcost.dll
[2010/05/27 13:57:01 | 000,031,232 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\x85xusd.dll
[2010/05/25 10:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\PK-2
[1 C:\Documents and Settings\Owner\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/11 11:24:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/11 10:41:45 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/08/10 21:37:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/10 21:37:36 | 536,281,088 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/10 21:36:39 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/08/10 21:34:42 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/08/10 21:25:26 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/08 09:53:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/07 16:11:01 | 000,388,118 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dnsinfo.bmp
[2010/08/05 17:45:52 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/17 16:13:51 | 000,163,999 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\kfc.pdf
[2010/07/15 18:21:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/11 15:37:43 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/06/28 13:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 13:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 13:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 13:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 13:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 13:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 13:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 13:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 13:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/25 12:36:00 | 000,514,040 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/25 12:36:00 | 000,450,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/25 12:36:00 | 000,074,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/21 17:16:26 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/06/21 17:15:49 | 011,683,173 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Backup-(2010-06-21).ipd
[2010/06/21 12:43:58 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/21 12:29:46 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/06/21 12:14:04 | 230,487,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BlackBerryDesktopManager_v 5.0.1_English_Media_Mgr.exe
[2010/06/20 22:45:22 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pool.bin
[2010/06/20 21:51:48 | 020,248,098 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Backup-(2010-06-20).ipd
[2010/06/13 22:48:30 | 019,542,955 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Backup-(2010-06-13).ipd
[2010/06/12 10:17:45 | 000,000,774 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/08 21:44:56 | 000,015,910 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Copy of InternetLeads.xml
[2010/06/07 16:26:43 | 020,872,094 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\LoaderBackup-(2010-06-07).ipd
[2010/06/07 15:47:50 | 159,724,984 | ---- | M] (Research In Motion Ltd. ) -- C:\Documents and Settings\Owner\Desktop\T-Mobile_BlackBerry_Bold_9700_5.0.0.586.exe
[2010/06/07 15:14:53 | 020,855,391 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Backup-(2010-06-07).ipd
[2010/05/27 19:29:36 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Outlook 2003.lnk
[2010/05/27 13:56:12 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Xerox Support Centre.lnk
[2010/05/27 11:35:54 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tony sanchez real estate flyer.xls
[2010/05/27 11:26:12 | 000,071,072 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/25 10:47:15 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/05/17 20:45:54 | 000,025,221 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2002%20anaheim%20angels.jpg
[1 C:\Documents and Settings\Owner\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/11 10:41:40 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/08/07 16:11:00 | 000,388,118 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dnsinfo.bmp
[2010/07/17 16:13:50 | 000,163,999 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\kfc.pdf
[2010/06/21 17:15:49 | 011,683,173 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Backup-(2010-06-21).ipd
[2010/06/21 12:29:45 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/06/21 12:12:17 | 230,487,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BlackBerryDesktopManager_v 5.0.1_English_Media_Mgr.exe
[2010/06/20 21:51:48 | 020,248,098 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Backup-(2010-06-20).ipd
[2010/06/13 22:48:30 | 019,542,955 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Backup-(2010-06-13).ipd
[2010/06/08 21:44:55 | 000,015,910 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Copy of InternetLeads.xml
[2010/06/07 16:26:43 | 020,872,094 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\LoaderBackup-(2010-06-07).ipd
[2010/06/07 15:14:53 | 020,855,391 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Backup-(2010-06-07).ipd
[2010/05/27 13:57:03 | 000,006,600 | ---- | C] () -- C:\WINDOWS\System32\xrxbeacn.tlb
[2010/05/27 13:57:02 | 000,184,832 | ---- | C] () -- C:\WINDOWS\System32\xrxbeacn.exe
[2010/05/27 13:57:02 | 000,128,512 | ---- | C] () -- C:\WINDOWS\System32\xnetsrvc.exe
[2010/05/27 13:57:02 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\xrxbcnps.dll
[2010/05/27 13:57:02 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\xnetsrvc.dll
[2010/05/27 13:57:01 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\xlibeay.dll
[2010/05/27 13:57:01 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\x85xbgnd.exe
[2010/05/27 13:56:56 | 000,001,125 | ---- | C] () -- C:\WINDOWS\System32\default.xst
[2010/05/27 13:56:12 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Xerox Support Centre.lnk
[2010/05/27 11:35:54 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tony sanchez real estate flyer.xls
[2010/05/17 20:45:50 | 000,025,221 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2002%20anaheim%20angels.jpg
[2009/10/08 18:43:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/04/05 00:41:51 | 000,000,299 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/03/04 18:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/10/31 09:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/05/02 16:16:34 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2006/05/02 16:14:14 | 000,003,679 | ---- | C] () -- C:\WINDOWS\GrAddrBk.ini
[2006/05/02 16:14:14 | 000,000,995 | ---- | C] () -- C:\WINDOWS\GRACE.INI
[2006/05/02 16:14:14 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2006/05/02 16:14:11 | 000,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2006/05/02 16:12:59 | 000,001,002 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2006/05/02 12:14:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/30 14:28:38 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/30 14:28:38 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\A5797293A0.sys
[2006/04/30 14:11:41 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/04/27 11:16:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/03/18 13:52:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/18 13:48:37 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/18 13:10:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2006/03/18 13:10:48 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini
[2006/03/18 13:09:52 | 000,000,786 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2010/03/05 14:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2005/08/16 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2007/02/08 21:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MANSION
[2009/03/28 19:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/06/21 12:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/04/10 15:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/03/18 13:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/08 14:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/12/15 14:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2009/02/25 01:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ContentGuard
[2006/04/27 14:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/01/16 23:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Microgaming
[2010/06/21 12:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
[2010/03/06 20:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sling Media
[2007/05/07 20:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2009/08/08 14:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildTangent

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/02/22 22:03:39 | 000,029,673 | ---- | M] () -- C:\aaw7boot.log
[2005/08/16 03:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/04/27 11:02:38 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/03/05 10:14:13 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2005/08/16 03:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/08/23 11:41:18 | 000,025,127 | ---- | M] () -- C:\Cucu_Video_log.txt
[2006/03/18 13:14:18 | 000,006,162 | RH-- | M] () -- C:\dell.sdr
[2010/08/10 21:37:36 | 536,281,088 | -HS- | M] () -- C:\hiberfil.sys
[2007/02/19 18:58:44 | 000,277,657 | ---- | M] () -- C:\http___mlb_mlb_com_feed_podcast_mlbradio_xml.xml
[2006/04/29 17:39:43 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 03:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/03/18 13:40:42 | 000,000,829 | -H-- | M] () -- C:\IPH.PH
[2010/05/07 17:24:59 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2005/08/16 03:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/03/03 21:19:39 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/10 21:37:20 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2010/03/05 09:39:09 | 000,000,774 | ---- | M] () -- C:\rkill.log
[2007/01/01 12:48:17 | 000,566,678 | ---- | M] () -- C:\sweb_install.log
[2006/03/18 13:40:52 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2010/03/05 13:05:31 | 000,022,410 | ---- | M] () -- C:\TDSSKiller.2.2.7.1_05.03.2010_12.05.25_log.txt
[2010/03/11 16:28:44 | 000,020,268 | ---- | M] () -- C:\TDSSKiller.2.2.7.1_11.03.2010_15.28.43_log.txt
[2010/07/11 15:58:50 | 000,048,098 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_11.07.2010_15.58.33_log.txt
[2010/07/11 15:59:39 | 000,048,098 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_11.07.2010_15.59.25_log.txt
[2010/05/27 13:57:26 | 000,001,022 | ---- | M] () -- C:\xrxnetsrvc.log

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/08/16 03:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/06/28 13:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/16 03:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 03:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 03:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%|bak;true;false;false /fp >

< %systemroot%\system32|bak;true;false;false /fp >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/03/03 21:49:01 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

OTL extras
OTL Extras logfile created on: 8/11/2010 11:25:40 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 30.00 Mb Available Physical Memory | 6.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.55 Gb Total Space | 4.28 Gb Free Space | 13.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D2SQ4L91
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"58403:TCP" = 58403:TCP:*:Enabled:Pando Media Booster
"58403:UDP" = 58403:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- File not found
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{192A3445-56FC-47B3-B706-17D599E3B630}" = CalyxLoanBridge11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3080A282-1DD2-4B3D-80CA-B9E73D182F7B}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9700 smartphone
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5B7CF62F-D339-4FAA-A610-372ED5A2787F}" = BlackBerry Desktop Software 5.0.1
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5CD4F991-BA3E-4EC4-A7A1-EFB61F4D7291}" = Setup
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2C82F57-F312-4525-A19C-40E228E09939}" = Setup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B2F3FB19-D848-479C-818E-130ABC9366DB}" = BlackBerry Device Software Updater
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F05E2B98-DA04-4FFA-8D08-DA218E6A2B47}" = Point
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BlackBerry_{5B7CF62F-D339-4FAA-A610-372ED5A2787F}" = BlackBerry Desktop Software 5.0.1
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"dcmsvc_is1" = dcmsvc 1.0
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"DVD Ripper 4" = DVD Ripper 4
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xerox_Phaser_8510_8560" = Xerox Phaser 8510_8560 Scan Driver
"Xerox_Support_Centre" = Xerox Support Centre
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/2/2010 1:55:10 PM | Computer Name = D2SQ4L91 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3828, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/3/2010 7:54:07 PM | Computer Name = D2SQ4L91 | Source = ESENT | ID = 474
Description = wuauclt (2416) The database page read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
at offset 164225024 (0x0000000009c9e000) for 4096 (0x00001000) bytes failed verification
due to a page checksum mismatch. The expected checksum was 5505084 (0x0054003c)
and the actual checksum was 2802583764 (0xa70c08d4). The read operation will fail
with error -1018 (0xfffffc06). If this condition persists then please restore
the database from a previous backup.

Error - 8/4/2010 3:01:47 PM | Computer Name = D2SQ4L91 | Source = Application Error | ID = 1000
Description = Faulting application dlactrlw.exe, version 5.20.8.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 8/6/2010 8:08:58 PM | Computer Name = D2SQ4L91 | Source = Application Error | ID = 1000
Description = Faulting application dlactrlw.exe, version 5.20.8.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 8/6/2010 11:58:15 PM | Computer Name = D2SQ4L91 | Source = Application Error | ID = 1000
Description = Faulting application dlactrlw.exe, version 5.20.8.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 8/8/2010 2:40:44 AM | Computer Name = D2SQ4L91 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00720065.

Error - 8/9/2010 1:20:54 PM | Computer Name = D2SQ4L91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/9/2010 1:20:54 PM | Computer Name = D2SQ4L91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/9/2010 1:47:57 PM | Computer Name = D2SQ4L91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/10/2010 11:57:37 PM | Computer Name = D2SQ4L91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/10/2010 11:47:51 PM | Computer Name = D2SQ4L91 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 8/10/2010 11:47:51 PM | Computer Name = D2SQ4L91 | Source = Service Control Manager | ID = 7023
Description = The Distributed Link Tracking Client service terminated with the following
error: %%998

Error - 8/10/2010 11:49:26 PM | Computer Name = D2SQ4L91 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 8/10/2010 11:52:47 PM | Computer Name = D2SQ4L91 | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 8/11/2010 12:26:01 AM | Computer Name = D2SQ4L91 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 8/11/2010 12:26:01 AM | Computer Name = D2SQ4L91 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 8/11/2010 12:26:01 AM | Computer Name = D2SQ4L91 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 8/11/2010 12:41:53 AM | Computer Name = D2SQ4L91 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 8/11/2010 12:41:53 AM | Computer Name = D2SQ4L91 | Source = Service Control Manager | ID = 7023
Description = The Distributed Link Tracking Client service terminated with the following
error: %%998

Error - 8/11/2010 12:43:17 AM | Computer Name = D2SQ4L91 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

< End of report >

#2 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 15 August 2010 - 11:49 AM

Hello robert1971 and welcome to GeeksToGo

I'm hammerman and I'm going to help you fix your problem.

Sorry for the delay in replying.

Before we begin, here are some guidelines which will help us both in fixing your problem.

Malware removal is not instantaneous and will take a number of steps to complete. Please continue to carry out the steps requested until I let you know that your computer appears clean.
Please do not attach logs or post them in Quote/Code boxes unless requested.
I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
If in doubt about anything, please ask.

As it's been a while since you last posted, let's get some fresh logs.

Run OTL

When the window appears, underneath Output at the top change it to Minimal Output.
Under the Custom Scans/Fixes box paste this in the following.

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Under Extra Registry select Use Safelist
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Then...

Please download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A black window will open on your desktop
If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_<data and time> should appear on your desktop.
Please post the contents of that file in your reply.

#3 robert1971

Group: Member
Posts: 45
Joined: 27-February 06

Posted 15 August 2010 - 12:29 PM

Thank you for replying.

Here are the requested logs:

OTL

OTL logfile created on: 8/15/2010 11:02:53 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 146.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.55 Gb Total Space | 4.10 Gb Free Space | 12.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D2SQ4L91
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe (SANDBOXIE L.T.D)
PRC - C:\Program Files\Sandboxie\SandboxieRpcSs.exe (SANDBOXIE L.T.D)
PRC - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\dcmsvc\dcmsvc.exe ()
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\xerox\Phaser 8510_8560\x85xzpui.exe (Xerox Corporation)
PRC - C:\WINDOWS\system32\x85xbgnd.exe ()
PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (PuranDefrag) -- C:\WINDOWS\System32\PuranDefragS.exe (Puran Software)
SRV - (GameConsoleService) -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)

========== Driver Services (SafeList) ==========

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
DRV - (Lbd) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (36557292) -- C:\WINDOWS\system32\DRIVERS\36557292.sys (Kaspersky Lab)
DRV - (setup_9.0.0.722_11.03.2010_22-30drv) -- C:\WINDOWS\system32\drivers\3655729.sys (Kaspersky Lab)
DRV - (36557291) -- C:\WINDOWS\system32\drivers\36557291.sys (Kaspersky Lab)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (WUSB54GPV4SRV) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...-rel&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...-rel&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.tsoxprid: "ZKfox002RWUS"
FF - prefs.js..browser.search.param.tsoxtbid: "68014B9E-05C8-417D-B638-D0247751F9F8-TS"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.4.0.82
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

[2008/12/16 21:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/07/11 15:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7dmr1hrn.default\extensions
[2010/07/11 15:27:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7dmr1hrn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/06 20:27:49 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7dmr1hrn.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2009/03/27 23:06:54 | 000,009,895 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7dmr1hrn.default\searchplugins\mywebsearch.xml
[2010/08/07 23:19:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/28 18:59:04 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2008/09/15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2010/07/11 15:37:43 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [BuildBU] c:\dell\bldbubg.exe ()
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShowLOMControl] Reg Error: Invalid data type. File not found
O4 - HKLM..\Run: [Tweak UI] C:\WINDOWS\System32\TWEAKUI.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [XeroxBackgroundTask] C:\WINDOWS\System32\x85xbgnd.exe ()
O4 - HKLM..\Run: [XeroxRegistation] C:\DOCUME~1\Owner\LOCALS~1\Temp\Xerox\EReg\opbreg.exe File not found
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\setup_9.0.0.722_11.03.2010_22-30.lnk = C:\Documents and Settings\Owner\Desktop\Virus Removal Tool\setup_9.0.0.722_11.03.2010_22-30\startup.exe File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.taylorbe...criptx/smsx.cab (MeadCo ScriptX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.5)
O16 - DPF: {245338C3-BCA3-4A2C-A7B7-53345999A8E8} http://www.angelswin...ed/wspellam.cab (WSpell ActiveX Spelling Checker V5.15)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1146162100312 (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.w...ler/install.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://139.182.204.3...sCamControl.ocx (CamImage Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://rim.webex.co...ort/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/02 09:30:16 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/11 11:23:58 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/11 11:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SuspectedVirus
[2010/08/10 21:24:30 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/08 00:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2010/08/07 16:03:25 | 000,049,904 | R--- | C] (Avanquest Software) -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS
[2010/08/07 16:01:57 | 000,000,000 | ---D | C] -- C:\Netgear
[1 C:\Documents and Settings\Owner\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/15 10:51:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/15 09:44:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/15 09:43:59 | 536,281,088 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/15 09:43:05 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/08/14 13:58:09 | 000,001,196 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010/08/14 13:47:37 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Sandboxed Web Browser.lnk
[2010/08/14 13:47:37 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2010/08/14 12:44:21 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/14 12:29:14 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/08/14 12:09:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/14 12:06:40 | 000,000,774 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/14 11:55:55 | 000,514,040 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/14 11:55:55 | 000,450,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/14 11:55:55 | 000,074,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/13 21:33:57 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/13 21:33:49 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/11 11:56:52 | 000,071,072 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/11 11:24:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/11 10:41:45 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/08/07 16:11:01 | 000,388,118 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dnsinfo.bmp
[2010/08/05 17:45:52 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/26 23:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/17 16:13:51 | 000,163,999 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\kfc.pdf
[1 C:\Documents and Settings\Owner\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/14 13:48:04 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Sandboxed Web Browser.lnk
[2010/08/14 13:48:04 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2010/08/14 13:48:01 | 000,001,196 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/08/11 10:41:40 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/08/07 16:11:00 | 000,388,118 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dnsinfo.bmp
[2010/07/17 16:13:50 | 000,163,999 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\kfc.pdf
[2010/05/27 13:57:02 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\xrxbcnps.dll
[2010/05/27 13:57:02 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\xnetsrvc.dll
[2010/05/27 13:57:01 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\xlibeay.dll
[2009/10/08 18:43:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/04/05 00:41:51 | 000,000,299 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/03/04 18:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/10/31 09:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/05/02 16:16:34 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2006/05/02 16:14:14 | 000,003,679 | ---- | C] () -- C:\WINDOWS\GrAddrBk.ini
[2006/05/02 16:14:14 | 000,000,995 | ---- | C] () -- C:\WINDOWS\GRACE.INI
[2006/05/02 16:14:14 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2006/05/02 16:14:11 | 000,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2006/05/02 16:12:59 | 000,001,002 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2006/05/02 12:14:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/30 14:28:38 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/30 14:28:38 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\A5797293A0.sys
[2006/04/30 14:11:41 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/04/27 11:16:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/03/18 13:52:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/18 13:48:37 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/18 13:10:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2006/03/18 13:10:48 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini
[2006/03/18 13:09:52 | 000,000,786 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== Custom Scans ==========

< >

< >

< %SYSTEMDRIVE%\*.* >
[2010/02/22 22:03:39 | 000,029,673 | ---- | M] () -- C:\aaw7boot.log
[2005/08/16 03:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/04/27 11:02:38 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/03/05 10:14:13 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2005/08/16 03:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/08/23 11:41:18 | 000,025,127 | ---- | M] () -- C:\Cucu_Video_log.txt
[2006/03/18 13:14:18 | 000,006,162 | RH-- | M] () -- C:\dell.sdr
[2010/08/15 09:43:59 | 536,281,088 | -HS- | M] () -- C:\hiberfil.sys
[2007/02/19 18:58:44 | 000,277,657 | ---- | M] () -- C:\http___mlb_mlb_com_feed_podcast_mlbradio_xml.xml
[2006/04/29 17:39:43 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 03:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/03/18 13:40:42 | 000,000,829 | -H-- | M] () -- C:\IPH.PH
[2010/05/07 17:24:59 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2005/08/16 03:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/03/03 21:19:39 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/15 09:43:42 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2010/03/05 09:39:09 | 000,000,774 | ---- | M] () -- C:\rkill.log
[2007/01/01 12:48:17 | 000,566,678 | ---- | M] () -- C:\sweb_install.log
[2006/03/18 13:40:52 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2010/03/05 13:05:31 | 000,022,410 | ---- | M] () -- C:\TDSSKiller.2.2.7.1_05.03.2010_12.05.25_log.txt
[2010/03/11 16:28:44 | 000,020,268 | ---- | M] () -- C:\TDSSKiller.2.2.7.1_11.03.2010_15.28.43_log.txt
[2010/07/11 15:58:50 | 000,048,098 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_11.07.2010_15.58.33_log.txt
[2010/07/11 15:59:39 | 000,048,098 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_11.07.2010_15.59.25_log.txt
[2010/05/27 13:57:26 | 000,001,022 | ---- | M] () -- C:\xrxnetsrvc.log

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/08/16 03:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/06/28 13:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %ALLUSERSPROFILE%\Application Data\*. >
[2008/10/20 19:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/02/21 00:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2010/03/05 14:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/04/27 11:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/08/08 23:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/03/05 09:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2005/08/16 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2010/02/22 22:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2006/04/27 11:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2006/03/18 13:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2008/04/05 17:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2010/02/22 22:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/02/21 16:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2007/02/08 21:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MANSION
[2010/04/14 19:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2007/04/12 21:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2009/08/08 13:33:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/03/28 19:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2006/03/18 13:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2010/06/21 12:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/06/21 12:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2008/02/09 01:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/12/15 16:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/03/04 14:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/10 15:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/25 23:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2006/03/18 13:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/08 14:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/04/27 11:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2006/09/04 13:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2006/09/04 13:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2010/05/07 17:22:10 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2009/08/08 14:19:55 | 014,468,544 | ---- | M] (WildTangent) -- C:\Documents and Settings\All Users\Application Data\WildTangent\Dell Game Console\Downloads\Installers\SetupGamesClient.exe
[2009/08/08 14:19:37 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WildTangent\Dell Game Console\Downloads\Installers\SetupGamesClient.exe_filedata
[2005/09/21 17:04:56 | 008,968,200 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WildTangent\Dell Game Console\Downloads\Installers\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.exe
[2005/09/20 11:04:14 | 006,709,248 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WildTangent\Dell Game Console\Downloads\Installers\{3C48F877-A164-45E9-B9DA-26A049FFC207}.exe
[2005/09/19 14:58:28 | 011,508,016 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WildTangent\Dell Game Console\Downloads\Installers\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.exe
[2005/09/20 11:02:48 | 014,591,376 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WildTangent\Dell Game Console\Downloads\Installers\{651956B7-1969-42AA-9453-E0B813019D54}.exe
[2005/09/20 11:03:42 | 007,662,648 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WildTangent\Dell Game Console\Downloads\Installers\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.exe
[2005/09/20 10:54:30 | 011,511,696 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WildTangent\Dell Game Console\Downloads\Installers\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.exe
[2005/09/20 10:55:26 | 011,248,376 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WildTangent\Dell Game Console\Downloads\Installers\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.exe
[2005/09/20 11:01:10 | 028,812,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WildTangent\Dell Game Console\Downloads\Installers\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.exe
[2005/09/20 10:55:54 | 006,022,512 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WildTangent\Dell Game Console\Downloads\Installers\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.exe
[2005/09/20 10:56:34 | 009,615,072 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WildTangent\Dell Game Console\Downloads\Installers\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.exe

< %APPDATA%\*. >
[2009/01/04 22:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2006/04/29 12:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2009/01/02 15:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2009/12/15 14:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2009/02/25 01:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ContentGuard
[2006/04/30 14:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Corel Photo Album
[2006/04/27 12:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Download Manager
[2007/11/18 22:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\dvdcss
[2006/07/24 21:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Google
[2006/04/27 11:15:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Gtek
[2006/04/27 11:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Help
[2005/08/16 03:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2009/12/15 15:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2009/08/08 13:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lavasoft
[2006/04/27 14:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2006/10/18 23:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2010/02/21 16:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/01/16 23:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Microgaming
[2009/08/26 11:27:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2010/01/09 14:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Move Networks
[2008/12/16 21:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2007/04/28 13:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Real
[2010/06/21 12:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
[2009/12/15 16:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Roxio
[2010/03/06 20:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sling Media
[2007/05/07 20:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2006/09/24 21:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sonic
[2006/12/25 01:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony Corporation
[2006/03/18 13:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2009/08/08 14:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildTangent

< %APPDATA%\*.exe /s >
[2006/05/02 16:14:04 | 000,004,710 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{192A3445-56FC-47B3-B706-17D599E3B630}\ARPPRODUCTICON.exe
[2010/04/01 20:11:31 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\DesktopMgr.exe
[2010/04/01 20:11:31 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010/04/01 20:11:31 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010/04/01 20:11:31 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010/04/01 20:11:32 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010/04/01 20:11:32 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010/04/01 20:11:32 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010/06/21 13:10:19 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{3080A282-1DD2-4B3D-80CA-B9E73D182F7B}\BlackBerry.exe
[2009/11/12 19:43:57 | 000,069,632 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{98DC111A-7C22-4C26-B2A1-E654264DAC1E}\DesktopMgr.exe
[2009/11/12 19:43:57 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{98DC111A-7C22-4C26-B2A1-E654264DAC1E}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2009/11/12 19:43:57 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{98DC111A-7C22-4C26-B2A1-E654264DAC1E}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2009/11/12 19:43:57 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{98DC111A-7C22-4C26-B2A1-E654264DAC1E}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2009/11/12 19:43:57 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{98DC111A-7C22-4C26-B2A1-E654264DAC1E}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2009/11/12 19:43:57 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{98DC111A-7C22-4C26-B2A1-E654264DAC1E}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2009/11/12 19:43:57 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{98DC111A-7C22-4C26-B2A1-E654264DAC1E}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2009/11/12 19:43:57 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{98DC111A-7C22-4C26-B2A1-E654264DAC1E}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010/06/20 22:55:14 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{B2F3FB19-D848-479C-818E-130ABC9366DB}\ARPPRODUCTICON.exe
[2006/05/02 16:14:51 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}\ARPPRODUCTICON.exe
[2010/01/09 14:33:05 | 001,795,704 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Move Networks\MoveMediaPlayerWin_071705000014.exe
[2008/10/07 18:58:42 | 001,011,568 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Move Networks\MoveMediaPlayer_071101000055.exe
[2010/01/09 14:33:16 | 000,144,160 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Move Networks\uninstall.exe
[2009/12/06 18:22:02 | 000,097,216 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/16 03:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 03:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 03:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-14 19:11:15

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

OTL Extras

OTL Extras logfile created on: 8/15/2010 11:02:53 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 146.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.55 Gb Total Space | 4.10 Gb Free Space | 12.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D2SQ4L91
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"58403:TCP" = 58403:TCP:*:Enabled:Pando Media Booster
"58403:UDP" = 58403:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- File not found
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{192A3445-56FC-47B3-B706-17D599E3B630}" = CalyxLoanBridge11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3080A282-1DD2-4B3D-80CA-B9E73D182F7B}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9700 smartphone
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5B7CF62F-D339-4FAA-A610-372ED5A2787F}" = BlackBerry Desktop Software 5.0.1
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5CD4F991-BA3E-4EC4-A7A1-EFB61F4D7291}" = Setup
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2C82F57-F312-4525-A19C-40E228E09939}" = Setup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B2F3FB19-D848-479C-818E-130ABC9366DB}" = BlackBerry Device Software Updater
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F05E2B98-DA04-4FFA-8D08-DA218E6A2B47}" = Point
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BlackBerry_{5B7CF62F-D339-4FAA-A610-372ED5A2787F}" = BlackBerry Desktop Software 5.0.1
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"dcmsvc_is1" = dcmsvc 1.0
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"DVD Ripper 4" = DVD Ripper 4
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.0
"Sandboxie" = Sandboxie 3.48
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xerox_Phaser_8510_8560" = Xerox Phaser 8510_8560 Scan Driver
"Xerox_Support_Centre" = Xerox Support Centre
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/6/2010 8:08:58 PM | Computer Name = D2SQ4L91 | Source = Application Error | ID = 1000
Description = Faulting application dlactrlw.exe, version 5.20.8.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 8/6/2010 11:58:15 PM | Computer Name = D2SQ4L91 | Source = Application Error | ID = 1000
Description = Faulting application dlactrlw.exe, version 5.20.8.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 8/8/2010 2:40:44 AM | Computer Name = D2SQ4L91 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00720065.

Error - 8/9/2010 1:20:54 PM | Computer Name = D2SQ4L91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/9/2010 1:20:54 PM | Computer Name = D2SQ4L91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/9/2010 1:47:57 PM | Computer Name = D2SQ4L91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/10/2010 11:57:37 PM | Computer Name = D2SQ4L91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/14/2010 1:04:49 AM | Computer Name = D2SQ4L91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/14/2010 1:04:50 AM | Computer Name = D2SQ4L91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/15/2010 12:41:24 PM | Computer Name = D2SQ4L91 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 8/14/2010 3:49:18 PM | Computer Name = D2SQ4L91 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 8/14/2010 3:58:36 PM | Computer Name = D2SQ4L91 | Source = DCOM | ID = 10010
Description = The server {0228576F-6E6C-4E1A-B175-0E46A316AFE2} did not register
with DCOM within the required timeout.

Error - 8/15/2010 12:07:03 PM | Computer Name = D2SQ4L91 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 8/15/2010 12:07:03 PM | Computer Name = D2SQ4L91 | Source = Service Control Manager | ID = 7023
Description = The Distributed Link Tracking Client service terminated with the following
error: %%998

Error - 8/15/2010 12:08:27 PM | Computer Name = D2SQ4L91 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 8/15/2010 12:39:52 PM | Computer Name = D2SQ4L91 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 8/15/2010 12:47:10 PM | Computer Name = D2SQ4L91 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 8/15/2010 12:47:10 PM | Computer Name = D2SQ4L91 | Source = Service Control Manager | ID = 7023
Description = The Distributed Link Tracking Client service terminated with the following
error: %%998

Error - 8/15/2010 12:48:31 PM | Computer Name = D2SQ4L91 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 8/15/2010 1:53:42 PM | Computer Name = D2SQ4L91 | Source = DCOM | ID = 10010
Description = The server {0228576F-6E6C-4E1A-B175-0E46A316AFE2} did not register
with DCOM within the required timeout.

< End of report >

MBR check

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 149):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF89A4000 \WINDOWS\system32\KDCOM.DLL
0xF88B4000 \WINDOWS\system32\BOOTVID.dll
0xF8375000 ACPI.sys
0xF89A6000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8364000 pci.sys
0xF84A4000 isapnp.sys
0xF88B8000 compbatt.sys
0xF88BC000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8A6C000 pciide.sys
0xF8724000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF89A8000 intelide.sys
0xF8346000 pcmcia.sys
0xF84B4000 MountMgr.sys
0xF8327000 ftdisk.sys
0xF8301000 dmio.sys
0xF872C000 PartMgr.sys
0xF84C4000 VolSnap.sys
0xF82E9000 atapi.sys
0xF84D4000 disk.sys
0xF84E4000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF82C9000 fltmgr.sys
0xF82B7000 sr.sys
0xF82A1000 DRVMCDB.SYS
0xF84F4000 PxHelp20.sys
0xF828A000 KSecDD.sys
0xF8277000 WudfPf.sys
0xF81EA000 Ntfs.sys
0xF81BD000 NDIS.sys
0xF8504000 ohci1394.sys
0xF8514000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF81A3000 Mup.sys
0xF8524000 36557292.sys
0xF8544000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF8554000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF8948000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF8005000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF7FF1000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF878C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7FCD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF87BC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF8564000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF7FB9000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF7F5E000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF7F1B000 \SystemRoot\system32\drivers\STAC97.sys
0xF7EF7000 \SystemRoot\system32\drivers\portcls.sys
0xF8574000 \SystemRoot\system32\drivers\drmk.sys
0xF7ED4000 \SystemRoot\system32\drivers\ks.sys
0xF7EA1000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF7DA4000 \SystemRoot\system32\DRIVERS\HSF_DPV.SYS
0xF7CF7000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF87EC000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8584000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7CDC000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF883C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF884C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8594000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF89C2000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF85A4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF85B4000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF89C6000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF8A96000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF89CA000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF85C4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8166000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF7CC5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF85D4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF85E4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF874C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7C14000 \SystemRoot\system32\DRIVERS\psched.sys
0xF85F4000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8774000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8784000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF879C000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF7BE4000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8604000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF89D0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7B5E000 \SystemRoot\system32\DRIVERS\update.sys
0xF8944000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8864000 \SystemRoot\system32\DRIVERS\omci.sys
0xF8614000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8644000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF89DC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8998000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF5AC5000 \SystemRoot\system32\DRIVERS\3655729.sys
0xF89E8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8B83000 \SystemRoot\System32\Drivers\Null.SYS
0xF89EC000 \SystemRoot\System32\Drivers\Beep.SYS
0xF87FC000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF880C000 \SystemRoot\System32\drivers\vga.sys
0xF89F0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF89F4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF881C000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF882C000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF816A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF5A6A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF5A11000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF8654000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF59EB000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF59C3000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7BCC000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF59A1000 \SystemRoot\System32\drivers\afd.sys
0xF8664000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF5976000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF5906000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8684000 \SystemRoot\System32\Drivers\Fips.SYS
0xF583F000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7B52000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF8834000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF531F000 \SystemRoot\system32\DRIVERS\36557291.sys
0xF86B4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF86C4000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF86D4000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF52DF000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8A04000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF5A85000 \SystemRoot\System32\drivers\Dxapi.sys
0xF87F4000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8BE6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF049000 \SystemRoot\System32\ati2cqag.dll
0xBF07D000 \SystemRoot\System32\atikvmag.dll
0xBF0B2000 \SystemRoot\System32\ati3duag.dll
0xBF2F4000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF52D3000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF8704000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF8A81000 \SystemRoot\System32\DLA\DLADResN.SYS
0xF3161000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xF52CB000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF89FA000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF889C000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xF3149000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xF3133000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xF2FD3000 \??\C:\Program Files\Sandboxie\SbieDrv.sys
0xF302B000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xF3033000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF2EA4000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xF2CE7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF88A4000 \SystemRoot\System32\drivers\aspi32.sys
0xF2B8E000 \SystemRoot\System32\Drivers\HTTP.sys
0xF2AE7000 \SystemRoot\system32\DRIVERS\srv.sys
0xF2E2C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF87A4000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF23F2000 \SystemRoot\system32\drivers\wdmaud.sys
0xF2AB7000 \SystemRoot\system32\drivers\sysaudio.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 62):
0 System Idle Process
4 System
476 C:\WINDOWS\system32\smss.exe
856 csrss.exe
916 C:\WINDOWS\system32\winlogon.exe
964 C:\WINDOWS\system32\services.exe
976 C:\WINDOWS\system32\lsass.exe
1148 C:\WINDOWS\system32\ati2evxx.exe
1172 C:\WINDOWS\system32\svchost.exe
1292 svchost.exe
1332 C:\Program Files\Sandboxie\SbieSvc.exe
1352 C:\WINDOWS\system32\svchost.exe
1432 C:\WINDOWS\system32\svchost.exe
1628 svchost.exe
1672 svchost.exe
1880 C:\WINDOWS\system32\WLTRYSVC.EXE
1892 C:\WINDOWS\system32\BCMWLTRY.EXE
1940 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
740 C:\WINDOWS\system32\spoolsv.exe
908 svchost.exe
1236 C:\WINDOWS\ehome\ehrecvr.exe
1400 C:\WINDOWS\ehome\ehSched.exe
1616 C:\WINDOWS\system32\svchost.exe
1636 C:\Program Files\Java\jre6\bin\jqs.exe
1760 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1844 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
1984 svchost.exe
2016 C:\WINDOWS\system32\svchost.exe
2128 mcrdsvc.exe
2336 wmpnetwk.exe
3224 C:\WINDOWS\system32\dllhost.exe
3564 wmiprvse.exe
3732 alg.exe
2920 C:\WINDOWS\system32\ati2evxx.exe
244 C:\WINDOWS\explorer.exe
2088 C:\WINDOWS\system32\wuauclt.exe
2092 C:\WINDOWS\ehome\ehtray.exe
4072 C:\Program Files\Apoint\Apoint.exe
2164 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
2332 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
372 C:\WINDOWS\system32\WLTRAY.EXE
2932 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
3108 C:\Program Files\Apoint\ApntEx.exe
2992 C:\Program Files\Apoint\hidfind.exe
3672 C:\Program Files\dcmsvc\dcmsvc.exe
3172 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3180 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
2688 C:\WINDOWS\system32\x85xbgnd.exe
3312 C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
2312 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
3368 C:\WINDOWS\system32\ctfmon.exe
2216 C:\Program Files\xerox\Phaser 8510_8560\x85xzpui.exe
3484 C:\Program Files\Messenger\msmsgs.exe
2028 C:\Program Files\Sandboxie\SbieCtrl.exe
440 C:\Program Files\Digital Line Detect\DLG.exe
2808 C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
2552 C:\Program Files\Sandboxie\SandboxieRpcSs.exe
3488 C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
172 C:\Program Files\Internet Explorer\iexplore.exe
3852 C:\Program Files\Internet Explorer\iexplore.exe
2868 C:\WINDOWS\system32\wuauclt.exe
3828 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541040G9AT00, Rev: MB2OA61A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 79BCE648F143823706869D592F56B05B3E4D6E83

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#4 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 15 August 2010 - 01:25 PM

Hi,

Getting a little low on disk space.

Drive C: | 32.55 Gb Total Space | 4.10 Gb Free Space | 12.61% Space Free

Please follow these steps.

-- Step 1 --

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2009/03/27 23:06:54 | 000,009,895 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7dmr1hrn.default\searchplugins\mywebsearch.xml
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\setup_9.0.0.722_11.03.2010_22-30.lnk = C:\Documents and Settings\Owner\Desktop\Virus Removal Tool\setup_9.0.0.722_11.03.2010_22-30\startup.exe File not found
DRV - (Lbd) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found
DRV - (36557292) -- C:\WINDOWS\system32\DRIVERS\36557292.sys (Kaspersky Lab)
DRV - (setup_9.0.0.722_11.03.2010_22-30drv) -- C:\WINDOWS\system32\drivers\3655729.sys (Kaspersky Lab)
DRV - (36557291) -- C:\WINDOWS\system32\drivers\36557291.sys (Kaspersky Lab)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
This fix will produce a report. Please add this to your reply.

-- Step 2 --

Run MBRCheck again.
When prompted, enter Y for more options
Then enter 1 to dump the MBR of a physical disk to file
When you are prompted Enter the physical disk number to fix (0-99, -1 to cancel):, enter 0.
Name the dumped file as Dump.dat
Enter -1 to exit

A log file named "dump.dat" will be located in the same folder as MBRCheck was saved. Please zip it up and attach in your next reply.

-- Step 3 --

Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
Click the "Download JRE" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u21-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586.exe and select "Run as an Administrator.")

-- Step 4 --

Please post these logs.

C:\TDSSKiller.2.2.7.1_05.03.2010_12.05.25_log.txt
C:\TDSSKiller.2.2.7.1_11.03.2010_15.28.43_log.txt
C:\TDSSKiller.2.3.2.2_11.07.2010_15.58.33_log.txt
C:\TDSSKiller.2.3.2.2_11.07.2010_15.59.25_log.txt

#5 robert1971

Group: Member
Posts: 45
Joined: 27-February 06

Posted 15 August 2010 - 02:43 PM

Ok, Thanks again for your help....
here are the logs:

***OTL***

All processes killed
========== OTL ==========
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7dmr1hrn.default\searchplugins\mywebsearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\setup_9.0.0.722_11.03.2010_22-30.lnk moved successfully.
Service Lbd stopped successfully!
Service Lbd deleted successfully!
File C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found not found.
Error: Unable to stop service 36557292!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\36557292 deleted successfully.
C:\WINDOWS\system32\drivers\36557292.sys moved successfully.
Error: Unable to stop service setup_9.0.0.722_11.03.2010_22-30drv!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\setup_9.0.0.722_11.03.2010_22-30drv deleted successfully.
C:\WINDOWS\system32\drivers\3655729.sys moved successfully.
Error: Unable to stop service 36557291!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\36557291 deleted successfully.
C:\WINDOWS\system32\drivers\36557291.sys moved successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 1974141 bytes
->Temporary Internet Files folder emptied: 5389295 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 2333 bytes

User: Toni
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105847 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12802522 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 20.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Toni
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 08152010_124321

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

**********************************Unable to do Java Update
I tried to do the Java update but it said, "your download transaction cannot be approved"

***TDSS log #1***

12:05:25:640 0532 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
12:05:25:640 0532 ================================================================================
12:05:25:640 0532 SystemInfo:

12:05:25:640 0532 OS Version: 5.1.2600 ServicePack: 3.0
12:05:25:640 0532 Product type: Workstation
12:05:25:640 0532 ComputerName: D2SQ4L91
12:05:25:640 0532 UserName: Owner
12:05:25:640 0532 Windows directory: C:\WINDOWS
12:05:25:640 0532 Processor architecture: Intel x86
12:05:25:640 0532 Number of processors: 1
12:05:25:640 0532 Page size: 0x1000
12:05:25:640 0532 Boot type: Normal boot
12:05:25:640 0532 ================================================================================
12:05:25:687 0532 UnloadDriverW: NtUnloadDriver error 2
12:05:25:687 0532 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
12:05:25:843 0532 Initialize success
12:05:25:843 0532
12:05:25:843 0532 Scanning Services ...
12:05:25:843 0532 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
12:05:25:843 0532 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
12:05:25:843 0532 wfopen_ex: Trying to KLMD file open
12:05:25:843 0532 wfopen_ex: File opened ok (Flags 2)
12:05:25:843 0532 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
12:05:25:843 0532 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
12:05:25:843 0532 wfopen_ex: Trying to KLMD file open
12:05:25:843 0532 wfopen_ex: File opened ok (Flags 2)
12:05:26:562 0532 GetAdvancedServicesInfo: Raw services enum returned 368 services
12:05:26:578 0532 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
12:05:26:578 0532 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
12:05:26:578 0532
12:05:26:578 0532 Scanning Kernel memory ...
12:05:26:578 0532 Devices to scan: 4
12:05:26:578 0532
12:05:26:578 0532 Driver Name: Disk
12:05:26:578 0532 IRP_MJ_CREATE : F84EABB0
12:05:26:578 0532 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
12:05:26:578 0532 IRP_MJ_CLOSE : F84EABB0
12:05:26:578 0532 IRP_MJ_READ : F84E4D1F
12:05:26:578 0532 IRP_MJ_WRITE : F84E4D1F
12:05:26:578 0532 IRP_MJ_QUERY_INFORMATION : 804F355A
12:05:26:578 0532 IRP_MJ_SET_INFORMATION : 804F355A
12:05:26:578 0532 IRP_MJ_QUERY_EA : 804F355A
12:05:26:578 0532 IRP_MJ_SET_EA : 804F355A
12:05:26:578 0532 IRP_MJ_FLUSH_BUFFERS : F84E52E2
12:05:26:578 0532 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
12:05:26:578 0532 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
12:05:26:578 0532 IRP_MJ_DIRECTORY_CONTROL : 804F355A
12:05:26:578 0532 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
12:05:26:578 0532 IRP_MJ_DEVICE_CONTROL : F84E53BB
12:05:26:578 0532 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84E8F28
12:05:26:578 0532 IRP_MJ_SHUTDOWN : F84E52E2
12:05:26:578 0532 IRP_MJ_LOCK_CONTROL : 804F355A
12:05:26:578 0532 IRP_MJ_CLEANUP : 804F355A
12:05:26:578 0532 IRP_MJ_CREATE_MAILSLOT : 804F355A
12:05:26:578 0532 IRP_MJ_QUERY_SECURITY : 804F355A
12:05:26:578 0532 IRP_MJ_SET_SECURITY : 804F355A
12:05:26:578 0532 IRP_MJ_POWER : F84E6C82
12:05:26:578 0532 IRP_MJ_SYSTEM_CONTROL : F84EB99E
12:05:26:578 0532 IRP_MJ_DEVICE_CHANGE : 804F355A
12:05:26:578 0532 IRP_MJ_QUERY_QUOTA : 804F355A
12:05:26:578 0532 IRP_MJ_SET_QUOTA : 804F355A
12:05:26:593 0532 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
12:05:26:593 0532 sion
12:05:26:609 0532 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
12:05:26:609 0532
12:05:26:609 0532 Driver Name: Disk
12:05:26:609 0532 IRP_MJ_CREATE : F84EABB0
12:05:26:609 0532 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
12:05:26:609 0532 IRP_MJ_CLOSE : F84EABB0
12:05:26:609 0532 IRP_MJ_READ : F84E4D1F
12:05:26:609 0532 IRP_MJ_WRITE : F84E4D1F
12:05:26:609 0532 IRP_MJ_QUERY_INFORMATION : 804F355A
12:05:26:609 0532 IRP_MJ_SET_INFORMATION : 804F355A
12:05:26:609 0532 IRP_MJ_QUERY_EA : 804F355A
12:05:26:609 0532 IRP_MJ_SET_EA : 804F355A
12:05:26:609 0532 IRP_MJ_FLUSH_BUFFERS : F84E52E2
12:05:26:609 0532 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
12:05:26:609 0532 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
12:05:26:609 0532 IRP_MJ_DIRECTORY_CONTROL : 804F355A
12:05:26:609 0532 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
12:05:26:609 0532 IRP_MJ_DEVICE_CONTROL : F84E53BB
12:05:26:609 0532 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84E8F28
12:05:26:609 0532 IRP_MJ_SHUTDOWN : F84E52E2
12:05:26:609 0532 IRP_MJ_LOCK_CONTROL : 804F355A
12:05:26:609 0532 IRP_MJ_CLEANUP : 804F355A
12:05:26:609 0532 IRP_MJ_CREATE_MAILSLOT : 804F355A
12:05:26:609 0532 IRP_MJ_QUERY_SECURITY : 804F355A
12:05:26:609 0532 IRP_MJ_SET_SECURITY : 804F355A
12:05:26:609 0532 IRP_MJ_POWER : F84E6C82
12:05:26:609 0532 IRP_MJ_SYSTEM_CONTROL : F84EB99E
12:05:26:609 0532 IRP_MJ_DEVICE_CHANGE : 804F355A
12:05:26:609 0532 IRP_MJ_QUERY_QUOTA : 804F355A
12:05:26:609 0532 IRP_MJ_SET_QUOTA : 804F355A
12:05:26:609 0532 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
12:05:26:609 0532 sion
12:05:26:609 0532 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
12:05:26:609 0532
12:05:26:609 0532 Driver Name: Disk
12:05:26:609 0532 IRP_MJ_CREATE : F84EABB0
12:05:26:609 0532 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
12:05:26:609 0532 IRP_MJ_CLOSE : F84EABB0
12:05:26:609 0532 IRP_MJ_READ : F84E4D1F
12:05:26:609 0532 IRP_MJ_WRITE : F84E4D1F
12:05:26:609 0532 IRP_MJ_QUERY_INFORMATION : 804F355A
12:05:26:609 0532 IRP_MJ_SET_INFORMATION : 804F355A
12:05:26:609 0532 IRP_MJ_QUERY_EA : 804F355A
12:05:26:609 0532 IRP_MJ_SET_EA : 804F355A
12:05:26:609 0532 IRP_MJ_FLUSH_BUFFERS : F84E52E2
12:05:26:609 0532 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
12:05:26:609 0532 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
12:05:26:609 0532 IRP_MJ_DIRECTORY_CONTROL : 804F355A
12:05:26:609 0532 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
12:05:26:609 0532 IRP_MJ_DEVICE_CONTROL : F84E53BB
12:05:26:609 0532 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84E8F28
12:05:26:609 0532 IRP_MJ_SHUTDOWN : F84E52E2
12:05:26:609 0532 IRP_MJ_LOCK_CONTROL : 804F355A
12:05:26:609 0532 IRP_MJ_CLEANUP : 804F355A
12:05:26:609 0532 IRP_MJ_CREATE_MAILSLOT : 804F355A
12:05:26:609 0532 IRP_MJ_QUERY_SECURITY : 804F355A
12:05:26:609 0532 IRP_MJ_SET_SECURITY : 804F355A
12:05:26:609 0532 IRP_MJ_POWER : F84E6C82
12:05:26:609 0532 IRP_MJ_SYSTEM_CONTROL : F84EB99E
12:05:26:609 0532 IRP_MJ_DEVICE_CHANGE : 804F355A
12:05:26:609 0532 IRP_MJ_QUERY_QUOTA : 804F355A
12:05:26:609 0532 IRP_MJ_SET_QUOTA : 804F355A
12:05:26:609 0532 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
12:05:26:609 0532 sion
12:05:26:625 0532 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
12:05:26:625 0532
12:05:26:625 0532 Driver Name: atapi
12:05:26:625 0532 IRP_MJ_CREATE : 82AEEA9A
12:05:26:625 0532 IRP_MJ_CREATE_NAMED_PIPE : 82AEEA9A
12:05:26:625 0532 IRP_MJ_CLOSE : 82AEEA9A
12:05:26:625 0532 IRP_MJ_READ : 82AEEA9A
12:05:26:625 0532 IRP_MJ_WRITE : 82AEEA9A
12:05:26:625 0532 IRP_MJ_QUERY_INFORMATION : 82AEEA9A
12:05:26:625 0532 IRP_MJ_SET_INFORMATION : 82AEEA9A
12:05:26:625 0532 IRP_MJ_QUERY_EA : 82AEEA9A
12:05:26:625 0532 IRP_MJ_SET_EA : 82AEEA9A
12:05:26:625 0532 IRP_MJ_FLUSH_BUFFERS : 82AEEA9A
12:05:26:625 0532 IRP_MJ_QUERY_VOLUME_INFORMATION : 82AEEA9A
12:05:26:625 0532 IRP_MJ_SET_VOLUME_INFORMATION : 82AEEA9A
12:05:26:625 0532 IRP_MJ_DIRECTORY_CONTROL : 82AEEA9A
12:05:26:625 0532 IRP_MJ_FILE_SYSTEM_CONTROL : 82AEEA9A
12:05:26:625 0532 IRP_MJ_DEVICE_CONTROL : 82AEEA9A
12:05:26:625 0532 IRP_MJ_INTERNAL_DEVICE_CONTROL : 82AEEA9A
12:05:26:625 0532 IRP_MJ_SHUTDOWN : 82AEEA9A
12:05:26:625 0532 IRP_MJ_LOCK_CONTROL : 82AEEA9A
12:05:26:625 0532 IRP_MJ_CLEANUP : 82AEEA9A
12:05:26:625 0532 IRP_MJ_CREATE_MAILSLOT : 82AEEA9A
12:05:26:625 0532 IRP_MJ_QUERY_SECURITY : 82AEEA9A
12:05:26:625 0532 IRP_MJ_SET_SECURITY : 82AEEA9A
12:05:26:625 0532 IRP_MJ_POWER : 82AEEA9A
12:05:26:625 0532 IRP_MJ_SYSTEM_CONTROL : 82AEEA9A
12:05:26:625 0532 IRP_MJ_DEVICE_CHANGE : 82AEEA9A
12:05:26:625 0532 IRP_MJ_QUERY_QUOTA : 82AEEA9A
12:05:26:625 0532 IRP_MJ_SET_QUOTA : 82AEEA9A
12:05:26:625 0532 ihd: 0, 0, 607, 138, 3, 120, 1
12:05:26:625 0532 Driver "atapi" Irp handler infected by TDSS rootkit ... 12:05:26:625 0532 cured
12:05:26:625 0532 Driver "atapi" StartIo handler infected by TDSS rootkit ... 12:05:26:625 0532 cured
12:05:26:625 0532 siohd: 1
12:05:26:625 0532 Driver "atapi" StartIo handler infected by TDSS rootkit ... 12:05:26:625 0532 cured
12:05:26:656 0532 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Infected
12:05:26:656 0532 File C:\WINDOWS\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 12:05:26:656 0532 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
12:05:26:656 0532 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
12:05:26:906 0532 vfvi6
12:05:27:171 0532 !dsvbh1
12:05:31:000 0532 dsvbh2
12:05:31:000 0532 fdfb2
12:05:31:000 0532 Backup copy found, using it..
12:05:31:078 0532 will be cured on next reboot
12:05:31:078 0532 Reboot required for cure complete..
12:05:31:109 0532 Cure on reboot scheduled successfully
12:05:31:109 0532
12:05:31:109 0532 Completed
12:05:31:109 0532
12:05:31:109 0532 Results:
12:05:31:109 0532 Memory objects infected / cured / cured on reboot: 3 / 3 / 0
12:05:31:109 0532 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
12:05:31:109 0532 File objects infected / cured / cured on reboot: 1 / 0 / 1
12:05:31:109 0532
12:05:31:109 0532 UnloadDriverW: NtUnloadDriver error 1
12:05:31:109 0532 KLMD_Unload: UnloadDriverW(klmd21) error 1
12:05:31:109 0532 KLMD(ARK) unloaded successfully

***TDSS #2***
15:28:43:375 1864 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
15:28:43:375 1864 ================================================================================
15:28:43:375 1864 SystemInfo:

15:28:43:375 1864 OS Version: 5.1.2600 ServicePack: 3.0
15:28:43:375 1864 Product type: Workstation
15:28:43:375 1864 ComputerName: D2SQ4L91
15:28:43:375 1864 UserName: Owner
15:28:43:375 1864 Windows directory: C:\WINDOWS
15:28:43:375 1864 Processor architecture: Intel x86
15:28:43:375 1864 Number of processors: 1
15:28:43:375 1864 Page size: 0x1000
15:28:43:375 1864 Boot type: Safe boot
15:28:43:375 1864 ================================================================================
15:28:43:375 1864 UnloadDriverW: NtUnloadDriver error 2
15:28:43:375 1864 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
15:28:43:515 1864 Initialize success
15:28:43:515 1864
15:28:43:515 1864 Scanning Services ...
15:28:43:515 1864 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
15:28:43:515 1864 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:28:43:515 1864 wfopen_ex: Trying to KLMD file open
15:28:43:515 1864 wfopen_ex: File opened ok (Flags 2)
15:28:43:515 1864 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
15:28:43:515 1864 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:28:43:515 1864 wfopen_ex: Trying to KLMD file open
15:28:43:515 1864 wfopen_ex: File opened ok (Flags 2)
15:28:44:281 1864 GetAdvancedServicesInfo: Raw services enum returned 381 services
15:28:44:296 1864 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
15:28:44:296 1864 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
15:28:44:296 1864
15:28:44:296 1864 Scanning Kernel memory ...
15:28:44:296 1864 Devices to scan: 4
15:28:44:296 1864
15:28:44:296 1864 Driver Name: Disk
15:28:44:296 1864 IRP_MJ_CREATE : F85BBBB0
15:28:44:296 1864 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
15:28:44:296 1864 IRP_MJ_CLOSE : F85BBBB0
15:28:44:296 1864 IRP_MJ_READ : F85B5D1F
15:28:44:296 1864 IRP_MJ_WRITE : F85B5D1F
15:28:44:296 1864 IRP_MJ_QUERY_INFORMATION : 804FA88E
15:28:44:296 1864 IRP_MJ_SET_INFORMATION : 804FA88E
15:28:44:296 1864 IRP_MJ_QUERY_EA : 804FA88E
15:28:44:296 1864 IRP_MJ_SET_EA : 804FA88E
15:28:44:296 1864 IRP_MJ_FLUSH_BUFFERS : F85B62E2
15:28:44:296 1864 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
15:28:44:296 1864 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
15:28:44:296 1864 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
15:28:44:296 1864 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
15:28:44:296 1864 IRP_MJ_DEVICE_CONTROL : F85B63BB
15:28:44:296 1864 IRP_MJ_INTERNAL_DEVICE_CONTROL : F85B9F28
15:28:44:296 1864 IRP_MJ_SHUTDOWN : F85B62E2
15:28:44:296 1864 IRP_MJ_LOCK_CONTROL : 804FA88E
15:28:44:296 1864 IRP_MJ_CLEANUP : 804FA88E
15:28:44:296 1864 IRP_MJ_CREATE_MAILSLOT : 804FA88E
15:28:44:296 1864 IRP_MJ_QUERY_SECURITY : 804FA88E
15:28:44:296 1864 IRP_MJ_SET_SECURITY : 804FA88E
15:28:44:296 1864 IRP_MJ_POWER : F85B7C82
15:28:44:296 1864 IRP_MJ_SYSTEM_CONTROL : F85BC99E
15:28:44:296 1864 IRP_MJ_DEVICE_CHANGE : 804FA88E
15:28:44:296 1864 IRP_MJ_QUERY_QUOTA : 804FA88E
15:28:44:296 1864 IRP_MJ_SET_QUOTA : 804FA88E
15:28:44:328 1864 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:28:44:328 1864 sion
15:28:44:343 1864 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:28:44:343 1864
15:28:44:343 1864 Driver Name: Disk
15:28:44:343 1864 IRP_MJ_CREATE : F85BBBB0
15:28:44:343 1864 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
15:28:44:343 1864 IRP_MJ_CLOSE : F85BBBB0
15:28:44:343 1864 IRP_MJ_READ : F85B5D1F
15:28:44:343 1864 IRP_MJ_WRITE : F85B5D1F
15:28:44:343 1864 IRP_MJ_QUERY_INFORMATION : 804FA88E
15:28:44:343 1864 IRP_MJ_SET_INFORMATION : 804FA88E
15:28:44:343 1864 IRP_MJ_QUERY_EA : 804FA88E
15:28:44:343 1864 IRP_MJ_SET_EA : 804FA88E
15:28:44:343 1864 IRP_MJ_FLUSH_BUFFERS : F85B62E2
15:28:44:343 1864 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
15:28:44:343 1864 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
15:28:44:343 1864 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
15:28:44:343 1864 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
15:28:44:343 1864 IRP_MJ_DEVICE_CONTROL : F85B63BB
15:28:44:343 1864 IRP_MJ_INTERNAL_DEVICE_CONTROL : F85B9F28
15:28:44:343 1864 IRP_MJ_SHUTDOWN : F85B62E2
15:28:44:343 1864 IRP_MJ_LOCK_CONTROL : 804FA88E
15:28:44:343 1864 IRP_MJ_CLEANUP : 804FA88E
15:28:44:343 1864 IRP_MJ_CREATE_MAILSLOT : 804FA88E
15:28:44:343 1864 IRP_MJ_QUERY_SECURITY : 804FA88E
15:28:44:343 1864 IRP_MJ_SET_SECURITY : 804FA88E
15:28:44:343 1864 IRP_MJ_POWER : F85B7C82
15:28:44:343 1864 IRP_MJ_SYSTEM_CONTROL : F85BC99E
15:28:44:343 1864 IRP_MJ_DEVICE_CHANGE : 804FA88E
15:28:44:343 1864 IRP_MJ_QUERY_QUOTA : 804FA88E
15:28:44:343 1864 IRP_MJ_SET_QUOTA : 804FA88E
15:28:44:359 1864 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:28:44:359 1864 sion
15:28:44:390 1864 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:28:44:390 1864
15:28:44:390 1864 Driver Name: Disk
15:28:44:390 1864 IRP_MJ_CREATE : F85BBBB0
15:28:44:390 1864 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
15:28:44:390 1864 IRP_MJ_CLOSE : F85BBBB0
15:28:44:390 1864 IRP_MJ_READ : F85B5D1F
15:28:44:390 1864 IRP_MJ_WRITE : F85B5D1F
15:28:44:390 1864 IRP_MJ_QUERY_INFORMATION : 804FA88E
15:28:44:390 1864 IRP_MJ_SET_INFORMATION : 804FA88E
15:28:44:390 1864 IRP_MJ_QUERY_EA : 804FA88E
15:28:44:390 1864 IRP_MJ_SET_EA : 804FA88E
15:28:44:390 1864 IRP_MJ_FLUSH_BUFFERS : F85B62E2
15:28:44:390 1864 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
15:28:44:390 1864 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
15:28:44:390 1864 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
15:28:44:390 1864 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
15:28:44:390 1864 IRP_MJ_DEVICE_CONTROL : F85B63BB
15:28:44:390 1864 IRP_MJ_INTERNAL_DEVICE_CONTROL : F85B9F28
15:28:44:390 1864 IRP_MJ_SHUTDOWN : F85B62E2
15:28:44:390 1864 IRP_MJ_LOCK_CONTROL : 804FA88E
15:28:44:390 1864 IRP_MJ_CLEANUP : 804FA88E
15:28:44:390 1864 IRP_MJ_CREATE_MAILSLOT : 804FA88E
15:28:44:390 1864 IRP_MJ_QUERY_SECURITY : 804FA88E
15:28:44:390 1864 IRP_MJ_SET_SECURITY : 804FA88E
15:28:44:390 1864 IRP_MJ_POWER : F85B7C82
15:28:44:390 1864 IRP_MJ_SYSTEM_CONTROL : F85BC99E
15:28:44:390 1864 IRP_MJ_DEVICE_CHANGE : 804FA88E
15:28:44:390 1864 IRP_MJ_QUERY_QUOTA : 804FA88E
15:28:44:390 1864 IRP_MJ_SET_QUOTA : 804FA88E
15:28:44:406 1864 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:28:44:406 1864 sion
15:28:44:421 1864 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:28:44:421 1864
15:28:44:421 1864 Driver Name: atapi
15:28:44:421 1864 IRP_MJ_CREATE : F84A46F2
15:28:44:421 1864 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
15:28:44:421 1864 IRP_MJ_CLOSE : F84A46F2
15:28:44:421 1864 IRP_MJ_READ : 804FA88E
15:28:44:421 1864 IRP_MJ_WRITE : 804FA88E
15:28:44:421 1864 IRP_MJ_QUERY_INFORMATION : 804FA88E
15:28:44:421 1864 IRP_MJ_SET_INFORMATION : 804FA88E
15:28:44:421 1864 IRP_MJ_QUERY_EA : 804FA88E
15:28:44:421 1864 IRP_MJ_SET_EA : 804FA88E
15:28:44:421 1864 IRP_MJ_FLUSH_BUFFERS : 804FA88E
15:28:44:421 1864 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
15:28:44:421 1864 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
15:28:44:421 1864 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
15:28:44:421 1864 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
15:28:44:421 1864 IRP_MJ_DEVICE_CONTROL : F84A4712
15:28:44:421 1864 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84A0852
15:28:44:421 1864 IRP_MJ_SHUTDOWN : 804FA88E
15:28:44:421 1864 IRP_MJ_LOCK_CONTROL : 804FA88E
15:28:44:421 1864 IRP_MJ_CLEANUP : 804FA88E
15:28:44:421 1864 IRP_MJ_CREATE_MAILSLOT : 804FA88E
15:28:44:421 1864 IRP_MJ_QUERY_SECURITY : 804FA88E
15:28:44:421 1864 IRP_MJ_SET_SECURITY : 804FA88E
15:28:44:421 1864 IRP_MJ_POWER : F84A473C
15:28:44:421 1864 IRP_MJ_SYSTEM_CONTROL : F84AB336
15:28:44:421 1864 IRP_MJ_DEVICE_CHANGE : 804FA88E
15:28:44:421 1864 IRP_MJ_QUERY_QUOTA : 804FA88E
15:28:44:421 1864 IRP_MJ_SET_QUOTA : 804FA88E
15:28:44:531 1864 siohd: 0
15:28:44:562 1864 C:\WINDOWS\system32\drivers\atapi.sys - Verdict: Clean
15:28:44:562 1864
15:28:44:562 1864 Completed
15:28:44:578 1864
15:28:44:578 1864 Results:
15:28:44:578 1864 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
15:28:44:578 1864 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
15:28:44:578 1864 File objects infected / cured / cured on reboot: 0 / 0 / 0
15:28:44:578 1864
15:28:44:578 1864 KLMD(ARK) unloaded successfully

***TDSS #3***
15:58:33:406 1700 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
15:58:33:406 1700 ================================================================================
15:58:33:406 1700 SystemInfo:

15:58:33:406 1700 OS Version: 5.1.2600 ServicePack: 3.0
15:58:33:406 1700 Product type: Workstation
15:58:33:406 1700 ComputerName: D2SQ4L91
15:58:33:406 1700 UserName: Owner
15:58:33:406 1700 Windows directory: C:\WINDOWS
15:58:33:406 1700 System windows directory: C:\WINDOWS
15:58:33:406 1700 Processor architecture: Intel x86
15:58:33:406 1700 Number of processors: 1
15:58:33:406 1700 Page size: 0x1000
15:58:33:406 1700 Boot type: Normal boot
15:58:33:406 1700 ================================================================================
15:58:34:500 1700 Initialize success
15:58:34:515 1700
15:58:34:515 1700 Scanning Services ...
15:58:35:156 1700 Raw services enum returned 382 services
15:58:35:171 1700
15:58:35:187 1700 Scanning Drivers ...
15:58:36:546 1700 36557291 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\36557291.sys
15:58:36:578 1700 36557292 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\36557292.sys
15:58:36:640 1700 Aavmker4 (a5246ed2586aa807af0bcf63165a71cc) C:\WINDOWS\system32\drivers\Aavmker4.sys
15:58:36:703 1700 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:58:36:765 1700 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:58:36:828 1700 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:58:36:875 1700 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:58:36:937 1700 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:58:37:015 1700 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:58:37:093 1700 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
15:58:37:234 1700 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:58:37:265 1700 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:58:37:296 1700 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:58:37:328 1700 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:58:37:359 1700 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:58:37:390 1700 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:58:37:453 1700 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:58:37:484 1700 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:58:37:515 1700 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:58:37:578 1700 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
15:58:37:656 1700 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
15:58:37:796 1700 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:58:37:968 1700 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:58:38:000 1700 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:58:38:031 1700 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:58:38:078 1700 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
15:58:38:140 1700 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:58:38:203 1700 aswMon2 (81432b1a4b31036c822eb967decf613c) C:\WINDOWS\system32\drivers\aswMon2.sys
15:58:38:265 1700 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:\WINDOWS\system32\drivers\aswRdr.sys
15:58:38:296 1700 aswSP (d78b644816db540e103d0b0766fd9967) C:\WINDOWS\system32\drivers\aswSP.sys
15:58:38:343 1700 aswTdi (606d731008d98b6ef946730c597c1642) C:\WINDOWS\system32\drivers\aswTdi.sys
15:58:38:390 1700 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:58:38:468 1700 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
15:58:38:578 1700 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:58:38:781 1700 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:58:38:828 1700 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:58:38:875 1700 BCM43XX (c3ab2d6954c7b5103770832a3a6a591b) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:58:39:000 1700 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
15:58:39:015 1700 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:58:39:062 1700 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:58:39:078 1700 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:58:39:093 1700 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:58:39:125 1700 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:58:39:421 1700 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:58:39:546 1700 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:58:39:578 1700 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:58:39:609 1700 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:58:39:640 1700 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:58:39:671 1700 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:58:39:812 1700 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:58:39:843 1700 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:58:39:921 1700 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:58:40:062 1700 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
15:58:40:078 1700 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
15:58:40:109 1700 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
15:58:40:140 1700 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
15:58:40:171 1700 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
15:58:40:187 1700 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
15:58:40:218 1700 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
15:58:40:265 1700 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
15:58:40:281 1700 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
15:58:40:390 1700 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:58:40:578 1700 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:58:40:609 1700 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:58:40:656 1700 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:58:40:703 1700 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:58:40:734 1700 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:58:40:796 1700 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
15:58:40:828 1700 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
15:58:40:859 1700 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:58:40:937 1700 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:58:40:984 1700 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:58:41:046 1700 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:58:41:078 1700 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:58:41:265 1700 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:58:41:296 1700 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:58:41:343 1700 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:58:41:421 1700 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:58:41:453 1700 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:58:41:531 1700 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
15:58:41:625 1700 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
15:58:41:875 1700 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
15:58:41:984 1700 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:58:42:046 1700 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:58:42:078 1700 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:58:42:140 1700 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:58:42:187 1700 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:58:42:359 1700 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:58:42:390 1700 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:58:42:453 1700 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:58:42:484 1700 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:58:42:515 1700 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:58:42:562 1700 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:58:42:593 1700 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:58:42:656 1700 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:58:42:703 1700 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:58:42:734 1700 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:58:42:765 1700 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:58:42:812 1700 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
15:58:43:156 1700 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:58:43:250 1700 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:58:43:343 1700 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:58:43:375 1700 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
15:58:43:406 1700 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:58:43:468 1700 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:58:43:531 1700 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:58:43:609 1700 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:58:44:046 1700 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:58:44:093 1700 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:58:44:187 1700 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:58:44:296 1700 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:58:44:343 1700 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:58:44:390 1700 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:58:44:437 1700 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:58:44:500 1700 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:58:44:578 1700 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
15:58:44:625 1700 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:58:44:656 1700 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:58:44:687 1700 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:58:44:718 1700 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:58:44:750 1700 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
15:58:44:796 1700 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:58:44:890 1700 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:58:44:921 1700 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:58:45:046 1700 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:58:45:093 1700 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:58:45:187 1700 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:58:45:296 1700 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:58:45:515 1700 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:58:45:531 1700 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:58:45:609 1700 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:58:45:687 1700 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
15:58:45:718 1700 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:58:45:765 1700 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:58:45:796 1700 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:58:45:828 1700 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:58:45:921 1700 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:58:46:140 1700 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:58:46:265 1700 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:58:46:328 1700 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:58:46:375 1700 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:58:46:406 1700 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:58:46:453 1700 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:58:46:515 1700 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:58:46:578 1700 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:58:46:609 1700 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:58:46:640 1700 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:58:46:671 1700 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:58:46:687 1700 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:58:46:718 1700 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:58:46:765 1700 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:58:47:031 1700 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:58:47:093 1700 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:58:47:125 1700 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:58:47:156 1700 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:58:47:203 1700 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:58:47:250 1700 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
15:58:47:281 1700 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:58:47:375 1700 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
15:58:47:437 1700 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
15:58:47:546 1700 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
15:58:47:671 1700 SbieDrv (822ec1a44033f544392f93cbceeeef8e) C:\Program Files\Sandboxie\SbieDrv.sys
15:58:47:765 1700 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:58:47:828 1700 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:58:47:875 1700 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:58:47:906 1700 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:58:47:984 1700 setup_9.0.0.722_11.03.2010_22-30drv (66ef49622baa18e4d4f1fe4bae1d51b8) C:\WINDOWS\system32\DRIVERS\3655729.sys
15:58:48:078 1700 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:58:48:109 1700 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:58:48:234 1700 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
15:58:48:281 1700 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:58:48:312 1700 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:58:48:343 1700 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:58:48:437 1700 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
15:58:48:500 1700 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
15:58:48:562 1700 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
15:58:48:609 1700 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:58:48:640 1700 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:58:48:718 1700 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:58:48:781 1700 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:58:48:953 1700 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:58:48:984 1700 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:58:49:015 1700 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:58:49:093 1700 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:58:49:140 1700 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:58:49:171 1700 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:58:49:218 1700 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:58:49:234 1700 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:58:49:265 1700 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:58:49:296 1700 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:58:49:390 1700 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:58:49:468 1700 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:58:49:562 1700 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:58:49:640 1700 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:58:49:671 1700 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:58:49:734 1700 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:58:49:765 1700 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:58:49:796 1700 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:58:49:843 1700 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:58:49:875 1700 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:58:49:921 1700 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:58:50:078 1700 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:58:50:187 1700 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:58:50:359 1700 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
15:58:50:421 1700 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:58:50:500 1700 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:58:50:546 1700 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:58:50:625 1700 WUSB54GPV4SRV (790d0a1eff8ca30776051445d0487cdb) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
15:58:50:640 1700
15:58:50:640 1700 Completed
15:58:50:640 1700
15:58:50:640 1700 Results:
15:58:50:640 1700 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
15:58:50:640 1700 File objects infected / cured / cured on reboot: 0 / 0 / 0
15:58:50:640 1700
15:58:50:656 1700 KLMD(ARK) unloaded successfully

***TDSS #4***
15:59:25:781 3468 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
15:59:25:781 3468 ================================================================================
15:59:25:781 3468 SystemInfo:

15:59:25:781 3468 OS Version: 5.1.2600 ServicePack: 3.0
15:59:25:781 3468 Product type: Workstation
15:59:25:781 3468 ComputerName: D2SQ4L91
15:59:25:781 3468 UserName: Owner
15:59:25:781 3468 Windows directory: C:\WINDOWS
15:59:25:781 3468 System windows directory: C:\WINDOWS
15:59:25:781 3468 Processor architecture: Intel x86
15:59:25:781 3468 Number of processors: 1
15:59:25:781 3468 Page size: 0x1000
15:59:25:796 3468 Boot type: Normal boot
15:59:25:796 3468 ================================================================================
15:59:26:218 3468 Initialize success
15:59:26:218 3468
15:59:26:218 3468 Scanning Services ...
15:59:26:734 3468 Raw services enum returned 382 services
15:59:26:750 3468
15:59:26:750 3468 Scanning Drivers ...
15:59:27:484 3468 36557291 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\36557291.sys
15:59:27:515 3468 36557292 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\36557292.sys
15:59:27:578 3468 Aavmker4 (a5246ed2586aa807af0bcf63165a71cc) C:\WINDOWS\system32\drivers\Aavmker4.sys
15:59:27:640 3468 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:59:27:718 3468 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:59:27:750 3468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:59:27:781 3468 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:59:27:828 3468 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:59:27:906 3468 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:59:27:968 3468 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
15:59:28:062 3468 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:59:28:187 3468 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:59:28:234 3468 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:59:28:265 3468 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:59:28:296 3468 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:59:28:328 3468 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:59:28:359 3468 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:59:28:375 3468 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:59:28:406 3468 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:59:28:484 3468 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
15:59:28:546 3468 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
15:59:28:609 3468 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:59:28:656 3468 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:59:28:687 3468 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:59:28:828 3468 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:59:28:890 3468 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
15:59:28:968 3468 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:59:29:000 3468 aswMon2 (81432b1a4b31036c822eb967decf613c) C:\WINDOWS\system32\drivers\aswMon2.sys
15:59:29:031 3468 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:\WINDOWS\system32\drivers\aswRdr.sys
15:59:29:062 3468 aswSP (d78b644816db540e103d0b0766fd9967) C:\WINDOWS\system32\drivers\aswSP.sys
15:59:29:093 3468 aswTdi (606d731008d98b6ef946730c597c1642) C:\WINDOWS\system32\drivers\aswTdi.sys
15:59:29:140 3468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:59:29:203 3468 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
15:59:29:312 3468 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:59:29:562 3468 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:59:29:609 3468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:59:29:656 3468 BCM43XX (c3ab2d6954c7b5103770832a3a6a591b) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:59:29:687 3468 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
15:59:29:703 3468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:59:29:750 3468 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:59:29:765 3468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:59:29:781 3468 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:59:29:812 3468 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:59:29:843 3468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:59:29:875 3468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:59:29:921 3468 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:59:29:953 3468 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:59:29:984 3468 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:59:30:015 3468 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:59:30:171 3468 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:59:30:203 3468 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:59:30:281 3468 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:59:30:390 3468 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
15:59:30:421 3468 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
15:59:30:468 3468 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
15:59:30:500 3468 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
15:59:30:531 3468 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
15:59:30:546 3468 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
15:59:30:578 3468 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
15:59:30:625 3468 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
15:59:30:640 3468 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
15:59:30:718 3468 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:59:30:968 3468 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:59:31:218 3468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:59:31:265 3468 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:59:31:312 3468 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:59:31:343 3468 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:59:31:406 3468 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
15:59:31:437 3468 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
15:59:31:468 3468 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:59:31:500 3468 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:59:31:531 3468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:59:31:578 3468 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:59:31:750 3468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:59:31:828 3468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:59:31:859 3468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:59:31:890 3468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:59:31:984 3468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:59:32:031 3468 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:59:32:109 3468 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
15:59:32:187 3468 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
15:59:32:390 3468 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
15:59:32:484 3468 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:59:32:562 3468 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:59:32:578 3468 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:59:32:640 3468 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:59:32:687 3468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:59:32:734 3468 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:59:32:859 3468 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:59:32:921 3468 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:59:32:953 3468 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:59:33:000 3468 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:59:33:031 3468 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:59:33:078 3468 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:59:33:109 3468 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:59:33:171 3468 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:59:33:203 3468 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:59:33:234 3468 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:59:33:281 3468 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
15:59:33:312 3468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:59:33:375 3468 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:59:33:562 3468 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:59:33:593 3468 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
15:59:33:640 3468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:59:33:703 3468 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:59:33:765 3468 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:59:33:843 3468 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:59:33:890 3468 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:59:33:937 3468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:59:34:015 3468 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:59:34:171 3468 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:59:34:203 3468 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:59:34:218 3468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:59:34:250 3468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:59:34:296 3468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:59:34:328 3468 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
15:59:34:359 3468 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:59:34:390 3468 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:59:34:468 3468 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:59:34:546 3468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:59:34:578 3468 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
15:59:34:593 3468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:59:34:640 3468 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:59:34:671 3468 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:59:34:812 3468 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:59:34:859 3468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:59:34:921 3468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:59:35:031 3468 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:59:35:203 3468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:59:35:218 3468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:59:35:296 3468 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:59:35:328 3468 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
15:59:35:375 3468 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:59:35:406 3468 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:59:35:453 3468 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:59:35:484 3468 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:59:35:531 3468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:59:35:562 3468 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:59:35:640 3468 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:59:35:671 3468 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:59:35:687 3468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:59:35:734 3468 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:59:35:765 3468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:59:35:953 3468 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:59:36:015 3468 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:59:36:031 3468 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:59:36:062 3468 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:59:36:093 3468 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:59:36:109 3468 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:59:36:140 3468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:59:36:218 3468 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:59:36:234 3468 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:59:36:265 3468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:59:36:312 3468 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:59:36:343 3468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:59:36:375 3468 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:59:36:531 3468 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
15:59:36:562 3468 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:59:36:625 3468 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
15:59:36:656 3468 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
15:59:36:687 3468 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
15:59:36:812 3468 SbieDrv (822ec1a44033f544392f93cbceeeef8e) C:\Program Files\Sandboxie\SbieDrv.sys
15:59:36:859 3468 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:59:36:937 3468 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:59:37:000 3468 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:59:37:156 3468 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:59:37:234 3468 setup_9.0.0.722_11.03.2010_22-30drv (66ef49622baa18e4d4f1fe4bae1d51b8) C:\WINDOWS\system32\DRIVERS\3655729.sys
15:59:37:281 3468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:59:37:328 3468 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:59:37:390 3468 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
15:59:37:437 3468 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:59:37:468 3468 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:59:37:515 3468 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:59:37:578 3468 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
15:59:37:625 3468 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
15:59:37:796 3468 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
15:59:37:843 3468 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:59:37:921 3468 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:59:37:953 3468 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:59:37:968 3468 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:59:38:015 3468 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:59:38:046 3468 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:59:38:078 3468 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:59:38:140 3468 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:59:38:187 3468 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:59:38:218 3468 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:59:38:250 3468 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:59:38:375 3468 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:59:38:453 3468 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:59:38:484 3468 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:59:38:562 3468 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:59:38:609 3468 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:59:38:671 3468 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:59:38:718 3468 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:59:38:750 3468 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:59:38:781 3468 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:59:38:812 3468 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:59:38:843 3468 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:59:39:015 3468 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:59:39:046 3468 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:59:39:093 3468 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:59:39:140 3468 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:59:39:250 3468 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:59:39:328 3468 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
15:59:39:359 3468 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:59:39:421 3468 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:59:39:578 3468 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:59:39:656 3468 WUSB54GPV4SRV (790d0a1eff8ca30776051445d0487cdb) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
15:59:39:656 3468
15:59:39:656 3468 Completed
15:59:39:656 3468
15:59:39:656 3468 Results:
15:59:39:671 3468 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
15:59:39:671 3468 File objects infected / cured / cured on reboot: 0 / 0 / 0
15:59:39:671 3468
15:59:39:671 3468 KLMD(ARK) unloaded successfully

Attached File(s)

Dump.zip (578bytes)
Number of downloads: 20

#6 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 15 August 2010 - 03:11 PM

Hi,

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

#7 robert1971

Group: Member
Posts: 45
Joined: 27-February 06

Posted 15 August 2010 - 05:14 PM

Thank you.....Here is the Combofix log:

ComboFix 10-08-15.01 - Owner 08/15/2010 15:24:56.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.297 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\invokesi.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.

2010-08-15 20:28 . 2010-08-15 20:28 52432 ----a-w- c:\windows\system32\drivers\klmd.sys
2010-08-15 19:43 . 2010-08-15 19:43 -------- dc----w- C:\_OTL
2010-08-15 19:41 . 2010-08-15 19:41 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-36eef276-n\decora-sse.dll
2010-08-15 19:41 . 2010-08-15 19:41 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-36eef276-n\decora-d3d.dll
2010-08-15 19:41 . 2010-08-15 19:41 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-314b65b9-n\msvcp71.dll
2010-08-15 19:41 . 2010-08-15 19:41 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-314b65b9-n\msvcr71.dll
2010-08-15 19:41 . 2010-08-15 19:41 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-314b65b9-n\jmc.dll
2010-08-11 04:24 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-08 07:35 . 2010-08-14 20:47 -------- d-----w- c:\program files\Sandboxie
2010-08-07 23:03 . 2009-06-11 23:34 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS
2010-08-07 23:01 . 2010-08-07 23:43 -------- dc----w- C:\Netgear

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 18:56 . 2006-04-27 20:37 71072 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-06 00:45 . 2010-03-01 19:31 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-10 18:30 . 2009-12-24 06:42 -------- d-----w- c:\program files\Full Tilt Poker
2010-07-10 18:27 . 2010-01-29 05:28 -------- d-----w- c:\program files\DoylesRoom
2010-06-30 12:31 . 2005-08-16 10:18 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-03-05 21:21 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-03-05 21:21 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-03-05 21:21 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-03-05 21:21 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-03-05 21:21 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-03-05 21:21 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-03-05 21:21 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-03-05 21:21 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 12:22 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2005-08-16 10:18 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-22 00:16 . 2009-11-14 20:27 256 ----a-w- c:\windows\system32\pool.bin
2010-06-21 20:10 . 2010-06-21 20:10 26694 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3080A282-1DD2-4B3D-80CA-B9E73D182F7B}\BlackBerry.exe
2010-06-21 20:08 . 2009-11-13 02:42 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-06-21 19:46 . 2010-06-21 19:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Research In Motion
2010-06-21 19:37 . 2006-03-18 20:36 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-06-21 19:37 . 2006-03-18 20:48 -------- d-----w- c:\program files\Roxio
2010-06-21 19:35 . 2009-12-15 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-06-21 19:29 . 2010-06-21 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-06-21 18:38 . 2006-03-18 20:36 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-06-21 15:27 . 2006-03-18 20:09 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-21 05:55 . 2010-06-21 05:55 53248 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{B2F3FB19-D848-479C-818E-130ABC9366DB}\ARPPRODUCTICON.exe
2010-06-17 14:03 . 2005-08-16 10:18 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-08-16 10:40 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2005-08-16 10:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-05-27 21:18 . 2010-05-27 21:18 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-348ab3e6-n\msvcp71.dll
2010-05-27 21:18 . 2010-05-27 21:18 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-348ab3e6-n\msvcr71.dll
2010-05-27 21:18 . 2010-05-27 21:18 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-348ab3e6-n\jmc.dll
2010-05-27 21:18 . 2010-05-27 21:18 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-34382c6b-n\decora-sse.dll
2010-05-27 21:18 . 2010-05-27 21:18 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-34382c6b-n\decora-d3d.dll
2006-11-04 05:04 . 2006-04-30 21:28 56 --sh--r- c:\windows\system32\A5797293A0.sys
2006-11-04 05:04 . 2006-04-30 21:28 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-08-09 389352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="1 (0x1)" [X]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"BuildBU"="c:\dell\bldbubg.exe" [2006-03-18 61440]
"Tweak UI"="TWEAKUI.CPL" [2000-06-26 102256]
"dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"XeroxBackgroundTask"="c:\windows\system32\x85xbgnd.exe" [2006-08-02 60928]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-18 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58403:TCP"= 58403:TCP:Pando Media Booster
"58403:UDP"= 58403:UDP:Pando Media Booster

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/5/2010 2:21 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/5/2010 2:21 PM 17744]
S3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys [8/15/2010 1:28 PM 52432]
.
Contents of the 'Scheduled Tasks' folder

2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 01:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Visit in &3D using ExitReality - http://3d.exitrealit...mogrifyPage.htm
DPF: {245338C3-BCA3-4A2C-A7B7-53345999A8E8} - hxxp://www.angelswin.com/forum/registered/wspellam.cab
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmd23.sys
SafeBoot-klmdb.sys

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-15 15:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-965124586-4201168617-2146280858-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F0271C5-524F-FCC5-139F-D00AF3E293A0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaablojmfmjpmfcahf"=hex:6b,61,6d,65,6a,6f,64,69,6e,6f,6a,6c,65,61,65,6f,6c,65,
6c,6e,6e,6e,00,00
"hagajpmnpboijhef"=hex:69,61,63,63,6d,6e,6f,65,69,6c,6d,62,67,6e,6f,63,6e,70,
00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-08-15 15:46:21
ComboFix-quarantined-files.txt 2010-08-15 22:46

Pre-Run: 4,775,915,520 bytes free
Post-Run: 4,767,682,560 bytes free

- - End Of File - - F8C0BCCA4E6CBC6049B115972478F31F

#8 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 15 August 2010 - 08:24 PM

Hi,

Please try to update Java again. You can use this alternative download location.

Then..

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

#9 robert1971

Group: Member
Posts: 45
Joined: 27-February 06

Posted 15 August 2010 - 11:42 PM

I was able to finally get the java update downloaded.

Thanks for the link!

I had a question....should I delete the Java 6 update 3 & 7?

Computer seems like it is performing a little better.

And it looks like ESET found something........

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c76ba0c9f151c74bb377c8b2d53fa1de
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-16 05:29:50
# local_time=2010-08-15 10:29:50 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 14021390 14021390 0 0
# compatibility_mode=1024 16777215 100 0 62322680 62322680 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=89297
# found=1
# cleaned=1
# scan_time=8331
C:\Documents and Settings\Owner\Desktop\GooredFix Backups\C\Documents and Settings\Owner\Local Settings\Application Data\{92EE8920-6E9C-4864-8DD9-C9948CD49734}\chrome\content\overlay.xul probably a variant of Win32/Agent.NVQFFQI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#10 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 16 August 2010 - 12:40 AM

Hi,

Yes, please delete the old Java updates.
ESET found a Goored infection which you must have already removed.

Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.

#11 robert1971

Group: Member
Posts: 45
Joined: 27-February 06

Posted 16 August 2010 - 05:18 AM

The computer has improved considerably from where we were at in the beginning. Thank you!

Here is the OTL log:

OTL logfile created on: 8/15/2010 11:51:49 PM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 118.00 Mb Available Physical Memory | 23.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.55 Gb Total Space | 4.52 Gb Free Space | 13.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D2SQ4L91
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\dcmsvc\dcmsvc.exe ()
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\xerox\Phaser 8510_8560\x85xzpui.exe (Xerox Corporation)
PRC - C:\WINDOWS\system32\x85xbgnd.exe ()
PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (PuranDefrag) -- C:\WINDOWS\System32\PuranDefragS.exe (Puran Software)
SRV - (GameConsoleService) -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)

========== Driver Services (SafeList) ==========

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
DRV - (catchme) -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys File not found
DRV - (klmd23) -- C:\WINDOWS\system32\drivers\klmd.sys (Kaspersky Lab, SLA)
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (WUSB54GPV4SRV) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...-rel&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...-rel&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.tsoxprid: "ZKfox002RWUS"
FF - prefs.js..browser.search.param.tsoxtbid: "68014B9E-05C8-417D-B638-D0247751F9F8-TS"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.4.0.82
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

[2008/12/16 21:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/07/11 15:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7dmr1hrn.default\extensions
[2010/07/11 15:27:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7dmr1hrn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/06 20:27:49 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7dmr1hrn.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2010/08/07 23:19:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/28 18:59:04 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2008/09/15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2010/08/15 15:38:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Oracle)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [BuildBU] c:\dell\bldbubg.exe ()
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShowLOMControl] Reg Error: Invalid data type. File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [Tweak UI] C:\WINDOWS\System32\TWEAKUI.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [XeroxBackgroundTask] C:\WINDOWS\System32\x85xbgnd.exe ()
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Oracle)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.taylorbe...criptx/smsx.cab (MeadCo ScriptX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.5)
O16 - DPF: {245338C3-BCA3-4A2C-A7B7-53345999A8E8} http://www.angelswin...ed/wspellam.cab (WSpell ActiveX Spelling Checker V5.15)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1146162100312 (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.w...ler/install.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://139.182.204.3...sCamControl.ocx (CamImage Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://rim.webex.co...ort/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/02 09:30:16 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/08/15 20:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/08/15 19:53:08 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/15 19:53:08 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/08/15 19:53:08 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/08/15 19:53:08 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/08/15 15:19:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/15 15:19:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/15 15:19:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/15 15:19:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/15 15:18:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/15 13:28:26 | 000,052,432 | ---- | C] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmd.sys
[2010/08/15 12:43:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/11 11:23:58 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/11 11:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SuspectedVirus
[2010/08/10 21:24:30 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/08 00:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2010/08/07 16:03:25 | 000,049,904 | R--- | C] (Avanquest Software) -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS
[2010/08/07 16:01:57 | 000,000,000 | ---D | C] -- C:\Netgear
[2010/07/11 15:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller
[2010/07/11 15:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GooredFix Backups
[2010/07/11 15:37:36 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/06/30 17:25:08 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2010/06/21 12:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
[2010/06/21 12:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/06/10 19:13:45 | 000,000,000 | ---D | C] -- C:\918c0e9b0758cc051419
[2010/06/07 15:45:32 | 159,724,984 | ---- | C] (Research In Motion Ltd. ) -- C:\Documents and Settings\Owner\Desktop\T-Mobile_BlackBerry_Bold_9700_5.0.0.586.exe
[2010/05/27 13:57:02 | 000,758,272 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\xnt8560u.dll
[2010/05/27 13:57:02 | 000,161,280 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\xrx8560u.dll
[2010/05/27 13:57:01 | 000,204,288 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\x85xmrdv.dll
[2010/05/27 13:57:01 | 000,192,000 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\x85xcpl.cpl
[2010/05/27 13:57:01 | 000,158,208 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\x85xcpst.dll
[2010/05/27 13:57:01 | 000,097,792 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\x85xtcoi.dll
[2010/05/27 13:57:01 | 000,034,304 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\x85xcost.dll
[2010/05/27 13:57:01 | 000,031,232 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\x85xusd.dll
[2010/05/25 10:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\PK-2
[1 C:\Documents and Settings\Owner\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/15 19:52:11 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/08/15 19:52:11 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/08/15 19:52:10 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/08/15 19:52:10 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/15 19:52:08 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/15 19:42:58 | 000,001,274 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010/08/15 15:50:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/15 15:50:14 | 536,281,088 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/15 15:49:22 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/08/15 15:48:52 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/08/15 15:38:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/15 15:38:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/15 15:14:31 | 003,817,761 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/08/15 13:28:26 | 000,052,432 | ---- | M] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmd.sys
[2010/08/15 13:16:59 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dump.zip
[2010/08/15 13:15:00 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dump.dat
[2010/08/15 11:20:59 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/08/15 10:51:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/15 09:39:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/14 13:47:37 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Sandboxed Web Browser.lnk
[2010/08/14 13:47:37 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2010/08/14 12:44:21 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/14 12:06:40 | 000,000,774 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/14 11:55:55 | 000,514,040 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/14 11:55:55 | 000,450,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/14 11:55:55 | 000,074,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/13 21:33:57 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/13 21:33:49 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/11 11:56:52 | 000,071,072 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/11 11:24:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/11 10:41:45 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/08/07 16:11:01 | 000,388,118 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dnsinfo.bmp
[2010/08/05 17:45:52 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/17 16:13:51 | 000,163,999 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\kfc.pdf
[2010/06/30 17:25:08 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2010/06/28 13:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 13:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 13:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 13:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 13:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 13:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 13:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 13:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 13:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/21 17:16:26 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/06/21 17:15:49 | 011,683,173 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Backup-(2010-06-21).ipd
[2010/06/21 12:29:46 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/06/21 12:14:04 | 230,487,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BlackBerryDesktopManager_v 5.0.1_English_Media_Mgr.exe
[2010/06/20 22:45:22 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pool.bin
[2010/06/20 21:51:48 | 020,248,098 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Backup-(2010-06-20).ipd
[2010/06/13 22:48:30 | 019,542,955 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Backup-(2010-06-13).ipd
[2010/06/08 21:44:56 | 000,015,910 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Copy of InternetLeads.xml
[2010/06/07 16:26:43 | 020,872,094 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\LoaderBackup-(2010-06-07).ipd
[2010/06/07 15:47:50 | 159,724,984 | ---- | M] (Research In Motion Ltd. ) -- C:\Documents and Settings\Owner\Desktop\T-Mobile_BlackBerry_Bold_9700_5.0.0.586.exe
[2010/06/07 15:14:53 | 020,855,391 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Backup-(2010-06-07).ipd
[2010/05/27 19:29:36 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Outlook 2003.lnk
[2010/05/27 13:56:12 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Xerox Support Centre.lnk
[2010/05/27 11:35:54 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tony sanchez real estate flyer.xls
[2010/05/25 10:47:15 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[1 C:\Documents and Settings\Owner\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/15 15:19:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/15 15:19:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/15 15:19:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/15 15:14:30 | 003,817,761 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/08/15 13:16:59 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dump.zip
[2010/08/15 13:15:00 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dump.dat
[2010/08/15 11:20:59 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/08/14 13:48:04 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Sandboxed Web Browser.lnk
[2010/08/14 13:48:04 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2010/08/14 13:48:01 | 000,001,274 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/08/11 10:41:40 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/08/07 16:11:00 | 000,388,118 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dnsinfo.bmp
[2010/07/17 16:13:50 | 000,163,999 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\kfc.pdf
[2010/06/21 17:15:49 | 011,683,173 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Backup-(2010-06-21).ipd
[2010/06/21 12:29:45 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/06/21 12:12:17 | 230,487,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BlackBerryDesktopManager_v 5.0.1_English_Media_Mgr.exe
[2010/06/20 21:51:48 | 020,248,098 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Backup-(2010-06-20).ipd
[2010/06/13 22:48:30 | 019,542,955 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Backup-(2010-06-13).ipd
[2010/06/08 21:44:55 | 000,015,910 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Copy of InternetLeads.xml
[2010/06/07 16:26:43 | 020,872,094 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\LoaderBackup-(2010-06-07).ipd
[2010/06/07 15:14:53 | 020,855,391 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Backup-(2010-06-07).ipd
[2010/05/27 13:57:03 | 000,006,600 | ---- | C] () -- C:\WINDOWS\System32\xrxbeacn.tlb
[2010/05/27 13:57:02 | 000,184,832 | ---- | C] () -- C:\WINDOWS\System32\xrxbeacn.exe
[2010/05/27 13:57:02 | 000,128,512 | ---- | C] () -- C:\WINDOWS\System32\xnetsrvc.exe
[2010/05/27 13:57:02 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\xrxbcnps.dll
[2010/05/27 13:57:02 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\xnetsrvc.dll
[2010/05/27 13:57:01 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\xlibeay.dll
[2010/05/27 13:57:01 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\x85xbgnd.exe
[2010/05/27 13:56:56 | 000,001,125 | ---- | C] () -- C:\WINDOWS\System32\default.xst
[2010/05/27 13:56:12 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Xerox Support Centre.lnk
[2010/05/27 11:35:54 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tony sanchez real estate flyer.xls
[2009/10/08 18:43:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/04/05 00:41:51 | 000,000,299 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/03/04 18:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/10/31 09:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/05/02 16:16:34 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2006/05/02 16:14:14 | 000,003,679 | ---- | C] () -- C:\WINDOWS\GrAddrBk.ini
[2006/05/02 16:14:14 | 000,000,995 | ---- | C] () -- C:\WINDOWS\GRACE.INI
[2006/05/02 16:14:14 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2006/05/02 16:14:11 | 000,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2006/05/02 16:12:59 | 000,001,002 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2006/05/02 12:14:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/30 14:28:38 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/30 14:28:38 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\A5797293A0.sys
[2006/04/30 14:11:41 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/04/27 11:16:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/03/18 13:52:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/18 13:48:37 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/18 13:10:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2006/03/18 13:10:48 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini
[2006/03/18 13:09:52 | 000,000,786 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2010/03/05 14:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2005/08/16 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2007/02/08 21:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MANSION
[2009/03/28 19:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/06/21 12:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/04/10 15:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/03/18 13:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/08 14:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/12/15 14:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2009/02/25 01:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ContentGuard
[2006/04/27 14:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/01/16 23:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Microgaming
[2010/06/21 12:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
[2010/03/06 20:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sling Media
[2007/05/07 20:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2009/08/08 14:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildTangent

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#12 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 16 August 2010 - 06:23 AM

Hi,

Congratulations, your computer appears clean

Let's remove the tools we've been using.

Please follow these steps.

-- Step 1 --

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

-- Step 2 --

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Here are some measures you can take to ensure that your computer remains clean.

1. Updates

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

Click Start
Select Control Panel
Click on Automatic (recommended)
Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
Click Apply then OK.

Java Updates

As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

Click Start
Select Control Panel
Select Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

Adobe Updates

Your Adobe reader needs updating. You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

Other Updates

Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc

2. Security Programs

Here is a list of security programs that I would recommend.

Firewall

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.

Antivirus

An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.

Avast
Avira Free

Anti-Malware

Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.

Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.

Prevention

SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.

Cleaner

ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.

Browser

Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.

#13 robert1971

Group: Member
Posts: 45
Joined: 27-February 06

Posted 16 August 2010 - 08:53 PM

Thank you! Seems to be running better

#14 robert1971

Group: Member
Posts: 45
Joined: 27-February 06

Posted 16 August 2010 - 08:54 PM

Thank you! Seems to be running better

#15 hammerman

Group: Member
Posts: 4,183
Joined: 28-November 08

Posted 16 August 2010 - 08:58 PM

Hi,

That's good news. Stay safe

Back to Virus, Spyware, Malware Removal

Share this topic:

2 Pages
1
2
→

Please log in to reply

Trojan.MultipleAV.Gen - Geeks to Go Forums